Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Credential Stealing as an Attack Vector
Message
<blockquote data-quote="upnorth" data-source="post: 943889" data-attributes="member: 38832"><p>Article from 2016 by Bruce Schneier, but still very current and up to date 2021 as I personal stumble regularly over samples that either combine the attack vector of credential stealing, or actual seems to do that solely. I'll include the referred video ( also from 2016 ) with a talk from Rob Joyce, Chief, Tailored Access Operations, National Security Agency ( NSA ), that either one like them or not, know what they are talking about. Last link included, is a deep analysis on a very pesky/nasty credential stealing malware called Oski Stealer, that started to emerge in the news <a href="https://threatpost.com/oski-data-stealing-malware-north-america-china/151856/" target="_blank">beginning of 2020</a>. It also recently been tested in the Hub here on MT. </p><p></p><p></p><p>Quote : " Traditional computer security concerns itself with vulnerabilities. We employ antivirus software to detect malware that exploits vulnerabilities. We have automatic patching systems to fix vulnerabilities. We debate whether the FBI should be permitted to introduce vulnerabilities in our software so it can get access to systems with a warrant. This is all important, but what’s missing is a recognition that software vulnerabilities aren’t the most common attack vector: credential stealing is.</p><p></p><p>The most common way hackers of all stripes, from criminals to hacktivists to foreign governments, break into networks is by stealing and using a valid credential. Basically, they steal passwords, set up man-in-the-middle attacks to piggy-back on legitimate logins, or engage in cleverer attacks to masquerade as authorized users. It’s a more effective avenue of attack in many ways: it doesn’t involve finding a zero-day or unpatched vulnerability, there’s less chance of discovery, and it gives the attacker more flexibility in technique. Rob Joyce, the head of the NSA’s Tailored Access Operations (TAO) group — basically the country’s chief hacker — gave a rare public talk at a conference in January. In essence, he said that zero-day vulnerabilities are overrated, and credential stealing is how he gets into networks: “<strong><u>A lot of people think that nation states are running their operations on zero days, but it’s not that common. For big corporate networks, persistence and focus will get you in without a zero day; there are so many more vectors that are easier, less risky, and more productive</u></strong>.”</p><p></p><p>This is true for us, and it’s also true for those attacking us. It’s how the Chinese hackers breached the Office of Personnel Management in 2015. The 2014 criminal attack against Target Corporation started when <a href="http://www.cio.com/article/2600345/security0/11-steps-attackers-took-to-crack-target.html" target="_blank">hackers stole the login credentials</a> of the company’s HVAC vendor. Iranian hackers stole US login credentials. And the hacktivist that broke into the cyber-arms manufacturer Hacking Team and published pretty much every proprietary document from that company <a href="http://www.computerworld.com/article/3057678/security/hacker-tells-all-how-i-broke-into-hacking-team.html" target="_blank">used stolen credentials</a>. "</p><p></p><p>Full source: </p><p>[URL unfurl="true"]https://www.schneier.com/blog/archives/2016/05/credential_stea.html[/URL]</p><p></p><p>[MEDIA=youtube]bDJb8WOJYdA[/MEDIA]</p><p></p><p></p><p></p><p></p><p>[URL unfurl="true"]https://www.cyberark.com/resources/threat-research-blog/meet-oski-stealer-an-in-depth-analysis-of-the-popular-credential-stealer[/URL]</p></blockquote><p></p>
[QUOTE="upnorth, post: 943889, member: 38832"] Article from 2016 by Bruce Schneier, but still very current and up to date 2021 as I personal stumble regularly over samples that either combine the attack vector of credential stealing, or actual seems to do that solely. I'll include the referred video ( also from 2016 ) with a talk from Rob Joyce, Chief, Tailored Access Operations, National Security Agency ( NSA ), that either one like them or not, know what they are talking about. Last link included, is a deep analysis on a very pesky/nasty credential stealing malware called Oski Stealer, that started to emerge in the news [URL='https://threatpost.com/oski-data-stealing-malware-north-america-china/151856/']beginning of 2020[/URL]. It also recently been tested in the Hub here on MT. Quote : " Traditional computer security concerns itself with vulnerabilities. We employ antivirus software to detect malware that exploits vulnerabilities. We have automatic patching systems to fix vulnerabilities. We debate whether the FBI should be permitted to introduce vulnerabilities in our software so it can get access to systems with a warrant. This is all important, but what’s missing is a recognition that software vulnerabilities aren’t the most common attack vector: credential stealing is. The most common way hackers of all stripes, from criminals to hacktivists to foreign governments, break into networks is by stealing and using a valid credential. Basically, they steal passwords, set up man-in-the-middle attacks to piggy-back on legitimate logins, or engage in cleverer attacks to masquerade as authorized users. It’s a more effective avenue of attack in many ways: it doesn’t involve finding a zero-day or unpatched vulnerability, there’s less chance of discovery, and it gives the attacker more flexibility in technique. Rob Joyce, the head of the NSA’s Tailored Access Operations (TAO) group — basically the country’s chief hacker — gave a rare public talk at a conference in January. In essence, he said that zero-day vulnerabilities are overrated, and credential stealing is how he gets into networks: “[B][U]A lot of people think that nation states are running their operations on zero days, but it’s not that common. For big corporate networks, persistence and focus will get you in without a zero day; there are so many more vectors that are easier, less risky, and more productive[/U][/B].” This is true for us, and it’s also true for those attacking us. It’s how the Chinese hackers breached the Office of Personnel Management in 2015. The 2014 criminal attack against Target Corporation started when [URL='http://www.cio.com/article/2600345/security0/11-steps-attackers-took-to-crack-target.html']hackers stole the login credentials[/URL] of the company’s HVAC vendor. Iranian hackers stole US login credentials. And the hacktivist that broke into the cyber-arms manufacturer Hacking Team and published pretty much every proprietary document from that company [URL='http://www.computerworld.com/article/3057678/security/hacker-tells-all-how-i-broke-into-hacking-team.html']used stolen credentials[/URL]. " Full source: [URL unfurl="true"]https://www.schneier.com/blog/archives/2016/05/credential_stea.html[/URL] [MEDIA=youtube]bDJb8WOJYdA[/MEDIA] [URL unfurl="true"]https://www.cyberark.com/resources/threat-research-blog/meet-oski-stealer-an-in-depth-analysis-of-the-popular-credential-stealer[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top