Recent Breaches Were Made Using Phishing

By Author: eccuni
Total Articles: 211
Comment this article

At least 40 million people holding secure information; at some point someone can have a slip-up and a breach in security will happen, right? With having that many people possessing company information in a token, a breach or two is bound to happen, or so many people predicted. Many people saw this one coming and it was only time until someone did but what is more interesting is the way the hacker did it: phishing.

For someone who knows a thing or two about hacking, breaching, hackers or anything of that sort, or at least have gone into some kind of orientation towards it, would have some necessary measurements before being put in a situation where he might compromise a company information unsuspectingly. It’s not horrifyingly surprising given the huge number of people who hold the tokens and given the huge margin for error plus having a system where it supposedly changes the password every minute or so but may forget the fact that this password authenticator feature was still embedded in its system’s processes and can be made visible via a system breach; there is only so much an orientation or a software meeting can ...
... do.

The system works this way: before logging in or accessing into the system, it has what they call a two-factor authentication process. In this process, the two factors are combined together to make the secured log-in process work: the PIN or the password and the authenticator. By these two factors, it is more secured compared to the reusable passwords that once have been discovered or spelled out, will cause disaster as many hackers can flock around that single password and practically control everything that you do to a point where you don’t know what to do. By using ID, not only will your access be secured but the password that you use will change every minute or so; this will prioritize uniqueness in order to strengthen security and it has been proven for 20 years.

The method of hacking used was phishing. There were four employees that were from a big company that were given a mail which contained the message "I forward this file to you for review, please open and view it". Given the innocence of these employees, obviously, they did follow the instructions given by the phished mail and that action resulted in a breach of security. This fact was uncovered by a certain researcher named Timo Hirvonen who was from F-Secure, an antivirus provider. That fact was discovered after five months that the incident that happened and after a computer forensics was done.

20 years of trusted security was SecurID boasted about but using this simple method of phishing, undisclosed information was stolen from the company through the security breach. The successful attack has garnered much popularity and interest among many people especially those who have undergone a computer forensics training since it was an interesting case to study. What generally made it interesting was how the hacker was able to infiltrate on this supposed "almost-impenetrable" defense that the SecurID conjures.

According to a recent report, the hackers had actually sent two separate phishing emails that contain different content to a particular small group of employees that only have a low-level in the security access in a span of two days. They continued that the messages were truly crafted with professionalism and really looked like an official message and consequently, an employee did retrieve it from his folder that contained Junk mails and opened the file in it. They also disclosed information on the name of the file and it was named "2011 Recruitment plan.xls" which contains an Adobe Flash objects that had a malicious code in it.

The interesting incident behind this story is when the researchers actually spent a lot of time researching about this malicious object for many weeks without knowing that someone already uploaded the backdoor code and its description in Virustotal. The method used by the hacker was actually very basic social tricks that would normally trick a person, in this case an employee, of the globe’s most dependable security company into clicking the file and downloading it.

Even with a company that is fully trusted for its security has been breached which explains that there is truly a need for computer forensics for it assesses the breach that has happened and will be primarily used to improve one’s security system. Professional who have undergone a computer forensic course or a computer forensics training are generally suited to handle this because they have undergone professional training.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in computer forensics and computer forensics training.

More information about EC-Council is available at www.eccouncil.org.