The man, the cloud and the social rat

After a recent talk I gave on Information Security one of the attendees thanked me for explaining what it meant and then asked for more information about some of the attacks. So here are explanations about some of the attacks used in the talk, and a few more that I will be talking about in the future.

Man In The Cloud (MITC)

The purpose of this attack is to access cloud services such as Microsoft OneDrive, Google Drive and Dropbox. The malicious actor first needs to convince a user to run some code that won’t raise any red flags. This sends them the synchronization token used by the cloud services to confirm the user has already logged in. Once they have the token they can access what has been stored in the cloud. They can then amend, copy or delete the data.

Man In The Middle (MITM)

The purpose of this attack is to intercept data and act as a relay/proxy. The malicious actor needs to gain access to the traffic. One way to do this is via an unencrypted WiFi access point. If they do it in a way that interrupts the normal communication channel they can inject their own data.

Social Engineering

The purpose of this attack is to convince a user to provide access to sensitive information. It can be done in many ways; by telephone calls, social media, walking into an office etc. A few types are described below.

Baiting. Leaving leaves malware-infected physical device such as a USB drives in places where they will be found. The finder picks up the device and accesses it on their computer, which installs malicious software (malware).

Phishing. Sending fraudulent emails disguised as legitimate ones, usually disguised as from a trusted source. The message is meant to trick the recipient into clicking on a link or attachment to install malware.

Tailgating. When an unauthorized person follows an authorized person into a secure location, usually to steal property or confidential information. This could involve waiting outside a door with two cups of coffee and waiting until someone opens the door and lets them in.

Social Rat in the Browser (Social RitB)

The purpose of this attack is to get access to a computer. A RAT is a Remote Access Trojan. This is malware that gives unlimited access to a malicious actor who can then steal information or install other software. The Rat in the Browser attack is aimed at online banking done via a browser. The Social element comes in when social engineering is used to convince a user to install a standard remote support tool on their computer. The user is asked to login and stay away from the computer while ‘checks are done’. The checks are fraudulent transactions that can clear out an account.

 

Please get in touch if you want to know more about what Information Security means (it is more than Cyber Security), the impact a security breach can have on the bottom line and how to implement a security approach that delivers business benefits.

e: ian.grey@wadiff-consulting.co.uk
t: +44 (0)7941 188462