Campaign Alert: You (almost) have been compromised!
Modern trends in BEC attacks seen in the wild by Perception Point
1
Share the joy
The Fibonacci Backdoor.
Perception point detected an attack sent to users via email. The backdoor grants the attacker control to remotely execute commands on the compromised computer. The infection process is as following
The email with the attached .tar file
After extracting the script file and executing it, the user will be prompted with the Fibonacci sequence.
Obviously this is a deceptive message because the script continues to run in the background awaiting commands..
The script that runs sends a message to a server controlled by the attacker and waits for a response. The response the script receives is “go to sleep for 8 seconds and ask again”. The script waits and askes again. The issue here is the fact that the attacker can change the response in the server at any time and when he does the script will receive malicious commands and execute them. As long as the server is up the script will forever provide access to the attacker.
The Untrusted Trustee.
A malicious attachment was caught in an email to a Perception Point protected mailbox, in most companies that would be the end of the story, and in some they will also provide an investigation of the payload. However, by leveraging email history data collected when protecting the entire organization, we were able to spot that the display address and name belonged to a business partner of the company with whom regular communication was conducted over the past two and a half months. Further, we were able to spot all the spoofed emails sent to 7 different addresses within the organization from 8 different IPs, including some with none malicious payload.
The attacker somehow knew about the relationship between our client and the business partner, and was targeting the specific person who was in contact with the business partner. By doing so, he was able to leverage the trust that existed between the two parties in order to carry out his malicious intent; be it malicious documents, links or social engineering.
In conclusion, the average user will find it very hard to distinguish these types of attacks from normal daily communications requiring the IT to leverage advanced technologies that deeply inspect communication channels across the digital-first enterprise.
Share the joy
you may also like
Try Our
Solution Out
Connect with our team to:
* Learn more
* Get a live demo
* Get a quote
* Set up a free 30 day trial
We will respond to your enquiry within 24 hours.
Stay a step ahead
Research & News.
read more
May 27, 2019
Campaign Alert: You (almost) have been compromised!
Modern trends in BEC attacks seen in the wild by Perception Point
Perception Point Incident Response
May 27, 2019
read more
May 13, 2019
Incident Report: A Combined Attack
Perception Point spotted an attack that combined numerous attack techniques
Perception Point Incident Response
May 13, 2019
read more
May 8, 2019
Incident Report: Statement of Account
Learn more about a widespread campaign tricking users into opening a fake statement of account.
Perception Point Incident Response
May 8, 2019
Show more
68 Articles