November 3, 2017 Hacker HiJinx-Human Ways to Steal Data Who We Are? Ethical Hackers & Security Consultants Respond To Incidents & Breaches Perform Digital Forensic Investigations Data Mine Internet Intelligence About The Presentation Common Vulnerabilities We Often See Security Practices Your Users Should Know Best Practices to Harden Security 1
Businesses & People Get Hacked Everyday Too Many To Count 1 Billion Accounts 56 Million Credit Card Owners 45.7 Million Credit Card Owners 32 Million Personal Identities/ Divorces? 80 Million Personal Identities & Healthcare Data Incident/Breach Statistics for 2016 Financial Motive On Average only 3% of the Victims of Spear Phishing Attacks Alerted Information Technology? Confirmed Data Breaches Involved Weak, Default or Stolen Passwords Increase In Ransomware Incidents Sources: 2016 Verizon Data Breach; Symantec IR Response Team, SNT 2016 Annual Report Typical Attack Vectors Hack In From The Internet Hack In From Wireless Hack Over the Phone Lines Hack Web Applications Hack Via Social Engineering Vulnerabilities Are Often Unaddressed 2
Attack Vector Hack In From The Internet Internet Facing Systems Internet Facing Vulnerabilities UNNECESSARY OPEN FIREWALL PORTS Port 80 Port 443 Internet Facing Vulnerabilities UNNECESSARY OPEN FIREWALL PORTS FTP (Port 21) 3
Internet Facing Vulnerabilities UNNECESSARY OPEN FIREWALL PORTS RDP (Port 3389) We See This To Often! Internet Facing Vulnerabilities UNPATCHED SYSTEMS Operating System Updates Third Party Updates Internet Facing Vulnerabilities RUNNING SERVICES Two Factor! PATCH! LEAKEDSOURCE? 4
Accounts in the Database Internet Facing Vulnerabilities Internet Facing Vulnerabilities DEFAULT & WEAK AUTHENTICATION PASSWORD??? Hmmm admin? 5
Internet Facing Vulnerabilities If Successful With Any of the Previous Methods. Gain Shell! SAM File! Security Account Manager (SAM File) PW Dump Internet Facing Vulnerabilities Now We Crack Your Password! I m Admin! Password Cracker Typical Attack Vectors Hacking In From Wireless 6
Wireless Vulnerabilities ROGUE DEVICES Employees Often Install Them! With Little To NO Security Wireless Vulnerabilities POOR WIRELESS SECURITY WPA2 BETTER WPA OK WEP POOR! Wireless Vulnerabilities POOR WIRELESS SECURITY Capture Packet When They Try To Reconnect TARGET USERS Crack Packet Use Credentials 7
Wireless Vulnerabilities Wireless EVIL Twin SSID: ACMEFCU Wireless SSID: ACME-FCU Wireless For Internet Connect to AcmeFCU Wireless Wireless Vulnerabilities Wireless EVIL Twin SSID: ACME-FCU Wireless SSID: ACMEFCU Wireless Wireless Vulnerabilities Wireless EVIL Twin SSID: ACME-FCU Wireless SSID: ACMEFCU Wireless 8
Wireless Vulnerabilities Thanks For The Creds! Wireless EVIL Twin WOW! We have a 9G Wireless Network? Attack Vector Hack Over the Phone Lines Still A Great way to Hack! Telephony Vulnerabilities War Dialing Acme FCU Phone Numbers 9
Telephony Vulnerabilities War Dialing Alarm Systems HVAC Systems What Answered! Integrated Lights Out Enabled Systems Building Systems Telephony Vulnerabilities War Dialing Toll Fraud!!! Telephony Vulnerabilities EavesDropping Wireshark Cain VOMIT 10
Web App Vulnerabilities Cross Site Scripting & Sql Injection Web App Vulnerabilities Cross Site Scripting & Sql Injection WOW! Two Admin Accounts! Web App Vulnerabilities Cross Site Scripting & Sql Injection 11
Attack Vector Hack Via Social Engineering Attack Vector Hack Via Social Engineering Dumpster Diving Attack Vector Hack Via Social Engineering Of Course! Can I Have Your Password? Pretexting 12
Attack Vector Hack Via Social Engineering Tail-Gating Attack Vector Hack Via Social Engineering Shoulder Surfing Attack Vector Hack Via Social Engineering Baiting 13
Attack Vector Hack Via Social Engineering Baiting Attack Vector Hack Via Social Engineering We Forge Badges Then Tailgate Into Building We Put Them Everywhere! In Breakrooms We Also Handed Them Out In The Cafeteria 14
What Happens When They Get Plugged In. People Were Instructed to Give Us Credentials The Results? 1000 USB Devices 288 Inserted Them 180 People Gave Us Their User Name & PW Human Error Phishing is King 15
Human Error Spear Phishing Fear Was The Hook The Results? Fooled To Go Here! Thanks! User Name Password The Results? 694 Phishing Emails Sent 220 People Clicked On The Link 197 People Gave Us Their User Name & PW 16
Human Error NOT FAIR! (Industry Term) Human Error Spear Phishing Free Stuff Was The Hook The Results? Fooled Them To Go Here! User Name Password That s Me! We Gave Them A Hint 17
The Results? 694 Phishing Emails Sent 160 People Clicked On The Link 128 People Gave Us Their User Name & PW With Just One (1) User Name & Password. Read Your Email Control The Network Steal Your Identity Delete or Ransom Your Data Control Business Systems Control Office Equipment Control Physical Systems Steal Company Money Shutdown Your Business Don t Get Hooked Who Is Sending This? If Not Sure. DO NOT Open Attachment? They Didn t Know Your Name? They Threaten You To Do Something? They Instruct You To Do Something? Hover Over The Link.. http://mal+hak-vctm-$.br 18
Don t Get Hooked Royal Inheritance http:\\hacksite_malware_ http:\\www.acmefcu.org Hover Over the Link Is It Different? Notice the URL If Its Too Good To Be True? When in Doubt Throw it Out Don t Get Hooked Suspect Email? When in Doubt? Verify The Email is Legit Question Any Instructions in the Email If Suspicious Report it to I.T. When in Doubt Throw it Out Physical Access 19
Sheeva or Pwn Plug Power Pwn Plug Trusted Vendors? 20
Open every panel on copier, dismantle it Disconnect copier from network. Imposter Copier Technicians-Spoof IP of Copier Plug In your laptop and collect data. Scan Network Exploit Vulnerable Systems Escalate Privileges Become Domain Admin 21
Tested at Other Locations Behind Teller Line In Drive Thru Teller Area Tested at Other Locations Inside Data Centers Heating & Ventilation System 22
Posed As HVAC Guys To Gain Access To Internal Network Explain You Need To Work Above Ceiling Imposter HVAC Technician Plant Wireless Access Point 23
Work In Data Center 24
The Vampire Rule Invited Into Location 25
Complete Datacenter Access QUESTIONS? 26
Thankyou 27