24 Jan, 2021

Phishing Attack and CryptoLocker

Aim 

What an attacker would use to hack the victim's computer with a 5 step phishing email to raise awareness by explaining how easy it is to encrypt and demand ransom.

PHASE 1: Generate Malicious> The attacker creates a malicious Microsoft Office document.

PHASE 2: Spreading the Pest by Email
The malicious document created by the attacker is being listened to.
The attacker is editing the website for the malware.
Attacker copies a bank's email template.
Attacker copying a bank's email template. (above keep the same subtitle)
Redirects link in offensive email to malicious software.
The attacker sends the email to the targeted email addresses .
Attacker expects victims to click on the link.
Victimone of opens malicious email and clicks on the link inside.

PHASE 3: Remote Access> The attacker is running code remotely on the victim's system for encryption.

PHASE 4: Encryption
The attacker encrypts all files on the victim's computer.

PHASE 5: Ransom Request> Attacker from victim to restore encrypted files bitcoin.

Lessons Learned

Spelling Rules: While paying attention to spelling rules in e-mails from a corporate company, an attacker can make mistakes at this point.
Fake Links: No corporate company asks you to provide your password, credit card number (especially expiration date, CVV information) or TC does not request your ID card information via links in the e-mail.
Psychological Expressions: Kin the message sent to the victim, there may be expressions that activate the victim. For example, “You must confirm your email within 2 hours!”.
Bender Links: It's the easiest form of attack, but it works great. An attacker can deceive the victim by creating a link very similar to a corporate company's web address. For example: “instead of oguzbank.com oguzbank.corn
E-Mail Templates:Corporate companies pay close attention to their email templates. While playing on these email templates, the attacker misplaced things or turned the eyeninto a format that would seem inappropriate to you


[vc_row][vc_column][vc_cta h2=”” add_button=”bottom” btn_title=”Teklif Talep Edin” btn_style=”flat” btn_shape=”square” btn_color=”danger” css_animation=”fadeInLeft” btn_link=”url:https%3A%2F%2Fcyberartspro.com%2Fteklif-isteme-formu%2F||target:%20_blank|”]Siber Güvenlik, Dijital Dönüşüm, MSSP, Sızma Testi, KVKK, GDPR, ISO 27001, ISO 27701 ve DDO Bilgi ve İletişim Güvenliği Rehberi başlıklarıyla ilgili teklif almak için lütfen tıklayın.[/vc_cta][/vc_column][/vc_row]

 

About Content:
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram