16-社会工程学攻击的应急处理(ramses m)

《16-社会工程学攻击的应急处理(ramses m)》由会员上传分享，免费在线阅读，更多相关内容在行业资料-天天文库。

1、IncidentResponsetoSocialEngineeringAttacks:DomainHijackingRamsesMartinezDirectorofInformationSecurityDate:September19,2010BackgroundMoreandmoreattacksareexploitingbusinesslogicusingsocialengineeringattacks.▪Lowtechinnature▪Leverageexistingprocessesorsystems▪

2、Targettheweakestlinkinthesecuritystack,thehumanWhy?▪SocialEngineeringattacksaredifficulttodetectandguardagainst▪Traininghelps,butisnottheonlysolutionIncidentResponseProcess1.Preparation2.Detection3.Containment4.Eradication5.Recovery6.FollowUpIncidentOverview

3、NotsomuchadomainhijackingasanattempttohijackaRegistrarNormallytheregistrantisthetarget,inthiscasetheprimarytargetweretheregistrarsandregistries.Initialscope▪Tworegistrars▪Finalobjective:–ControlofregistrarsregistryaccountCaseStudyTarget:–Registryaccountfortw

4、olargeregistrars,thiscouldhaveplacedhundredsofthousands,ifnotmillionsofdomainsunderthecontroloftheattackerDuration:5daysHighlights:–Attackerengagedmultipletimesinthecourseofattack–Multiplefalsedocumentsprovided:•Fakecompanyletterhead•FakeUSpassport–Attackeru

5、sedmultiplemeansofcommunicationwithcustomerservicerepresentatives:•OnlineChat•Phone•Email•Socialnetworks▪Greatexampleofindustrycollaborationonasecurityissue▪ConnectiontonationstatesponsoredattacksAttackChronologyTheAttackinSummaryFinalscopeofattack▪Tworegist

6、rars,threeregistriestargeted▪Objectivebelievedtobecontrolofregistrarsregistryaccount,notjustasimpledomainhijacking▪BelievedtobelinkedtotheIraniangovernmentsattackagainstdissidentprotestersAnalysisofattack(notperformedbyanamateur)–Knewtheprocessfortheregistry

7、transactionsindetail•Howtocontact:Wheretocall,chat,etc.•Whatcredentialswouldbeneededforthechangesrequested•Whatproofofidentitywouldberequestedbytheregistry•Nameandtypesofapplicationsusedfortransactions•Createdhardtotraceinfrastructurefortheattack:–Compromise

8、dsystems–VoiPlinesTheAttackinSummary+Attackerhadin-depthknowledgeofprocessbusinessprocessesatregistrarandregistry▪Namesofallpointsofcontact▪Pointsofcontactlocation,timezone▪Picturesofpointsofcon