RSA 2013: Manipulation, then password theft, is the modus operandi of advanced attackers
Hackers may need malware to gain an initial foothold into a targeted organization, but once inside, they prefer to use plundered credentials to move around.
“They don't use exploits to move laterally [in compromised networks],” Alex Lanstein, a senior engineer at FireEye, said during a Wednesday session on China-based attacks. “They use stolen credentials.”
Free online sites and services such as Facebook, LinkedIn and Google can provide hackers with enough information on victims to craft a personalized phishing email. Once targets click a malicious link or open an attached file containing malware, hackers can gain access to coveted user login credentials to easily move through company networks and systems.
Using scenarios reported by companies that detected suspicious behavior, Lanstein shared one example of a CEO at a wireless power company who was targeted via spear phish. The email was created to look like a request from a student in Taiwan who attended a science and technology institute and wanted to reach the CEO to do research for a school assignment.