Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
News
Security News
Hackers strike Australia's largest pension funds in coordinated attacks
Message
<blockquote data-quote="Victor M" data-source="post: 1121945" data-attributes="member: 96560"><p>It depends on how the attacker gained the foothold. The most obvious best way is to get hold of the tech admin account. Then he would have access to all accounts the admin is looking after. Another good way is to break the web code of the pension fund's access server. Once he gets in that way, the attack would again have access to many accounts. Another credential based attack vector would be to get hold of the clerical admin account. If the pension fund has an cell app, the attacker could reverse engineer the app. Or the attacker could monitor or capture the network traffic of a customer and forge his way in. Or it could be supply chain attack ............ There are many different ways to get in, and they all involve a bunch of accounts.</p><p></p><p>I think you read The Hacker News; I think you posted a link one time if I remember correctly. It is not the number of people affected nor the amount stolen or ransomed for that is interesting. The interesting thing about them is that they always provide a link to the source security researcher. You can read That long article, and gain insights to the TTPs of attackers.</p></blockquote><p></p>
[QUOTE="Victor M, post: 1121945, member: 96560"] It depends on how the attacker gained the foothold. The most obvious best way is to get hold of the tech admin account. Then he would have access to all accounts the admin is looking after. Another good way is to break the web code of the pension fund's access server. Once he gets in that way, the attack would again have access to many accounts. Another credential based attack vector would be to get hold of the clerical admin account. If the pension fund has an cell app, the attacker could reverse engineer the app. Or the attacker could monitor or capture the network traffic of a customer and forge his way in. Or it could be supply chain attack ............ There are many different ways to get in, and they all involve a bunch of accounts. I think you read The Hacker News; I think you posted a link one time if I remember correctly. It is not the number of people affected nor the amount stolen or ransomed for that is interesting. The interesting thing about them is that they always provide a link to the source security researcher. You can read That long article, and gain insights to the TTPs of attackers. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
