Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2012-04-07 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Phising and client side attacks, the future?

Published: 2012-04-07
Last Updated: 2012-04-07 01:13:46 UTC
by Mark Hofman (Version: 1)
5 comment(s)

I've been involved in a few penetration tests recently and one thing that seems to be happening is that privileged access is harder to come by.  It used to be start at 9 have admin by 9.30 (on a slow day). Today it certainly tends to be a lot more work. 

I put it down to improvements in security over the last few years in many organisations as well as improvements in operating systems. Love it or hate it Windows 7 does a pretty good job of securing the machine. Combined with some practices like no local user admins, automatic patching and a decent HIPS it can be quite a challenge to compromise a fully patched and well managed Windows box.  OSX similarly has made some steps towards improving the security of the OS (If only they turned the firewall on by default :-(  ).  So if the operating system is pretty good and likely to get better, the attack vectors have to shift.  Which is where client side attacks enter the picture.  Get the user to attack their system for you.

We have had some good examples of this in the past year where sites were reportedly compromised because someone clicked something they should not have, likely delivered via email.  Just like the wooden horse the gift was accepted (phising email) and the trojan has the nasty surprise.

So on this, for many of you long weekend, I'd like you to have a little think and maybe complete the poll on the page or enter comments here. Phising/social engineering emails and client side attacks, something we are going to see a lot more of in the future or a passing fad?

Have a nice Easter for those that celebrate it.  Have a great weekend for those that do not. 

Cheers

Mark

Keywords:
5 comment(s)
Diary Archives