Credential phishing is a type of email-based attack that uses malicious web forms mimicking legitimate websites to steal the victim’s login credentials. Potentially targeted credentials can include any web-based service, including:
Microsoft Outlook Web Access (OWA) and other corporate web-based email services
Cloud-based sync and sharing services (e.g., DropBox, Box)
Online shopping (Apple ID, Amazon, etc) and loyalty program logins
The credential phishing site frequently appears to be a perfect copy of the targeted website, and as a result a quick visual scan by the victim does not arouse suspicion. However, the domain in the URL will be under the attacker’s control, rather than owned by the targeted organization, and may indicate that the site is not legitimate.
Credential phishing is one of most successful social engineering technique to target larger organizations.
The following facts, statistics, and trends will help you realize how imminent the ransom threat is to your business and personal life.
Some hackers even corrupt and delete a company’s files while they await the ransom payment, just to show that they’re serious. Regardless of the cyber criminal’s ultimate actions, the actual cost of ransomware goes beyond just the payout.
Let’s consider a scenario in which you as security analyst needs to investigate if a particular endpoint (laptop, desktop or server) has downloaded a malware flash player. Let’s assume you have endpoint protection in your organization and you have received an alert regarding downloaded malware in ‘X’ Machine.
In most of the cases, you would get enough details in endpoint protection software itself however if you are interested in knowing malware behaviour or what is this new malware does then you would following steps:
Download fake malware flash player from virus total and also download authentic flash player from adobe site. You can find malware from virus total as well but that is premium service.
Open two command prompts side by side and type command like below image. In below snapshot, I have shown how to find metadata info about any dmg file.
You can check the same code sign information on fake dmg file and compare it. You will get to know a lot of details.
Another method malware vs real Mac OS App
Another good method is to check contents of app. Basically, you have to compare folder & files within each Mac OS application In order to do that follow below steps:
Open malware & authentic app by double click and in Mac OS finder windows. Once it is open it like below image..
Right click on app and use “Show Package Contents”. Do it same for authentic app too and compare the folder structure.
This is a bit of forensics about how to extract metadata & details about malware. I hope this helps.
As we all know that if cyber crime is country, it may Be the World’s Third-Largest Economy by 2021 and it is interesting to see how organize cyber crime is evolving. There is an article published last month which explains how cyber crime is a big business & how cyber criminals are build from HR, Finance, Project management departments to get things done.