What are some of the more unusual strategies hackers use to target and steal from businesses? originally appeared on Quora: the place to gain and share knowledge, empowering people to learn from others and better understand the world.
Criminal hackers are anything if not creative. In just the past year we’ve seen a number of brazen and creative attempts, many successful, targeting our policyholders:
- It’s not uncommon to see hackers target and impersonate CEOs, particularly for the purposes of socially engineering the CEO’s subordinates to make funds transfers. However, in one particularly creative effort we recently saw, the hacker impersonated a CEO and convinced an employee charged with payroll to update the CEO’s own bank account information with that of the hacker. It was only several months later, after not receiving a paycheck, that the CEO realized what happened!
- Perhaps the most technically creative hack I’ve seen started with a video camera and security system installed inside a concrete wall outside the entrance of one our customers. Software on the video camera, exposed through the company’s Internet Gateway, was riddled with vulnerabilities that hackers ultimately used to gain root access. Even worse, a Google search of the video camera model included a result with the full source code of the camera’s software. Having gained root access on the camera, the hackers loaded their tools and used the camera (lodged in the concrete wall!) as a means to ARP poison the company’s local network and move laterally into the rest of the company’s computer systems. In doing so, the hackers were able to take advantage of software used by the company’s IT staff to remotely login to employee’s machines for diagnostic purposes, to gain remote access to all computer systems in the network. With this access the hackers had everything, including access to text messages delivered through iMessage, e-mail, password managers, etc. This access was ultimately used to steal a large sum of money, defeating the second factor of authentication the company’s bank required (a code sent via a text message). And it all began with a video camera installed outside their office.
- One of the most cruel hacks we’ve recently witnessed is a hack within a hack. First the hackers hit the company with ransomware, encrypting and rendering unusable all of the company’s data. To add insult to injury, the ransom request built into the ransomware demanded payment through PayPal. However, the link from the ransomware to PayPal didn’t launch the real PayPal site, but a phishing site designed to look like PayPal to steal the individual’s PayPal credentials on top of the ransom. Talk about being greedy!
- And finally, sometimes hacks are even inspired by television shows. Straight out of the hit Netflix show, Black Mirror, we observed one hacking group using compromised credentials from other data breaches that had already been made public to trick individuals into believing that, by virtue of having access to a password that individual had used in the past, that their computers and webcams had been hacked, capturing embarrassing footage of the victim. Unless the victim paid a ransom, the hackers threatened to release the footage. Even though it was completely a farce, many of our customers reached out in a panic.
And these are just the unusual strategies we see where the motive is financial!
This question originally appeared on Quora – the place to gain and share knowledge, empowering people to learn from others and better understand the world. You can follow Quora on Twitter, Facebook, and Google+. More questions: