Techniques to perform BEC type of attacks
1). Spear Phishing:
Spear phishing is a phishing method that targets specific individuals or groups within an organization. It is a potent variant of phishing a malicious tactic which uses emails, social media, instant messaging, and other platforms to get users to divulge personal information or perform actions that cause network compromise, data loss or financial loss. While phishing tactics may rely on shotgun methods that deliver mass emails to random individuals spear phishing focuses on specific targets and involve prior research.
A typical spear-phishing attack includes an email and attachment. The email includes information specific to the target including the target's name and rank within the company. This social engineering tactic boosts the chances that the victim will carry out all the actions necessary for infection including opening the email and the included attachment.
Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security.
When it comes to preventing email spoofing it is always best to be skeptical of emails. Look for common red flags for instance if an email asks for sensitive information such as usernames or passwords or if the sender's email address does not match the details of a legitimate source.
3). Dumpster Diving:
Dumpster diving is the process of searching trash to obtain useful information about a person/business that can later be used for the hacking purpose. This attack mostly targets large organizations or businesses to carry out phishing by sending fake emails to the victims that appear to have come from a legitimate source. The information obtained by compromising the confidentiality of the victim is used for Identity fraud.
4). Malicious Plugins:
Browser plugins are pieces of code which add features to a browser such as support for video playback and the ability to display certain file types. Examples include the QuickTime media player and the Adobe Reader plugin that lets you view PDF documents in your browser window. Malicious plugins however may cause browser instability and erratic behavior. Identifying and removing them is usually straightforward.
5). Man in the Middle (MITM) and/or Man in the Email (MITE):
A "man-in-the-email" attack is like the classic man-in-the-middle attack; a human attacker is in the middle of email communication convincing other parties in the communication that they are communicating with each other. Since the middleman controls the communications, he or she could for example tell one party to transfer money to another party but change the account number to direct the money to a fraudulent account the middleman controls.
6). Network Level attacks:
Network security attacks are unauthorized actions against private, corporate or governmental IT assets in order to destroy them modify them or steal sensitive data. As more enterprises invite employees to access data from mobile devices, networks become vulnerable to data theft or total destruction of the data or network.
There are two main types of network attacks:
7). OS vulnerability exploitation:
In the previous post, we focused on gathering information about our target. Various information included the target IP address, open ports, available services, operating system and so on. One of the biggest assets in the process of information gathering is gaining knowledge about the operating system used by the target server or system. This information can prove to be very helpful in penetrating the target machine as we can quickly look for exploits and vulnerabilities of the operating system in use. Well, the process is not as straightforward as it sounds but knowledge about the target operating system can ease our task to much extent.
8). Brute force or any other password cracking attacks on Cpanel:
This method is similar to the dictionary attack. Brute force attacks use algorithms that combine alpha-numeric characters and symbols to come up with passwords for the attack. For example, a password of the value “password” can also be tried as [email protected]$$word using the brute force attack.
A brute force attack occurs when a hacker attempts to log into your account by trying every possible combination of a password. Once they determine what your username is they simply try the first possible password. When that fails they try the next one and the next and so on until they happen to luck upon the correct password. This is incredibly time consuming but there are apps and programs that aid the hacker by automating the process.
9). Server Hijacking/Dumping:
DNS requests are mostly unencrypted, and this creates a problem as well as room for intercepting requests by malicious attackers. We have touched upon DNS and issues with its privacy but let’s get into how and why DNS hijacking is performed.
DNS hijacking also known as DNS redirection is a method of DNS attack in which attackers attempt to incorrectly resolve your DNS queries and redirect your traffic to a malicious website.
While your browser is resolving a URL a fake server set up by the attackers will send a fake IP address that belongs to their malicious website to your device in hopes of tricking you into using the unauthorized version of the website you want to access. These are often websites where users input their sensitive data allowing attackers to steal their data.
A Remote Access Trojan more popularly known as RAT is a type of malware that can conduct covert surveillance to a victim’s computer. Its behavior is very similar to keyloggers. However, RATs can do much more than collect data from keystrokes, usernames and passwords. Other modern keyloggers can also capture screenshots, emails, browser, chat logs, and more.