42
IT
THE VECTORS
A successful cyber-attack will
generally rely upon an intrusion
vector to gain access to a victim
organisation, the most common
vectors to gain access to a
system are:
• Emails sent with malicious
links and or attachments
• Fake or manipulated
websites that download
viruses
• Interaction with removable
media
• Unsecured wireless hotspots
• Weak passwords
• Direct Breach (System
Vulnerabilities)
• Exploitation of natural
human behaviours
Emails sent with malicious links and or attachments
Often referred to as Phishing emails, these emails are
sent en-masse to unsuspecting recipients and are
designed to instil a sense of urgency in the reader to
perform an action that they may not ordinarily do
and that action is to act without thinking. To achieve
this there is often some degree of urgency or an
overriding curiosity written into the content of the
email to click an attachment or on a link. Contained
in this attachment or link is cleverly disguised
software that installs on your device. The programme
stays dormant until it detects a pre-set trigger to
execute its payload. This payload can be one of a
number of attacks, but commonly the payload is
ransomware to extort, keystroke loggers or screen
grabbing software to allow the theft of personal
information, financials and passwords – all of which
allow unauthorised access to your systems.
Common examples are emails purporting to come
from a regulator such as the tax office or Roads
Authority threatening legal proceedings if the
breaches outlined in the attachment are not paid
in full before a certain date.
A second form of phishing emails exists under the
name of spear-phishing and these emails utilise
social media or organisational websites to harness
a particular facet about the recipient to induce the
reader to click and execute the payload. These often
are written as “I can’t believe what they are saying
about you on Facebook” or “Did you see what they
said about your organisation on Twitter” etc.
Fake or Manipulated Websites
The threat from fake, cloned or manipulated
websites can attack your business from two
angles, firstly your staff can access such a site and
download software that can intrude or cripple your
cyber systems or alternatively other consumers
or users of your website can unwittingly access
a fake or cloned version of your website to allow
malicious software to be installed.
Secondly fake website s can be created for
payment interception, such as a rate holder
paying rates on a cloned council website which
allows the harvesting of personal / financial
GOVLINK » ISSUE 2 2017
data to take place or even legitimate funds to be
channel to off shore financial repositories.
An intrusion targeted towards an American corporate
renown for having robust cyber protection was
achieved through the use of a cloned website of a
Chinese Restaurant regularly used by the corporation
to dine clients. In this case the bad characters cloned
the restaurant’s website and hid executable code in
the menu of the subject restaurant, so that when the
employees of the corporation clicked on the menu
the code was downloaded to their device and laid in
wait until triggered.