CEHv8 module 09 social engineering

Thông tin tài liệu

Tài liệu về CEH, an toàn bảo mật hệ thống thông tin. Phù hợp cho các bạn sinh viên nghiên cứu. học tập, làm đồ án.

e * x Ethical Hacking and Countermeasures Social Engineering Exam 312-50 Certified Ethical Hacker S o c i a l E n g i n e e r i n g M o d u le Engineered by Hackers Presented by Professionals CEH «■* E th ic a l H a c k in g C o u n te rm e a s u re s v M o d u l e : S o c ia l E n g i n e e r i n g E xam -5 Module 09 Page 1293 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Social Engineering Exam 312-50 Certified Ethical Hacker S e c u r i t y N e w CEH s Cybercriminals Use Social Engineering Emails to Penetrate Corporate Networks S eptem ber 25, 2012 New s P ro d u c t S e rv ic e s FireEye, Inc has announced the release of "Top Words Used in Spear Phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data," a report that identifies the social engineering techniques cybercriminals use in email-based advanced cyber attacks According to the report, the top words cybercriminals use create a sense of urgency to trick unsuspecting recipients into downloading malicious files The top word category used to evade traditional IT security defenses in email-based attacks relates to express shipping C o n ta c t According to recent data from the FireEye "Advanced Threat Report," fo r the first six months of 2012, email-based attacks increased 56 percent Email-based advanced cyber attacks easily bypass traditional signature-based security defenses, preying on naive users to install malicious files About "Cybercriminals continue to evolve and refine their attack tactics to evade detection and use techniques that work Spear phishing emails are on the rise because they w ork," said Ashar Aziz, Founder and CEO, FireEye "Signature-based detection is ineffective against these constantly changing advanced attacks, so IT security departments need to add a layer of advanced threat protection to their security defences." "Top Words Used in Spear Phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data," explains that express shipping terms are included in about one quarter of attacks, including "DHL", "UPS", and "delivery.11 http://biztech2.in com Copyright © by EG-G(ancil All Rights Reserved Reproduction Is Strictly Prohibited S e c u rity N e w s C y b e r c r im in a ls P e n e tra te U se C o rp o te S o c ia l E n g in e e r in g E m a ils to N e tw o rk s Source: h ttp ://b iz te c h in c o m FireEye, Inc has a n n o u n ce d th e release o f "T op W o rd s Used in Spear P hish in g A tta cks to S uccessfully C o m p ro m is e E n te rp rise N e tw o rk s and Steal D ata," a re p o rt th a t id e n tifie s th e social e n g in e e rin g te c h n iq u e s c y b e rc rim in a ls use in e m a il-b a se d advanced cyb e r-a tta cks A c c o rd in g to th e re p o rt, th e re are a n u m b e r o f w o rd s c y b e rc rim in a ls use to cre a te a sense o f u rg e n cy to tric k u n su sp e c tin g re c ip ie n ts in to d o w n lo a d in g m a licio u s file s The to p w o rd c a te g o ry used to evade tra d itio n a l IT s e c u rity defenses in e m a il-b a s e d a tta c k s re la te s to express sh ip p in g A c c o rd in g to re c e n t data fro m th e FireEye "A d va n ce d T h re a t R e p o rt," fo r th e fir s t six m o n th s o f 2012, e m a il-b a se d a tta cks increased 56 p e rc e n t Em ail-based advanced c y b e r-a tta c k s easily bypass tr a d itio n a l s ig n a tu re -b a s e d s e c u rity defenses, p re yin g on naive users to in sta ll m a lic io u s files "C y b e rc rim in a ls c o n tin u e to e v o lv e and re fin e th e ir a tta c k ta c tic s to evade d e te c tio n and use te c h n iq u e s th a t w o rk Spear p hish in g e m ails are on th e rise because th e y w o rk ," said A shar Aziz, F o u n d e r and Module 09 Page 1294 CEO, FireEye "S ig n a tu re -b a se d d e te c tio n is in e ffe c tiv e against th e se Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Social Engineering Exam 312-50 Certified Ethical Hacker c o n s ta n tly ch a ng in g advanced a ttacks, so IT s e c u rity d e p a rtm e n ts need to add a la ye r o f advance d th r e a t p ro te c tio n to th e ir s e c u rity defense s." "T o p W o rd s Used in Spear P hishing A tta c k s to Successfully C o m p ro m ise E n te rp rise N e tw o rk s and Steal D ata," explains th a t express sh ip p in g te rm s are in clu d e d in a b o u t one q u a rte r o f a ttacks, in c lu d in g "D H L," "UPS," and "d e liv e ry " U rg e n t te rm s such as " n o tific a tio n " and " a le rt" are in c lu d e d in a b o u t 10 p e rc e n t o f attacks An exa m p le o f a m a lic io u s a tta c h m e n t is "UPSD e liv e ry -C o n firm a tio n -A le rt_ A p ril-2 z ip " The re p o rt in d ica te s th a t c y b e rc rim in a ls also te n d to use fin a n c e -re la te d w o rd s , such as th e nam es o f fin a n c ia l in s titu tio n s and an associated tra n s a c tio n such as "Lloyds TSB - Login F o rm h tm l," and ta x -re la te d w o rd s , such as "T a x_ R e fu n d zip " Travel and b illin g w o rd s in c lu d in g "A m e ric a n A irlin e s T ic k e t" and "in v o ic e " are also p o p u la r sp e a r p h is h in g e m a il a tta c h m e n t key w o rd s Spear p h ish in g em ails are p a rtic u la rly e ffe c tiv e as c y b e rc rim in a ls o fte n use in fo rm a tio n fro m social n e tw o rk in g sites to p e rso n a lize em ails and m ake th e m lo o k m o re a u th e n tic W h e n u n su sp e ctin g users re sp o n d , th e y m ay in a d v e rte n tly d o w n lo a d m a licio u s file s o r click on m a lic io u s links in th e e m a il, a llo w in g c rim in a ls access to c o rp o te n e tw o rk s and th e p o te n tia l e x filtra tio n o f in te lle c tu a l p ro p e rty , c u s to m e r in fo rm a tio n , and o th e r va lu a b le c o rp o te assets The re p o rt h ig h lig h ts th a t c y b e rc rim in a ls p r im a r ily use zip file s in o rd e r to hide m a licio u s code, b u t also ranks a d d itio n a l file typ e s, in c lu d in g PDFs and e x e cu ta b le files "T o p W o rd s Used in Spear P hishing A tta cks to Successfully C o m p ro m ise E n te rp rise N e tw o rk s and Steal D ata" is based on data fro m th e FireEye M a lw a re P ro te c tio n Cloud, a service shared by th o u s a n d s o f FireEye a pp lia n ces a ro u n d th e w o rld , as w e ll as d ire c t m a lw a re in te llig e n c e u n c o v e re d by its research te a m The re p o rt p ro vid e s a g lobal v ie w in to e m a il-b a se d atta cks th a t ro u tin e ly bypass tr a d itio n a l s e c u rity s o lu tio n s such as fire w a lls and n e x t-g e n e tio n fire w a lls , IPSs, a n tiv iru s , and gate w ays Copyright © 2011, Biztech2.com - A N etwork 18 Venture Author: Biztech2.com Staff h t ://b iz te c h in c o m /r 1e w s /s e c u ritv /c v b e rc rim in a ls -u s e -s o c ia l-e r 1E in e e rir 1g -e m a ils -to -p e n e tra te c o rp o te -n e tw o rk s /1 4 /0 Module 09 Page 1295 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Social Engineering M o d u l e Exam 312-50 Certified Ethical Hacker O b j e c t i v e s CEH ‫י‬ J W h a t Is Social Engineering? J J Factors th a t M ake Com panies J M obile-based Social Engineering Social Engineering T hrough Im pe rso n atio n on Social N e tw o rkin g Vulnerable to Attacks Sites J W a rning Signs o f an A ttack J Phases in a Social E ngineering A tta ck J Com m on Targets o f Social Engineering J J k B J Id e n tify T he ft J Social Engineering Counterm easures J H ow to D etect Phishing Emails Hum an-based Social Engineering « Id e n tity T h e ft Counterm easures C om puter-based Social Engineering J Social Engineering Pen Testing Copyright © by EG-G*ancil All Rights Reserved Reproduction Is Strictly Prohibited M o d u le O b je c tiv e s The in fo rm a tio n c o n ta in e d in th is m o d u le lays o u t an o v e rv ie w on social e n g in e e rin g W h ile th is m o d u le p o in ts o u t fa lla cie s and advocate s e ffe c tiv e c o u n te rm e a s u re s , th e possible w ays to e x tra c t in fo rm a tio n fro m a n o th e r h u m a n being are o n ly re s tric te d by th e in g e n u ity o f th e a tta c k e r's m in d W h ile th is a spect m akes it an a rt, and th e p syc h o lo g ic a l n a tu re o f som e o f th e se te c h n iq u e s m ake it a science, th e b o tto m lin e is th a t th e re is no d efense against social e n g in e e rin g ; o n ly c o n s ta n t v ig ila n c e can c irc u m v e n t som e o f th e social e n g in e e rin g te c h n iq u e s th a t a tta c k e rs use This m o d u le w ill fa m ilia riz e yo u w ith : S W h a t Is Social E nginee ring? C om puter-based Social Engineering S Factors th a t M ake C om panies M obile-based Social Engineering V u ln e b le to A tta cks Social Engineering T hrough Im personation on W a rn in g Signs o f an A tta c k Social N e tw o rkin g Sites Phases in a Social E nginee ring Id e n tify Theft A tta c k S C o m m o n T argets o f Social E nginee ring S H u m an-base d Social E ngineering Module 09 Page 1296 Social Engineering Counterm easures H ow to D etect Phishing Emails Id e n tity T h e ft C o u n te rm e a su re s Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Social Engineering Exam 312-50 Certified Ethical Hacker Copyright © by EC-G(Uncil All Rights Reserved Reproduction is Strictly Prohibited J L l } M o d u le F lo w As m e n tio n e d p re v io u s ly , th e re is no s e c u rity m e ch a n ism th a t can s to p a tta c k e rs fro m p e rfo rm in g social e n g in e e rin g o th e r th a n e d u c a tin g v ic tim s a b o u t social e n g in e e rin g tric k s and w a rn in g a b o u t its th re a ts So, n o w w e w ill discuss social e n g in e e rin g concepts Social E n g in e e rin g C oncepts • Id e n tity th e f t a Social E n g in e e rin g Social E n g in e e rin g T e c h n iq u e s C o u n te rm e a s u re s Im p e rs o n a tio n o n Social N e tw o rk in g Sites /*■ ‫־‬ JiEE P e n e tra tio n T e s tin g This s e ctio n d escribes social e n g in e e rin g and h ig h lig h ts th e fa c to rs v u ln e b le to a ttacks, as w e ll as th e im p a c t o f social e n g in e e rin g on an o rg a n iz a tio n Module 09 Page 1297 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Social Engineering Exam 312-50 Certified Ethical Hacker W h a t Is S o c ia l E n g in e e r in g ? CEH UrtrfW* ttfciul lUilwt J Social e n g in e e rin g is th e a rt o f c o n v in c in g p e o p le to reveal c o n fid e n tia l in fo rm a tio n J Social e n g in ee rs d e p e n d on th e fa ct th a t p e o p le are u n a w a re o f th e ir v a lu a b le in fo rm a tio n and are careless a b o u t p ro te c tin g it 0 Copyright © by IG-Gtuncil All Rights Reserved Reproduction is Strictly Prohibited W h a t I s S o c ia l E n g in e e r in g ? Social e n g in e e rin g re fe rs to th e m e th o d o f in flu e n c in g and p e rs u a d in g p e o p le to reveal se n sitive in fo rm a tio n in o rd e r to p e rfo rm som e m a lic io u s a c tio n W ith th e help o f social e n g in e e rin g tric k s , a tta c k e rs can o b ta in c o n fid e n tia l in fo rm a tio n , a u th o riz a tio n d e ta ils, and access d e ta ils o f p e o p le by d e c e iv in g and m a n ip u la tin g th e m A tta c k e rs can easily breach th e s e c u rity o f an o rg a n iz a tio n using social e n g in e e rin g tric k s All s e c u rity m easures a d o p te d by th e o rg a n iz a tio n are in vain w h e n e m p lo ye e s g et "social e n g in e e re d " by stra ng ers Som e e xam ples o f social e n g in e e rin g in clu d e u n w ittin g ly a n sw e rin g th e q u e s tio n s o f stra ng ers, re p ly in g to spam em a il, and b g g in g in fr o n t o f c o -w o rke rs M o s t o fte n , p e o p le are n o t even a w a re o f a s e c u rity lapse on th e ir p a rt Chances are th a t th e y d ivu lg e in fo rm a tio n to a p o te n tia l a tta c k e r in a d v e rte n tly A tta c k e rs ta ke special in te re s t in d e v e lo p in g social e n g in e e rin g s k ills , and can be so p ro fic ie n t th a t th e ir v ic tim s m ig h t n o t even realize th a t th e y have been scam m ed D espite having s e c u rity p o lic ie s in place, o rg a n iza tio n s can be c o m p ro m is e d because social e n g in e e rin g atta cks ta rg e t th e w eakness o f p e o p le to be h e lp fu l A tta c k e rs are alw ays lo o k in g fo r n e w w ays to g a th e r in fo rm a tio n ; th e y ensure th a t th e y k n o w th e p e rim e te r and th e p e o p le on th e p e rim e te r s e c u rity guards, re c e p tio n is ts , and help desk w o rk e rs in o rd e r to e x p lo it h um a n o ve rsig h t People have been c o n d itio n e d n o t to be o v e rly suspicious; th e y associate c e rta in b e h a v io r and appea nces w ith kn o w n e n titie s For Module 09 Page 1298 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Social Engineering Exam 312-50 Certified Ethical Hacker instan ce, u po n seeing a m an dressed in a u n ifo rm and ca rryin g a stack packages fo r d e liv e ry , any in d iv id u a l w o u ld ta k e him to be a d e liv e ry person C om panies lis t th e ir e m p lo y e e IDs, nam es, and em a il addresses on th e ir o ffic ia l w e b s ite s A lte rn a tiv e ly , a c o rp o tio n m ay p u t a d v e rtis e m e n ts in th e p a p e r fo r h ig h -te ch w o rk e rs w h o are tra in e d on O racle databases o r UN IX se rve rs These b its o f in fo rm a tio n he lp a tta cke rs k n o w w h a t kind o f system th e y are ta c k lin g This o ve rla p s w ith th e re co n n a issa n ce phase Module 09 Page 1299 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking a n d C o u n te rm e a s u re s Social E n g in eerin g Exam -5 C ertified Ethical H acker Behaviors V u ln e b le to A ttacks CEH U rtNM | H u m a n n a tu re o f tr u s t is th e basis o f any so cia l e n g in e e rin g a tta c k ‫־■־■־‬ Ig n o n ce a b o u t so cia l e n g in e e rin g a nd its e ffe c ts a m o n g th e w o rk fo rc e -*‫־*־־‬ m akes th e o rg a n iz a tio n an easy ta rg e t H ItkNjI lUilwt I Social e n g in e e rs m ig h t th re a te n severe losses in case o f n o n - c o m p lia n c e -*“* -* ‫־‬ w it h th e ir re q u e s t & Social e n g in e e rs lu re th e ta rg e ts to d iv u lg e in fo rm a tio n by p ro m is in g IV s o m e th in g fo r n o th in g V Targets are asked fo r h e lp a nd th e y c o m p ly o u t o f a sense o f m o l o b lig a tio n Copyright © by EG-G*ancil All Rights Reserved Reproduction Is Strictly Prohibited B e h a v io r s V u ln e r a b le to A tta c k s A n a tta c k e r can ta k e a d v a n ta g e o f t h e fo llo w in g b e h a v io rs a n d n a tu r e o f p e o p le t o c o m m i t s o c i a l e n g i n e e r i n g a t t a c k s T h e s e b e h a v i o r s c a n b e v u l n e r a b i l i t i e s o f s o c ia l e n g in e e rin g a tta c ks : Q H u m a n n a t u r e o f t r u s t i t s e l f b e c o m e s t h e m a i n b a s is f o r t h e s e s o c ia l e n g i n e e r i n g a t t a c k s C o m p a n ie s s h o u ld ta k e th e p ro p e r in itia tiv e in e d u c a tin g e m p lo y e e s about p o s s ib le v u l n e r a b i l i t i e s a n d a b o u t s o c ia l e n g i n e e r i n g a t t a c k s s o t h a t e m p l o y e e s w i l l b e c a u t i o u s S o m e t i m e s s o c ia l e n g i n e e r s g o t o t h e e x t e n t o f t h r e a t e n i n g t a r g e t s in c a s e t h e i r r e q u e s t s a re n o t a c c e p te d W h e n th in g s d o n 't w o r k o u t w it h th r e a te n in g , th e y lu re th e t a r g e t b y p r o m is in g t h e m v a r i o u s k i n d s o f t h i n g s lik e c a s h o r o t h e r b e n e f i t s In s u c h s i t u a t i o n s , t h e t a r g e t m i g h t b e l u r e d a n d t h e r e is t h e p o s s i b i l i t y o f l e a k i n g s e n s i t i v e c o m p a n y d a t a A t t i m e s , e v e n t a r g e t s c o o p e r a t e w i t h s o c ia l e n g i n e e r s d u e t o s o c i a l o b l i g a t i o n s Ig n o n ce about s o c ia l e n g in e e rin g and its e ffe c ts am ong th e w o rk fo rc e m akes th e o rg a n iz a tio n an easy ta rg e t T h e p e r s o n c a n a ls o r e v e a l t h e s e n s i t i v e i n f o r m a t i o n in o r d e r t o a v o i d g e t t i n g in t r o u b l e b y n o t p ro v id in g i n f o r m a t i o n , as h e o r s h e m a y t h i n k t h a t i t w o u l d a ffe c t th e c o m p a n y 's b u sin ess M o d u le P ag e 1300 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s Social E n g in eerin g Exam -5 C ertified Ethical H acker Factors that M a k e C om panies V u ln e b le to A ttacks In s u f f ic ie n t CE H Easy S e c u r ity A ccess o f T r a in in g In fo r m a tio n Lack o f S e c u r ity O r g a n iz a tio n a l P o lic ie s U n its Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited F a c to r s th a t M a k e C o m p a n ie s V u ln e r a b le to A tta c k s S o c ia l e n g i n e e r i n g c a n b e a g r e a t t h r e a t t o c o m p a n i e s It is n o t p r e d i c t a b l e It c a n o n l y be p r e v e n t e d b y e d u c a tin g e m p lo y e e s a b o u t s o c ia l e n g in e e r in g a n d th e th r e a ts a s s o c ia te d w i t h it T h e r e a r e m a n y f a c t o r s t h a t m a k e c o m p a n i e s v u l n e r a b l e t o a t t a c k s A f e w f a c t o r s a r e m e n t i o n e d as f o l l o w s : In s u ffic ie n t S e c u rity T r a in in g It is t h e m i n i m u m r e s p o n s i b i l i t y o f a n y o r g a n i z a t i o n t o e d u c a t e t h e i r e m p l o y e e s a b o u t v a r i o u s s e c u r i t y a s p e c t s i n c l u d i n g t h r e a t s o f s o c ia l e n g i n e e r i n g in o r d e r t o r e d u c e its i m p a c t o n c o m p a n i e s U n le s s t h e y h a v e t h e k n o w l e d g e o f s o c ia l e n g i n e e r i n g t r i c k s a n d t h e i r i m p a c t , t h e y d o n ' t e v e n k n o w e v e n i f t h e y h a v e b e e n t a r g e t e d a n d T h e r e f o r e , i t is a d v i s a b l e t h a t e v e r y c o m p a n y m u s t e d u c a t e o r t r a i n its e m p l o y e e s a b o u t s o c ia l e n g i n e e r i n g a n d its t h r e a t s L a c k o f S e c u rity P o lic ie s S e c u rity s ta n d a rd s s h o u ld be in c re a s e d d r a s t ic a lly b y c o m p a n ie s t o b rin g a w a re n e s s M o d u le P ag e 1301 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r S o c ia l E n g in e e r in g A n t i - P h i s h i n g T o o l b a r : N e t c r a f t C E H T h e N e tc ft T o o lb a r p ro v id e s c o n s ta n tly u p d a te d in fo rm a tio n a b o u t th e s ite s you v is it as w e ll as b lo c k in g d a n g e ro u s s ite s Hacker Halted nacKer nanea i j us A 2012 ®ct 25-31, 2 intercontinental Hot* Miami F1 I U n v e l th e E n ig m a o f *uguit h ttp ://to o lb a r n e tc r a ft c o m To protect your savings from phishing attacks ‫ט‬ To see the hosting lo catio n and risk rating of every site visited « To help defend the Internet co m m u nity from to to Mo'onbw 000)1•Int to utB (Mot•( GoojlrIn‫׳‬ to ‫י‬ F e a tu re s: « Goa)••int D»* Mtana TedroMpw fraudsters Copyright © by EG-G(ancil All Rights Reserved Reproduction Is Strictly Prohibited A n t i - P h i s h i n g ■ T o o l b a r : N e t c r a f t Source: http://toolbar.netcraft.com The Netcraft Toolbar provides updated information about the sites you visit regularly and blocks dangerous sites The toolbar provides you with a wealth of information about the sites you visit This information will help you make an informed choice about the integrity of those sites It protects you from phishing attacks, checks the hosting location and risk rating of each and every website you visit, and helps to secure the Internet community from fraudsters M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r S o c ia l E n g in e e r in g I s J f i t C«rt!fltd I1h1.b 1573254 hn0://moroansel6£.ccrr\fotd_aol.: 2a)u1try ',t 0Q1n-& bill*aka 1573253 hnp://n6w88msf■deidadtla ~ com/cad/sm&'dcuarfi/pro 1573252 http://eollv.tor.ayaol.oom.11tm 1573251 mtt>:/7pao!na£l23^km1.«£.‘b0(lrterr«C' http://www phishtank.com Copyright © by EC-CfUIICil All Rights Reserved Reproduction Is Strictly Prohibited A n t i - P h i s h i n g ‫ע‬ H ‫־‬e - s T o o l b a r : P h i s h T a n k Source: http://www.phishtank.com PhishTank is a community site where any individual or group can submit, track, and verify phishing sites It is a collaborative clearinghouse for data and information about phishing on the Internet In addition, an open API is provided for the developers and researchers by PhishTank for integrating anti-phishing data into their applications M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r S o c ia l E n g in e e r in g PtmhTcnk | Join Utc fight W f O ti \ D www.phishtank.com PhishTank io o perated bv OoonDNS , a fre o o e rvicc th a t rnakos you r In te rn e t oafar, •a :to r, and om a rto r ; P h is h T a n k Add A Ptifc.11 Out of the Net into the Tank Verify A RlilsJi Pl1i*.h Search St4L*> FAQ D«vtfJ0 |»er> KtAayLbb Ny AliourI J o in th e fig h t a g a in s t p h is h in g What is phishing? Phishing is a frau du len t a ttem p t, usually m ade th rough em ail, to steal y o u r personal info rm a tion Submit suspected phishes Track the status of your submissions Verify other users' submissions Develop software with our free API L e a r n m o r e ,, F o u n d a p h is h in g s ite ? G e t s ta r t e d n o w — s e e if it's in th e T a n k : h ttp :// What is PhishTank? Is i t a p h is h ? { PhishTank is a colla bo tive clearing house fo r data and in fo rm a tion about phishing on the In te rn e t Also, PhishTank provides an open API fo r de velopers and researchers to inte gra te anti-phishing data into th eir applications a t no charge R ead th e FAQ Recent Submissions Y o u c a n helD ! S k m in o r r e u fo t e r ( fr e e ! fa s t!) to v e rify th e s e s u s o e c te d o h ts h e s ID URL 1573255 http ://w w w p a y p a l.c a c«c u r# u m x /im a g *c/cg i b S u b m itte d b y EhshBsasiSsu 157325** h ttp ://m o rg a n s e le c e o m /o ld _ a o l.l.3 c o u n try /7Log1n - 61 bil w ake 15/3253 h ttp://n ew s s m s hd ei1d a d e ta m com /cad /sm s/atua l1/p r o ckacota • S737S? h ttn ://c n l 1v Ifi r rc fa n l.r n m htm hil w ake 1573251 h ttp ://p a g in a c l2 c k w i.4 c /b o d in ta rn a t/ Cmt 1S73250 h ttp s //tu c e.c y c u c d u.tw /toe t/p ro m o c oo a/8tu al/ ggnarti.n 1573249 http://a td w w c o m /lo g in /a u tlV h o m c a w a y /lo g in /5 e rvice RG5e30tTU 1C ah7NjZ46A 157324C h ttp s ://u s b a ttle n e t/lo g in /e r/? re f» h ttp % A */« F '& rj k ji 1573Z47 h ttp ://w w w pa y pa l.c a.7 40 9.s ec u re 3g m x /im a ge s/cgi.b P h shR eocrter FIGURE 09.22: PhishTank Tool Screen shot M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r S o c ia l E n g in e e r in g I d e n t i t y T h e f t C o u n t e r m e a s u r e s c E H S e cu re o r s h re d a ll d o c u m e n ts c o n ta in in g p riv a te in fo rm a tio n To k e e p y o u r m a il s e c u re , e m p ty th e m a ilb o x q u ic k ly Ensure y o u r n a m e is n o t p re se n t in th e m a rk e te rs ' h it lists S usp ect and v e rify a ll th e re q u ests fo r p e rso n a l data Review y o u r credit card rep orts regularly and never let it go o u t o f sight P ro te ct y o u r p e rso n a l in fo rm a tio n fro m b e in g p u b lic ize d N e v e r give a n y p e rso n a l in fo rm a tio n o n th e p h o n e Do n o t d is p la y a cc o u n t/co n ta c t n u m b e rs u n less m a n d a to ry Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited I d e n t i t y T h e f t C o u n t e r m e a s u r e s Identity theft occurs when someone uses your personal information such as your name, social security number, date of birth, mother's maiden name, and address in a malicious way, such as for credit card or loan services or even rentals and mortgages without your knowledge or permission Countermeasures are the key to avoid identity theft These measures help to prevent and respond to identity theft The chances of identity theft occurring can be reduced easily by following these countermeasures: © Secure or shred all documents containing private information © To keep your mail secure, empty your mailbox quickly © Ensure your name is not present on marketers' hit lists © Be suspicious of and verify all requests for personal data © Review your credit card reports regularly and never let your cards out of your sight © Protect your personal information from being publicized © Never give out any personal information on the phone © Do not display account/contact numbers unless mandatory M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r S o c ia l E n g in e e r in g M o d u l e F l o w Considering th a t you are now fa m ilia r w ith all the necessary concepts o f social engineering, tech n iq ue s to p erfo rm social engineering, and counterm easures to be applied fo r various threats, we w ill proceed to p en e tratio n testing Social engineering pen testing is the process o f testin g th e ta rg e t's se curity against social engineering by sim ulating the actions o f an attacker S o c ia l E n g in e e r in g C o n c e p ts • Id e n tity th e ft S o c ia l E n g in e e r in g T e c h n iq u e s S o c ia l E n g in e e r in g C o u n te rm e a s u re s j^ P * l I m p e r s o n a t io n o n S o c ia l N e t w o r k i n g S ite s — Ix T I 5E= P e n e tra tio n Testing This section describes social engineering pen testing and th e steps to be fo llo w e d to conduct the test M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r S o c ia l E n g in e e r in g S o c i a l E n g i n e e r i n g P e n T e s t i n g c E H The objective of social engineering pen testing is to test th e strength of human factors in a security chain within the organization Social engineering pen testing is often used to raise level of security aw areness among employees Tester should dem onstrate extrem e care and professionalism for social engineering pen test as it might involve legal issues such as violation of privacy and may result in an embarrassing situation for the organization Good Good In te rp e rs o n a l C o m m u n ic a tio n Skills Skills ‫׳‬ ,> j T a lk a t iv e a n d n C r e a t iv e F rie n d ly N a tu re v y Copyright © by EG-G*ancil All Rights Reserved Reproduction Is Strictly Prohibited S o c ia l M E n g i n e e r i n g P e n T e s t i n g -‫י‬ 1— The main objective of social engineering pen testing is to test the strength of human factors in a security chain within the organization Social engineering pen testing is often used to raise the level of security awareness among employees The tester should demonstrate extreme care and professionalism in the social engineering pen test as it might involve legal issues such as violation of privacy and may result in an embarrassing situation for the organization The pen tester should educate the critical employees of an organization about social engineering tricks and consequences As a pen tester, first you should get proper authorization from the organization administrators and then perform social engineering Collect all the information that you can and then organize a meeting Explain to employees the techniques you used to grab information and how the information can be used against the organization and also the penalties that the people responsible for information leakage need to bear Try to educate and give practical knowledge to the employees about social engineering as this is the only great preventive measure against social engineering A good pen tester must possess the following qualities: Q Pen tester should poses good communication © He or she should be talkative and have afriendly nature Q Should be a creative person Should have good interpersonal skills M o d u le P a g e skills E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r S o c ia l E n g in e e r in g S o c i a l E n g i n e e r i n g P e n T e s t i n g C E H The objective of social engineering pen testing is to test th e strength of human factors in a security chain within the organization Social engineering pen testing is often used to raise level of security aw areness among employees Tester should dem onstrate extrem e care and professionalism for social engineering pen test as it might involve legal issues such as violation of privacy and may result in an embarrassing situation for the organization Good Good In te rp e rs o n a l C o m m u n ic a tio n Skills Skills ‫׳‬ ,> j T a lk a t iv e a n d n C r e a t iv e F rie n d ly N a tu re v y Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited S o c ia l E n g i n e e r i n g P e n T e s t i n g ( C o n t ’ d ) ’ “ Collecting all possible information sources and testing them against all possible social engineering attacks is a bit of a difficult task Hence, social engineering pen testing requires a lot of effort and patience to test all information sources Even after putting a lot of effort in, if you miss any one information source that can give valuable information to the attacker, then all your efforts are worth nothing Therefore it is recommended that you list and follow the standard steps of social engineering This ensures the maximum scope of pen testing The following are the steps involved in typical social engineering testing: S te p 1: Obtain authorization The first step in social engineering penetration testing is obtaining permission and authorization from the management to conduct the test S te p 2: Define scope of pen testing Before commencing the test, you should know for what purpose you are conducting the test and to what extent you can test Thus, the second step in social engineering pen testing is to define the scope In this step, you need to gather basic information such as list of departments, employees that need to be tested, or level of physical intrusion allowed, etc that define the scope of the test M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r S o c ia l E n g in e e r in g S te p 3: O b t a in a lis t o f e m a ils a n d c o n ta c ts o f p r e d e f in e d ta r g e ts N e x t t r y t o o b t a i n e m a i l s a n d c o n t a c t d e t a i l s o f p e o p l e w h o h a v e b e e n t r e a t e d a s t a r g e t s in t h e second s te p , i.e , d e f i n e th e scope of pen te s tin g B ro w se a ll in fo rm a tio n s o u rce s to check w h e t h e r t h e i n f o r m a t i o n y o u a r e l o o k i n g f o r ( e m a i l a d d r e s s , c o n t a c t d e t a i l s , e t c ) is a v a i l a b l e o r n o t If in f o r m a t io n is a v a i l a b l e , t h e n c r e a t e a s c r i p t w i t h s p e c i f i c p r e t e x t s I f i n f o r m a t i o n is n o t a v a i l a b l e , t h e n c o l l e c t e m a i l s a n d c o n t a c t d e t a i l s o f e m p l o y e e s in t h e t a r g e t o r g a n i z a t i o n S te p : C o lle c t e m a ils a n d c o n t a c t d e ta ils o f e m p lo y e e s in t h e t a r g e t o r g a n iz a t io n If y o u a re not a b le to fin d in fo rm a tio n about th e ta rg e t p e o p le , th e n try a d d r e s s e s a n d c o n t a c t d e t a i l s o f o t h e r e m p l o y e e s in t h e t a r g e t o r g a n i z a t i o n to c o lle c t e m a il u s in g te c h n iq u e s s u c h as e m a il g u e s s in g , U S E N E T a n d w e b s e a rc h , e m a il s p id e r t o o ls lik e E m a il E x tr a c to r , e tc S te p 5: C o lle c t in f o r m a t io n u s in g f o o t p r in t in g t e c h n iq u e s O nce you c o lle c t e m a il a d d re s s e s a n d c o n d u c t e m a il fo o t p r in t in g and c o n ta c t d e ta ils o f th e o th e r te c h n iq u e s to t a r g e t o r g a n iz a tio n 's e m p lo y e e s , g a t h e r as m u c h in fo rm a tio n as p o s s ib le a b o u t t h e t a r g e t o r g a n i z a t i o n C h e c k w h a t i n f o r m a t i o n is a v a i l a b l e a b o u t t h e i d e n t i f i e d t a r g e t s If y o u a re a b le to c o lle c t in fo rm a tio n th a t is h e lp fu l fo r h a c k in g , th e n c re a te a s c rip t w ith s p e c ific p re te x ts If y o u s te p a re n o t a b le t o and try to c o lle c t u s e fu l in fo r m a tio n c o lle c t e m a ils and c o n ta c t a b o u t th e d e ta ils id e n tifie d ta rg e ts , th e n of o th e r e m p lo y e e s in go back to th e ta rg e t o rg a n iz a tio n S te p 6: C re a te a s c r ip t w i t h s p e c ific p r e te x ts C re a te a s c rip t based on th e c o lle c te d in fo rm a tio n , c o n s id e rin g b o th p o s itiv e and n e g a tiv e re s u lts o f an a tte m p t M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r S o c ia l E n g in e e r in g S o c i a l U s i n g E E n g i n m a i l s e e r i n g P e n T e s t i n g : ™ E ! : D o cu m en t a ll th e recovered Em ail em ployees askin g for in fo rm a tio n and respective personal in form ation victim s Send and m o n ito r em ails w ith m alicio u s attachm ents to target victim s Send phishing em ails to target victim s Response is received? YES D o cu m en t a ll th e responses and respective victim s Email employees asking for personal inform ation such as their user names and passwords by disguising as network administrator, senior manager, tech support, or anyone from a different department on pretext of an emergency Send emails to targets with malicious attachments and monitor their treatment with attachments using tools such as ReadNotify Vulnerable Targets Send phishing emails to targets as if from a bank asking about their sensitive information (you should have requisite permission for this) Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited ^ a S o c ia l y E n g i n e e r i n g P e n T e s t i n g : U s i n g E m a i l s a Once you obtain email addresses and contact details of employees of the target organization, you can conduct social engineering pen testing in three possible ways They are using emails, using the phone, and in person The following are the steps for social engineering pen testing using emails: S te p 7: Email employees asking for personal information As you already have email addresses of the target organization's employees, you can send emails to them asking for personal information such as their user names and passwords by disguising yourself as a network administrator, senior manager, tech support, or anyone from a different department using the pretext of an emergency Your email should like a genuine one If you succeed in luring the target employee, your job is done easily Extractthepersonal information of the victim from the reply and document all the recoveredinformation and respective victims But if you fail, then don't worry; there are other ways to mislead the victim If you get no reply from the target employee, then send emails with malicious attachments and monitor his or her email M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r S o c ia l E n g in e e r in g S te p 8: S e n d a n d m o n it o r e m a ils w it h m a lic io u s a tta c h m e n ts t o ta r g e t v ic tim s Send emails with malicious attachments that launch spyware or other stealthy informationretrieving software on the victim's machine on opening the attachment And then monitor the victim's email using tools such as ReadNotify to check whether the victim has opened the attachment or not If the victim opens the document, you can extract information easily Document the information extracted and all the victims If victim fails to open the document, then you cannot extract any information But you can can still carry out other techniques such as sending phishing emails to lure the user S te p 9: S e n d p h is h in g e m a ils t o ta r g e t v ic tim s Send phishing emails to targets that looks as if it is from a bank asking about their sensitive information (you should have requisite permission for this) If you receive any response, then extract the information and document all the responses and respective victims If you receive no response from the victim, then continue the pen testing with telephonic methods M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r S o c ia l E n g in e e r in g S o c i a l U s i n g E P n g i n e e r i n g P e n T e s t i n g : h o n e Call a target posing as a C all a target and o ffer th em co lle ague and ask fo r th e rew ards in lieu o f personal in fo rm a tio n s en sitiv e in form ation Th reaten th e ta rg e t w ith dire Call a target user posing as an im p o rta n t user C all a target posing as tech n ical sup p o rt and ask for th e sen sitive in form ation se q u e n ce s (for e xa m p le acco u n t w ill be d isa b le d ) to get Use reverse social engineering techniques so th at the targets yield inform ation them selves Refer to an im p o rta n t person in th e organization and try to co lle ct data Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited Jg S o c ia l E n g i n e e r i n g P e n T e s t i n g : U s i n g P h o n e The following are steps to conduct social engineering pen testing using the phone to ensure the full scope of pen testing using phones Call a target and introduce yourself as his or her colleague and then ask for the sensitive information S te p 10: S te p 11: Call a target user posing as an important user S t e p : C a ll a t a r g e t p o s in g a s t e c h s u p p o r t a d m i n Call a target and introduce yourself as technical support administrator Tell the person that you need to maintain a record of all the employees and their system information and times during which they use the system, etc.; therefore, you need a few details of employees In this way, you can ask for sensitive information of employees Call a target and introduce yourself as one of the important people in the organization and try to collect data, S te p 13: S te p 14: Call a target and offer him or her rewards in lieu for exchange of personal information Threaten the target with dire consequences (for example, account will be disabled) to get information S te p 15: Use reverse social engineering techniques so that the targets yield information themselves S te p 16: M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r S o c ia l E n g in e e r in g S o c i a l E n g i n e e r i n g P e n T e s t i n g : C I n P e r s o E H n Q Befriend em ployees in cafeteria and try to extract a tester can en act th e testing script and his in te rp erson a l skills in fo rm a tio n >* > Try to en ter fa c ility posing as an external a u d ito r Success of any social engineering technique depends on how well Try to tailgate w ea rin g a fake ID badge o r piggyback Try ea vesdrop pin g and There could be countless oth er social engineering techniques based on available inform ation s h o u ld e r surfing on system s and users and scope o f test A lw a ys scru tin ize y o u r testin g steps fo r legal issues >f >f Try to en ter fa c ility posing as a te chnician D o cu m en t a ll th e findings in a fo rm a l report o Copyright © by EG-G*ancil All Rights Reserved Reproduction Is Strictly Prohibited S o c ia l E n g i n e e r i n g P e n T e s t i n g : I n P e r s o n The success of any social engineering technique depends on how well a tester can enact the testing script and his or her interpersonal skills There could be countless other social engineering techniques based on available information and the scope of the test Always scrutinize your testing steps for legal issues The following steps to conduct social engineering pen testing in person ensure the full scope of pen testing S te p 17: Befriend employees in the cafeteria and try to extract information S te p 18: Try to enter the facility posing as an external auditor S te p 19: Try to enter the facility posing as a technician S te p : Try to tailgate wearing a fake ID badge or piggyback S te p : Try eavesdropping and shoulder surfing on systems and users S te p 2 : Document all the findings in a formal report M o d u le P a g e 9 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r S o c ia l E n g in e e r in g J S o c i a l E n g i n e e r i n g P e n T e s t i n g : S o c i a l E n g i n e e r i n g T o o l k i t f C U !z ( S E T ) The Social-Engineer Toolkit (SET) is an open-source P ython-driven tool aim ed at p en etratio n testing around social engineering E !‫־‬ imomm — The f i r s t •etbod w i ll allow SET to isport a l i s t of pre d e fii apo licatio ni that i t u t iliz e within the attack root@ bt:-# ro o tg b t: / p e n t e s t / e x p l o i t s / s e t # / s e t ms *etcne ae:hod * * ill completely clone a w ebilte o f ycor choosing and allow you 19 jtiU z e t*e attack vectors w itnio tre completely sane wet application you were attenpting to clone ###### ######## .## _##.## ## ## ## The th ir d ■etfcod allows yon to iaport your own website, role tha:_i ihoclrt only have an ind ei.h tal Wien using the inport website ftrtc t lo c a lity , ###### .###### ## ##.## ## # # # # # # # # #fftltttftlt 1tttft1t1t1t1t1t ## { ‫־‬I -T h e S o c ia l- E n a in e e r o o l k i t (SET) I c c p a t p d h V L - p l / u l Ke n e < j^ R c U IC L llltles w ithin SET I • ] to harvest credentials or parameters froa a website as w ell as place the• In ta a report Gao 11 1‫ ׳‬Clcnin^ The weosite: ttp s://g M l.cca >| This could take a l i t t l e b i t I tr7 \ c V css (rct*r«) to continue ) Social Eag.neer ro o lk u Credential Harvester Attack ,j credential Har/ester is rurwing on pert 80 1‫ ׳‬m roraatio• w ill be displayed to ycu as i t arrives below: https://www trustedsec com Copyright © by EG-G*ancil All Rights Reserved Reproduction is Strictly Prohibited S o c ia l E n g i n e e r i n g T o o l k i t P e n T e s t i n g : S o c ia l E n g i n e e r i n g ( S E T ) Source: https://www.trustedsec.com The Social-Engineer Toolkit (SET) is an open-source Python-driven tool aimed at penetration testing around social engineering The attacks built into the toolkit are designed to be targeted against a person or organization during a penetration test rootgbt:-# m»h i »n11

Ngày đăng: 14/04/2017, 09:33

Xem thêm: CEHv8 module 09 social engineering