Yes, it's ridiculous and shocking that such a relativity simple attack can cause so much damage. With some user eduction and the usage of security tools like HIPS/anti-loggers you can easily stop this. I already mentioned this in another thread, see link. https://www.wilderssecurity.com/thre...ed-hips-discussion.372859/page-7#post-2502049
Employee gets email requesting transaction of money to another account. Email seems to come from their boss (email address similar to their boss'). So they transfer the money thinking it is a legit payment (let's say paying an invoice from their supplier). Please explain me how HIPS / anti-loggers can help here.
Actual this is about corporate IT security training. Of course, security and training have always been on the bottom of most corps. budget criteria. It does show however, the deplorable current state of most e-mail security scanning software. For a developer wanting to make a bundle, this is where I would concentrate my resources.
Yes, it's mostly about training, always double-checking info about payments delivered through email and similar. Install and forget solutions IMO won't work here.
It depends on the type of attack. The most simple attacks work like the way you described, but the more advanced ones are using malware like the HawkEye trojan to infiltrate corporate networks, in order to increase the chance of a successful attack. That's why I said that both user education and security tools are needed.
American company lost $100 million to BEC fraud http://securityaffairs.co/wordpress/46385/cyber-crime/100m-bec-fraud.html
Company Fires CEO After Falling Victim to $56-Million Online Scam http://news.softpedia.com/news/comp...ng-victim-56-million-online-scam-504519.shtml
"HawkEye [not hawki] malware: Hackers using 'versatile' data-stealing Trojan in multiple new phishing attacks Security experts have seen HawkEye infecting various global organisations across multiple sectors... A new data-stealing malware dubbed HawkEye is now being increasingly used by hackers in multiple new phishing campaigns. Security experts said that the distribution of the malware increased after it was put on sale on a "public-facing website."... HawkEye also comes with keylogger and screenshot taking features. The malware sends data such as server name, OS, installed language and more to its C&C server. Alarmingly, HawkEye is also capable of spreading via USB and can steal Bitcoin wallets as well..." http://www.ibtimes.co.uk/hawkeye-ma...-trojan-multiple-new-phishing-attacks-1633136
Here's the FireEye detailed analysis: https://www.fireeye.com/blog/threat...malware-distributed-in-phishing-campaign.html For starters, the payload is contained within a .docx attachment. If Word is configured to open in protected mode, the default mode, OLE malicious payload can't run. A similar attack involving a Word exploit using OLE happened here: https://arstechnica.co.uk/informati...-in-the-wild-exploit-critical-microsoft-0day/ . Makes me believe, that applying the registry hacks shown in that article, especially the RTF one, might not be a bad idea. Also RTF can be disabled via Word security settings.
