Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on April 30, 2007 8:18 AM.

The previous post in this blog was Research indicates phishing attack victims might be as high as 11%.

The next post in this blog is Phishing sites down faster.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« Research indicates phishing attack victims might be as high as 11% | Main | Phishing sites down faster »

Context aware attacks

Nick Sullivan, a researcher at Symantec, wrote a blog last week "Pre-Phishing Recon for Context-Aware Attacks" that describes what I think is the future of many online attacks. Criminals are starting to do more homework on the victim and target their attacks.

Nick's blog outlines one approach "pre-phishing recon attack". His blog describes it as follows:
"
This is a mass mailed generic phishing attack targeting a popular non-critical site. A site is considered non-critical if access does not give an attacker an immediate financial payoff. Examples of non-critical sites are Web-based email accounts and social networking sites. In the blog entry "Attack of the Facebook Snatchers", I discussed how a generic phishing attack might be performed on the social networking site Facebook. If the pre-phishing recon attack is successful, the phisher obtains two important pieces of information: the victim’s username/password for the site, and knowledge that the victim is likely to fall for a context-aware phishing attack.

The phisher can also determine which sites have been visited by the victim by implementing the CSS history hack that I discussed in "Revealing Web History without JavaScript" into the phishing Web site. The attacker can check to see if the victim used other social networking sites, Web-based email, online banking, or online retailers. Once the phisher knows which online services the victim uses, they can pick a particularly juicy target for their directed phishing attack and decide on a course of action.

This list of sites also makes the task of information gathering much easier for the attacker. Since many people use the same user name and password for many of their online activities, this list can provide phishers with places to try the stolen account. These other sites may contain more personal information that can be useful for context-aware phishing attacks. The phisher could also use the same password to gain access victim’s email account. Email accounts are especially useful because many online services have a "forgot password?" option that creates a new password and sends it to the user’s email address.
"
He then goes on to note that this process can be automated to help criminals extend their reach. I believe that the use of social websites as an underlying means of targeting commercial and other enterprises will rapidly grow this year. Social websites offer the criminal an easy way to obtain identity and authentication information.

Read the blog to understand the mind and future techniques of your potential attackers.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com

Posted by Guy Huntington on April 30, 2007 8:18 AM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/221

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)