Blog > Incident Response

Unusual Cyber Attacks

IT staff and cybersecurity specialists who don't work on incident response cases tend to underestimate thackers level of creativity. When a hacker knows you have data they are interested in, they will go to great lengths to try and get it.

In a series of posts, we're going to show you some unusual incidents we've seen. These cases show how capable hackers are of finding ploys and being creative to achieve their goal.

You can't protect yourself against an enemy you don't know. Welcome to our unusual cases.


Unusual Case 1: exfiltration of credit card data via images

In one incident, the hacker exfiltrated data by making it look like he was trying to view images on a remote website.

The volume of image viewing requests was very high and all requests failed which was odd.

Further analysis showed that each image name was actually a credit card number to which the hacker added the .gif extension.

Obviously these images did not exist on the site itself, but that did not matter to the hacker. Each attempt to view the image was recorded in the log file of the hacker's web server (web servers record all communications from Internet users).

After his malicious action, the hacker only had to consult the logs of his web server to extract all the data.


Clever?

Even the information leakage detection systems (DLP) that are supposed to detect and block sensitive data outflows will not see it.

How do you protect yourself against such an attack?

If you don't regularly monitor your network security, you'll never be able to detect such an attack. The key:

  • Detecting cyber attacks and suspicious or abnormal behavior in the network (via an IDS/IPS such as Streamscan's CDS).
  • 24/7 monitoring of your network security (hackers don't take vacations or have weekends).
  • If you don't have a If you don't have an internal cybersecurity team, Streamscan's MDR is the best solution for you.
  • Managing security vulnerabilities in your network



Unusual case 2: Smile, you control the hacker's computer and you're about to be the victim of a fraud

In a case of an observed incident that led to a financial fraud, the hacker set up a rather creative scheme. After preparing for several days, by contacting a person in the finance department and confirming with them the name of the company's bank, he made them believe that their bank was working on a new version of a website and that the best customers were chosen to test the site first. A date was then confirmed for the demo which would only take a few minutes.... which would prove to be fatal for the user.

On the day, the hacker sent a link to the user so that he could test the new application in a secure environment. The rest of the communication was done via phone.

In reality, the hacker prepared his personal computer to be controlled remotely and when the user clicked on the link he received, he took control of the hacker's computer. On the phone, the hacker asked the user to launch the web browser available on the desktop, go to the website to be tested, then enter his login and password, etc.

All the while, the hacker was watching everything the user was doing on his screen. The user had no idea that the hacker was watching what he was doing, which made him let his guard down.

The user's login and password were recorded on the hacker's computer, which later allowed him to log into the company's bank website and attempt to make a 6-digit wire transfer. Fortunately, the bank found the transaction suspicious enough and alerted the victim company. This resulted in the transfer being blocked.


Ingenious?

I don't need to tell you about the user's shock when we presented him with the scenario he was the victim of. He took a few days of sick leave.

How to protect yourself against such an attack?

  • Humans remain the weakest link in cybersecurity. Make your users aware of the risks of phishing, and stress the risks of fraud to staff working in finance and senior management.
  • Limit the use of administrator rights by users. This scenario required the installation of an agent on the victim's computer and administrator rights were required for this.
  • 24/7 monitoring of his network security (hackers don't take vacations or have weekends). If you don't have an internal cybersecurity team, Streamscan's MDR is the best solution for you.


Need Help? StreamScan is Here.


Whether you need help conducting a security audit, developing a security plan, or implementing a Managed Detection and Response solution, StreamScan has experts with years of experience in the manufacturing sector who can help. Get in touch with us at smbsecurity@streamscan.ai or call us at 1 877-208-9040.