March 01, 2013

RSA 2013: Manipulation, then password theft, is the modus operandi of advanced attackers

Hackers may need malware to gain an initial foothold into a targeted organization, but once inside, they prefer to use plundered credentials to move around.

“They don't use exploits to move laterally [in compromised networks],” Alex Lanstein, a senior engineer at FireEye, said during a Wednesday session on China-based attacks. “They use stolen credentials.”

Free online sites and services such as Facebook, LinkedIn and Google can provide hackers with enough information on victims to craft a personalized phishing email. Once targets click a malicious link or open an attached file containing malware, hackers can gain access to coveted user login credentials to easily move through company networks and systems.  

Using scenarios reported by companies that detected suspicious behavior, Lanstein shared one example of a CEO at a wireless power company who was targeted via spear phish. The email was created to look like a request from a student in Taiwan who attended a science and technology institute and wanted to reach the CEO to do research for a school assignment.

Related Articles
Related Topics

Sign up to our newsletters

More in RSA 2013 News

RSA 2013: iOS safer than Android due to open app model, patching ...

The battle between the iOS and Android platforms continues, but with Apple having the edge on security, and Google with innovation, both are at the top of the mobile totem pole.

RSA 2013: CISOs make security - and business - sense of new ...

CISOs shared ways IT security professionals can attain the corporate support they need to implement evolving technologies into their security programs.

RSA 2013: Foreign cyber spies setting eyes on U.S. solar energy industry

Researchers at AlienVault are tracking the moves of a highly skilled espionage group, likely nation-state backed and operating out of China, that has hit two U.S. manufacturers of solar panels.