Sophisticated hacking tools and techniques

Hackers have a wide range of hacking tools and techniques at their disposal. Vulnerabilities are constantly emerging, and attackers continue to come up with ways to exploit them and new, more sophisticated attack scenarios. We will talk about them in this article and consider not the most trivial, in our opinion, incidents.

Ghost accounts

Some of the attacker’s tricks are well known to a wider audience, such as social engineering attacks or phishing. But not everyone has heard of ghost account attacks.

At the end of January, Sophos investigated a large-scale attack on corporate resources, followed by infection with the ransomware Nemty. Sophos experts have determined that the intrusion occurred through a high-privileged administrator account. This account belonged to a former employee who passed away three months before the incident.

The company, instead of revoking access and closing the account, decided to keep it active and open because “there were services for which it was used” (c).

Morse code in emails

Phishing emails contain links to malicious sites disguised as safe ones. There, cybercriminals deceive our authentication data or bank card data. “Yes, yes, we know,” many will say. Are you aware of fake emails in which a malicious URL is protected by Morse code?

In February, it became known about a new method of fraud – attackers used Morse code to hide malicious content in email attachments. Below is a description of the attack from the source.

The attack started with an email with an invoice attachment. The email contained an HTML attachment that looked like an Excel file with a title similar to a company invoice, for example, in the format “[company_name] _account_ [number] ._ xlsx.hTML”. When you view the attachment in a text editor, you might find JavaScript that maps letters and numbers to Morse code. For example, the letter “a” appears in “.-” and the letter “b” appears in “- …”. This encoding helps bypass spam filters and email security gateways.

The script then calls the decodeMorse () function to decode the Morse code string into a hexadecimal string. The string is then decoded into JavaScript tags, which are inserted into the HTML page.

When the victim tries to open the file, a fake Excel spreadsheet appears stating that the login timed out and prompted to enter the password again. After the user enters their password, the form will send the password to a remote site where attackers collect credentials. In many cases, the authorization pop-up contains the victim’s company logo to build trust.

Smart and vulnerable

You may have heard the story of how, in 2017, hackers infected the computer network of a petrochemical plant using … a coffee machine. WannaCry, a dangerous ransomware virus, entered the company’s network via an insecure Wi-Fi connection of a smart coffee machine.

You may also know a case when the refrigerator helped hackers implement a MiTM attack and gain access to Gmail and Google account.

And in 2020, cybercriminals tested a new way to penetrate office and home networks – smart bulbs. Hackers, using specific vulnerabilities in them, can penetrate the target IP network to distribute ransomware or spyware.

How the attack takes place: Bulb owners can remotely control lighting and calibrate the color of each bulb through a mobile app.

The hacker discovers the light bulb and intercepts control, changes the color or brightness of the light bulb in order to trick the user into thinking that the light bulb is defective.

The light is displayed as “not available” in the user application. The only way to restart a smart device is to remove it from the app, then re-discover and add it to the network. At this stage, the hacker has already injected malware into the firmware of the light bulb, using the vulnerability of the data transfer protocol. Thus, the user adds the already hacked light bulb back to his network. Now a hacker-controlled lamp with updated firmware allows you to develop an attack on the network, distribute ransomware or spyware.

What conclusions can be drawn from the cases considered:

After an employee has left the company (for any reason), revoke account rights, change passwords from resources available to him and disable service accounts in key systems. Ghost accounts can be especially dangerous if an attacker uses brute force (brute force) and compromises such an account, because they are usually not controlled by anyone. Any ghost account that is allowed to remain connected to corporate resources should at least disable remote connectivity;
Following links from random emails is a bad idea. If in doubt, go directly to the source;
If you purchased a smart device, remember to change the factory password. Stay tuned for software updates, or better configure your av

Recent Articles

Using Advanced SQLmap

What is SQLmap? Sqlmap is a very useful Sql injection tool developed in pyhton language. Basically, it scans the relevant website by trying SQL Payload...

Social Media Disasters

What is Social Media Disaster:A social media disaster is when a brand or a well-known person is somehow humiliated by using social media,...

Cybercriminals Are Targeting Elders

During the Pandemic Period, We Have Elders at the Target of Cyber ​​Criminals.The process of staying at home during the pandemic took a...

How Do Antivirus Programs Work?

What is Antivirus Program? :Antivirus Programs are the main programs to be installed after the Operating System is installed on a computer....

Making the Computer Safer

For you, our valued visitors, we have compiled the things you can do to make your systems more secure:No matter how hard you...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox

en_USEnglish