“Over the years, phishing attacks have changed, as with most things, and have been segmented into different groups of variants.” –Me
If there is one thing you can say about cybercriminals, it’s that they are adaptive. As I mentioned last week, phishing attacks have evolved from just fake web pages and official looking emails to fake web pages and official looking posts and messages through social networks and online games. In fact, social networking itself has been the catalyst that spawned a whole new breed of phishing attacks and the worst part is, it’s easier now.
In this post, we will expand on our Phishing 101 series by discussing the more modern and more unique side to phishing, namely ‘Spear Phishing’ and phishing on the social media highway.
The recent attack on the Serious Organized Crime Agency (SOCA), most likely in response to the 36 data selling sites shut down a few weeks ago, lead to the admission by high ranking SOCA officials that the Ministry of Defense networks need to “beef up their security.” In response to this we would like to present solutions for protecting networks and systems from external attacks such as what happened with the MoD. In addition, we will provide a quick run-down of various security practices which, when not followed, can leave doors open for malicious actors attempting to gain access to internal networks, not only for the MoD but any organization or personal user.
The attack which was launched against the MoD was a DDoS attack. DDoS stands for Distributed Denial of Service and is launched by what is referred to as a bot network or “botnet.” A botnet consists of a group of compromised systems which have been infected by a malware implant, or “bot.” The implant will beacon back to a central controller and receive further commands by the person running the botnet or a “Bot Herder.” In the case of a DDOS attack, every bot will send large amounts of network traffic in the direction of one particular server. A web server will often have limits as to how many simultaneous conversations it can have with another system. Therefore, when tens of thousands of infected systems begin a conversation with the same server, the flood of traffic will block legitimate users from being able to communicate with the web server. If continued, this can overload the server and potentially crash it. It’s like trying to shake hands with 100 people at once. A high level approach to preventing DDOS attacks would be to utilize redundant systems which could absorb some of the connection load in the case of an attack or heavy traffic, while still keeping the web site available to legitimate users.
At Malwarebytes we are a bit obsessed with protecting our users, which causes us to approach our jobs from all sorts of different angles. One of my favorite aspects of this is how we tackle malware right at its source: the servers that deliver it. Our team works around the clock to identify and block the sites pushing exploits and malicious software to our users. Blocking is just one small aspect of this though—what most people don’t realize is the effort we take to clean that malware up so that no one anywhere, whether a user of our software or not, can be infected by it.