Incident Response, TDR

RSA 2013: Manipulation, then password theft, is the modus operandi of advanced attackers

Hackers may need malware to gain an initial foothold into a targeted organization, but once inside, they prefer to use plundered credentials to move around.

“They don't use exploits to move laterally [in compromised networks],” Alex Lanstein, a senior engineer at FireEye, said during a Wednesday session on China-based attacks. “They use stolen credentials.”

Free online sites and services such as Facebook, LinkedIn and Google can provide hackers with enough information on victims to craft a personalized phishing email. Once targets click a malicious link or open an attached file containing malware, hackers can gain access to coveted user login credentials to easily move through company networks and systems.  

Using scenarios reported by companies that detected suspicious behavior, Lanstein shared one example of a CEO at a wireless power company who was targeted via spear phish. The email was created to look like a request from a student in Taiwan who attended a science and technology institute and wanted to reach the CEO to do research for a school assignment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.