Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

(Ntwork Security)-subject 1.29. A s we mentioned in the text, an apparently well

ID: 3663042 • Letter: #

Question

(Ntwork Security)-subject 1.29. A s we mentioned in the text, an apparently well-protected network could be brought down via an apparently minor trick. The following is a story shared by a reader of the first edition: "I am a system administrator for a large company with employees worldwide. My site produces sensitive hardware and software products. We have a very strong network security team keeping our network safe. However, about 2 years ago (i.e., in 2012), espionage hackers still managed to get into our network. As secure as our network was, the hackers used Outlook Web Access (OWA) to get into our net- work, retrieving a large volume of data in 2 days. The attack took the following steps: 1. They first collected information form media and by calling the company disguised as a sales person or government authority. They managed to retrieve email addresses from local users who were assigned to my site. employees to other employees. 3. They would send emails with Trojans only during off hours, so that the email recipient would use OWA at home to access their email and bypass the firewalls and network security protocols at work. The email spoofing was being done for about 2 weeks until a employee replied to the hacker, thinking it was an employee from a company laptop off hours. When e to bypass the firewall and get into the network. We had to make major changes to the network the employee returned to the office the next day the hacker was abl rom top down including the following: I. Removed all oWA installations.

Explanation / Answer

(a). Attacking technique used by attacker: Outlook Web Access

An attack in which hackers were able to launch a sophisticated advanced persistent threat attack is Outlook Web Access.

OWA is the service that offers remote access between Outlook and Exchange Servers deployments, and is typically configured to be available on both the internal network and the Internet. While security professionals are very much cognizant about protecting their domain-controllers, they generally fail to realize that a compromised OWA server can offer similar access.

According to the Cybereason report, hackers carried out an attack for months against an organization with 19,000 endpoints, resulting in the theft of credentials for more than 11,000 accounts. In this case, attackers made use of an initial set of stolen credentials to load a malicious and unsigned dynamic library onto the OWA server to open a backdoor.

The sophisticated attack saw the loading of a back-door version of the dynamic link library used to authenticate OWA connections, as well as the installation of an Internet server application programming interface filter for Microsoft's Internet Information Services to capture HTTP requests in plain text. Ultimately, the stealing of user credentials would have allowed the hackers to easily break into the organization again in the event that the initial infection is closed up.This configuration of OWA created an ideal attack platform because the server was exposed both internally and externally," Cybereason CTO and cofounder Yonatan Striem-Amit explained to Threatpost. "Moreover, because OWA authentication is based on domain credentials, whoever gains access to the OWA server becomes the owner of the entire organization's domain credentials."

While Cybereason went on to promote its products as being ideal to detecting these kind of attacks, security professionals should hopefully be able to come up with other mitigation strategies now that word is out on this new attack vector.

(b). Methods of identifying spoofing emails:

Tip 1: Don’t trust the display name
A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Return Path analyzed more than 760,000 email threats targeting 40 of the world’s largest brands and found that nearly half of all email threats spoofed the brand in the display name.

ip 2: Look but don’t click
Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in website address directly rather than clicking on the link from unsolicited emails.

Tip 3: Check for spelling mistakes
Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

Tip 4: Analyze the salutation
Is the email addressed to a vague “Valued Customer?" If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.

Tip 5: Don’t give up personal information
Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up.

Tip 6: Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”

Tip 7: Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.

Tip 8: Don’t click on attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

Tip 9: Don’t trust the header from email address
Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address. Return Path found that nearly 30% of more than 760,000 email threats spoofed brands somewhere in the header from email address with more than two thirds spoofing the brand in the email domain alone.

Tip 10: Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.

Related Questions

(NPV and IRR? calculation)??East Coast Television is considering a project with
Question #2822718
(N_columns - 1) (N_rows - 1) is the formula for the degrees of freedom for A) th
Question #3153960
(Need code) PSIM simulation : 3-level NPC inverter(SVPWM, PLL, C programming) Co
Question #2081782
(Need for Next question) (16.) Dizzy Corporation’s 10-year semiannual bond beari
Question #2773684
(Need help!!!!!) Write net ionic equations for the reactions that occur between
Question #1005509
(Need the solutions to these problems, not the answers) 1. A solution whose conc
Question #844163
(Need the solutions; I got the answers) pt 2 5. A sample of a pure compound (CH
Question #845842
(Need the solutions; I got the answers) pt 2 5. A sample of a pure compound (CH
Question #845980

Navigate

Previous
(Notice I wrote in the coefficient of kinetic friction is .3 on the right) A bod
Next
(Nuclear plant staffing problem) South Central Utilities has just announced the

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.