Phishing Dark Waters. Fincher Michele. Читать онлайн. Newlib. NEWLIB.NET

Автор: Fincher Michele
Издательство: John Wiley & Sons Limited
Серия:
Жанр произведения: Зарубежная образовательная литература
Год издания: 0
isbn: 9781118958483
Скачать книгу
a bunch of malware, including a key logger that tracked everything he typed in the weeks to come. This breach allowed the Chinese attackers to gain access to the internal corporate network and mine data for weeks before being discovered.

      This breach occurred in February 2009, and Coca-Cola wasn't aware of it until the FBI informed the company in March. By then a great deal of sensitive data had been stolen. This was days before Coca-Cola's $2.4B attempt to purchase a Chinese soft drink manufacturer, which ultimately failed. It would have been the largest acquisition of a Chinese company by a foreign entity to date. There are conflicting reports as to why the acquisition failed, but at least one security organization claims it was due to critical information regarding strategy and pricing being leaked to the opposite side, which deprived Coca-Cola of the ability to negotiate the deal.

As mentioned earlier, the hack of the AP was impressive based solely on the sheer impact that one tweet had on the stock market.14 The way the attackers got in, however, was a simple spear phish that was sent to select AP staffers from what appeared to be a colleague (see Figure 1.5).

Figure 1.5 Associated Press spear phish

      Although this e-mail is pretty vague, consider that it came from a “known” source and appeared to point to a legitimate page on The Washington Post site. Victims who clicked the link in the message were sent to a spoofed website that collected their login credentials. There's speculation that the spoofed site allowed victims to authenticate with their Twitter credentials, which led to the feed compromise.

      Corporations are clearly as vulnerable to phishing as regular people are despite all of their technical controls and security policies. So what about phish that hit a little closer to home? The following section describes common examples that you may have seen.

Phish in Their Natural Habitat

      We would be doing the topic of phishing a disservice if we didn't start with the Nigerian 419 scam. Also known as the advance-fee fraud, this con is apparently more than 200 years old in practice (as you can imagine, it took a lot longer to get scammed over snail mail, but it still happened). It gets its most modern name because of Nigeria's notoriety as supposedly being a large source of these scams. The number 419 refers to the Nigerian criminal code that addresses fraud.

      You have probably seen a number of variations of this scam. For example, a rich prince has been deposed and needs your help in transferring his vast wealth, or a dying man is trying to make up for being generally unpleasant and needs your help in disbursing funds to charity organizations. Whatever the cover story, a few components are consistent:

      • The amount of money in question is vast.

      • They are trusting you, a complete stranger, to transfer, disburse, or hold the money.

      • You get a cut for your trouble, but you need to do one of the following:

      • Provide your bank account information so they can transfer the money

      • Assist them by paying transfer fees, mostly due to some sort of precarious political or personal situation

      Конец ознакомительного фрагмента.

      Текст предоставлен ООО «ЛитРес».

      Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.

      Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.

      1

      Sara Radicati, PhD, “Email Statistics Report, 2014–2018,” April 2014, http://www.radicati.com/wp/wp-content/uploads/2014/01/Email-Statistics-Report-2014-2018-Executive-Summary.pdf.

      2

      Social-Engineer Infographic, April 28, 2014,

1

Sara Radicati, PhD, “Email Statistics Report, 2014–2018,” April 2014, http://www.radicati.com/wp/wp-content/uploads/2014/01/Email-Statistics-Report-2014-2018-Executive-Summary.pdf.

2

Social-Engineer Infographic, April 28, 2014, http://www.social-engineer.org/resources/social-engineering-infographic/.

3

Geoffrey Ingersoll, “Inside the Clever Hack That Fooled the AP and Caused the DOW to Drop 150 Points,” November 22, 2013, http://www.businessinsider.com/inside-the-ingenious-hack-that-fooled-the-ap-and-caused-the-dow-to-drop-150-points-2013-11.

4

Tim Wilson, “Report: Phishing Attacks Enabled SEA to Crack CNSS's Social Media,” January 1, 2014, http://www.darkreading.com/attacks-breaches/report-phishing-attacks-enabled-sea-to-crack-cnns-social-media/d/d-id/1141215?.

5

Andy Greenberg, “How the Syrian Electronic Army Hacked Us: A Detailed Timeline,” February 20, 2014, http://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/.

6

Danny Yadron, “Alleged Chinese Hacking: Alcoa Breach Relied on Simple Phishing Scam,” May 19, 2014, http://online.wsj.com/news/articles/SB10001424052702303468704579572423369998070.

7

Brett Logiurato, “The US Government Indicts 5 Chinese Military Hackers on Cyberspying Charges,” May 19, 2014, http://www.businessinsider.com/us-china-spying-charges-2014-5.

8

Symantec Official Blog, “Francophoned – A Sophisticated Social Engineering Attack,” August 28, 2013, http://www.symantec.com/connect/blogs/francophoned-sophisticated-social-engineering-attack.

9

Anti-Phishing Working Group, “Phishing Activity Trends Report, 2nd Quarter 2014,” August 29, 2014, http://docs.apwg.org/reports/apwg_trends_report_q2_2014.pdf.

10

Michael Riley, “Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It,” March 13, 2014, http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data#p1.

11

Brian Krebs, “Email Attack on Vendor Set Up Breach at Target,” February 12, 2014, http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/.

Скачать книгу

<p>14</p>

Sarah Perez, “AP Twitter Hack Preceded by a Phishing Attempt, News Org Says,” April 23, 2013, http://techcrunch.com/2013/04/23/ap-twitter-hack-preceded-by-a-phishing-attempt-news-org-says/.