Ever have the feeling that someone is looking over your shoulder? For those who have experienced a CyrptoLocker attack, it's likely the cyber-criminals were “looking over your shoulder” while you were working.
At a recent industry event, there was a live hacking demonstration. The victim in the demonstration went to what looked like a real business website, and was instructed to install a plug-in to access part of the website. Once the plug-in was installed, the criminals command console had a pop-up letting him know that they had a new victim. The criminal initiated some additional software installs, and within five minutes had full control of the victim’s computer. The criminal used a screen sharing tool like LogMeIn or TeamViewer to watch what the victim was doing. Other tools inventoried the system and logged key strokes. During this phase of an attack, the criminals are actively engaged on the victim’s computer and network trying to figure out the most profitable way to exploit the victim.
Just for fun, the criminal noted that the victim had a camera attached to his computer. A few clicks and command entries had the victim’s camera streaming to the criminals monitor.
Not only was the criminal watching and recording activity on the victim’s desktop, but they were also watching the victim through the camera. The criminal wasn’t just “looking over the shoulder”, they were staring at the victim’s face.
In a typical attack, the cyber-criminal will survey the network looking for resources to encrypt with the authorization level of the user account they now control. If they were fortunate enough to take over an account with administrator rights, the cyber-criminals would encrypt everything, including all of the computers on the network. The end result would be a zombie network doing little more than flashing signs to contact the cyber-criminal via email or other means to find out the ransom. If the user account was a typical user account with few rights, the cyber-criminal would have to settle for encrypting available network shares as well as the computer they took over.
If you are going to encrypt a network, when is the best time to do it? The encryption process can run many hours, and even days for networks with lots of data. Cyber-criminals time their attacks to happen over a weekend to maximize the damage. They pick a time when no one is in the office watching so their evil software can do the most damage. A good Monday morning for us at DeckerWright is no CryptoLocker virus over the weekend!
The battle with cyber-criminals is ongoing. We continue to improve our defenses and early warning systems, and the criminals keep coming up with new attack technology and processes. The feeling you may have that someone is watching may be more true than you imagine!
Click HERE to see a live hacking demonstration.