We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
SAINTCON 2023 - Andrew Brandt (spike)- You're No George Clooney...
Social engineering attacks often go unnoticed until they're caught, but Andrew Brandt's SAINTCON 2023 talk reveals the shocking details of two undetected attacks that highlight the importance of caution and good security practices.
- The speaker shared a story about two social engineering attacks that went undetected for a while, until they were finally caught.
- The attackers used a fake CA certificate to sign their malware, making it look legitimate.
- The first attack used a poisoned zip file with a fake tracking number, which was sent to an accountant via email.
- The accountant was unaware that the zip file was malicious and downloaded it, which contained a PowerShell script that added a fake CA certificate to the Windows certificate store.
- The attackers used the fake CA certificate to sign their malware, which was then downloaded onto the target’s machine.
- The malware used SSL/TLS decryption to intercept and steal sensitive data, including financial information.
- The attackers also used a fake website to send the targets to a malicious URL, where they could download more malware.
- The second attack used a different technique, where the attackers sent an email with a malicious link that appeared to be a legitimate tracking number.
- The email was designed to look like it was from a legitimate shipping company, and the link was used to download a malicious zip file.
- The zip file contained a PowerShell script that added a fake CA certificate to the Windows certificate store, which was then used to sign the malware.
- The attackers used the fake CA certificate to sign their malware, which was then downloaded onto the target’s machine.
- The malware used SSL/TLS decryption to intercept and steal sensitive data, including financial information.
- The speaker emphasized the importance of being cautious when receiving unsolicited emails and attachments, and the need for good security practices.