Hackers don’t need sophisticated tools to steal your data. Most of the time, they can walk through the front door. Someone will click on a link or download an attachment from a phishing email, or they will forget to update their software, or they will use a weak password (please don’t make your password 12345). Hackers like the low-hanging fruit. Why do double the work for the same reward?
But sometimes, hackers do employ some sophisticated tools and techniques that seem like they were ripped from a movie. Two recent breaches come to mind. One involved some sophisticated malware, and the other, some good old fashioned (and masterfully executed) social engineering.
Back in April, security researchers from Trustwave SpiderLabs made a startling discovery while conducting a routine threat hunt for a client, a technology vendor that serves the U.S., the U.K. and Australian defense sectors. They came across some malware that gave attackers a secret backdoor from which they could execute Windows commands or install ransomware, trojans, or other malware remotely. Security researchers who discovered the malware said that the malware leverages three layers of persistence. In other words, the virus used three different mechanisms to ensure it was not permanently deleted, should someone discover and remove it. If someone deleted the virus, it would trigger another instance to install itself. If that instance or both were deleted, a third mechanism would download and install the malware automatically.
After some digging, security researchers were able to determine that the malware was hidden in Aisino Intelligent Tax Software, which is used to pay local taxes. The client installed the software — which researchers said worked as advertised — at the behest of the victim’s bank in China. Trustwave was not able to “confidently attribute GoldenSpy to a specific threat actor group.”
Without a doubt, the Chinese market represents an excellent growth opportunity for Western companies. But that expansion comes with certain risks (like cybersecurity threats). The researchers from Trustwave said, “the full scope of this threat is currently unknown,” and other companies that do business in China should launch an investigation into whether or not they are infected with GoldenSpy.
Social engineers dupe Twitter
And now in the last few days, hackers pulled off a coordinated social engineering attack — the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes — to steal the credentials of Twitter employees who had access to the company’s internal systems. From there, the attackers were able to gain access to several prominent Twitter accounts, including Barack Obama, Elon Musk, Joe Biden, and Bill Gates. In what looks like it was merely — hopefully — a Bitcoin scam, the hackers used the hijacked accounts to send this Tweet: “I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes.” According to the New York Times, the hackers were able to make $118,000 in three hours before Twitter was able to contain the problem.
It is unclear exactly what social engineering techniques the hackers used to infiltrate the accounts of Twitter employees. But there is a lot of personal information out there on Facebook, LinkedIn and Twitter. Once you have learned enough information about your target, it’s not a big leap to crafting a scheme to get them to divulge enough information to get their passwords.