Wednesday, 25 May 2016

The 5 cyber-attacks you're most likely to face

The fact is most companies face the same threats and should be doing their utmost to counteract those risks. However at some point you may lose your precious data to a vicious cyber-attack, if you’re ever in this position, contact the experts at DLA for assistance!


Here are the five most common successful cyber-attacks.

Cyber-attack No. 1: Socially engineered Trojans

This is the No. 1 method of attack. Usually, a website will tell users they are infected by viruses and need to run fake antivirus software. Also, they're nearly out of free disk space and need a fake disk defragger. Finally, they must install an otherwise unnecessary program, often a fake Adobe Reader or an equally well-known program. The user executes the malware, clicking past browser warnings that the program could possibly be harmful. VoilĂ , exploit accomplished!

Cyber-attack No. 2: Unpatched software

Coming in a distant second is software with known, but unpatched exploits. The most common unpatched and exploited programs are Java, Adobe Reader, and Adobe Flash.

The best countermeasure is to stop what you’re doing right now and make sure your patching is perfect!

Cyber-attack No. 3: Phishing attacks

About 70% of emails are spam. Even though there are anti-spam vendors, you will probably receive several spam emails each day, and a least a few of them each week are darned good phishing replicas of legitimate emails.

Cyber-attack No. 4: Network-traveling worms

Computer viruses aren't much of a threat anymore, but their network-traveling worm cousins are. We don't see the massive outbreaks of the past with email attachment worms, but the network-traveling variety is able to hide far better than its email relatives.

Cyber-attack No. 5: Advanced persistent threats

APTs usually gain a foothold using socially engineered Trojans or phishing attacks.

A very popular method is for APT attackers to send a very specific phishing campaign -- known as spearphishing -- to multiple employee email addresses. The phishing email contains a Trojan attachment, which at least one employee is tricked into running. After the initial execution and first computer takeover, APT attackers can compromise an entire enterprise in a matter of hours. It's easy to accomplish, but a royal pain to clean up.

Wednesday, 18 May 2016

Never forget the victim (and their device)!

Regardless if your case involves computers, tablets, iPhones, Android devices or all of the above, one thing the investigative community can agree on is, every case is different.  

Sure, certain cases will follow a workflow pattern, but the circumstances of every case, the suspects/targets, investigators and victims all take on different faces, which can alter your approach to conducting digital forensic analysis in the case slightly or dramatically.  We’ve all seen a surge in criminal (and civil) cases involving smart phones and other mobile devices and with that comes the mountain of evidence that is contained on a those powerful pocket computers that can store up to 128 GB of data (or more).

But consider this: You may only be getting half of the story if the only device you seize and analyze is that belonging to the target of your investigation.

The digital forensic experts at DLA encourage anyone who needs data, SMS, WhatsApp, password recovery, and so much more, to contact them today!  

  • Case Application 

The best case example we can use to illustrate this point is the investigation of a rape allegation.  Rape doesn’t happen in a bubble, it takes two people (or more) for a rape to occur.  And virtually everyone involved in these incidents owns & uses a smart phone on a daily basis.  Frequently, rape occurs when the alleged perpetrator knows the victim, either in some sort of early-stage relationship, a family friend, relative, etc.  Because experienced investigators know this to be true and many reports will validate this, it is your investigative responsibility to prove or disprove the claim.  In order to help do that, you need to seize not only the target’s phone data, but also the alleged victim’s phone data – all as soon as possible.

The best (and sometimes worst) thing about mobile device forensics is, once the data is extracted, it belongs to the digital forensic examiners. It is a digital snapshot of whatever was present on the device at the time the extraction took place and, depending on the device, may also give us access to deleted information.  So in the interest of conducting a thorough investigation, I put forth that when an alleged rape victim makes the report, investigators should make it a regular and common practice to ask for consent to perform a data extraction on his/her phone.  It is simply the easiest way to get a 360-degree view of the case.

  • A More Holistic View of the Data

Consider also what happens in the mind of the target after they know they may have committed a crime.  Text and chat messages are deleted.  Pictures of the alleged victim get erased from the device.  They may even dispose of the device altogether and replace it with a new, fresh phone that has virtually no useful evidence contained on it.  

Wouldn’t it be nice if the other side of those conversations still existed on another device?  What’s more, by grabbing the data from the alleged victim’s phone, you work toward a more complete investigation of the allegation.  It is an unfortunate reality that there are often false reports of serious crimes.  This certainly doesn’t mean that we automatically assume the victim may be lying, but it is our responsibility to fully investigate the case to determine what actually happened.  Victims and eye witnesses are notoriously unreliable for different reasons.  When victims are subjected to trauma, their accurate recollection of the incident can suffer to a degree, so that puts even more oneness on the investigator to try and piece the puzzle together.

The best part about the data is it doesn’t lie.  It has a perfect memory and it’s all documented, complete with date and time stamps, GPS coordinates, network activity and other great pieces of evidence that are very hard to spoof or fake, if not nearly impossible for most mobile device users. 



Never forget there is always more than one person involved in the investigation. Grabbing the alleged victim’s cell phone data in this circumstance could mean the difference between an innocent person being convicted of a serious crime or being exonerated fully.  When all the facts have been completely uncovered, the truth must remain and will have to hold up in a court of law. 

Wednesday, 11 May 2016

The Anatomy of a Mobile Attack

A mobile attack can involve the device layer, the network layer, the data centre, or a combination of these. Inherent platform vulnerabilities and social engineering continue to pose major opportunities for cyber thieves and thus significant challenges for those looking protect user data.


If you’ve been the victim of a mobile attack, don’t hesitate – contact the digital forensic experts at DLA and we can help you recover your precious cellular data quickly and effectively.

ATTACK SURFACE: DEVICE

Browser
- Phishing
- Framing
- Clickjacking
- Man-in-the-middle
- Buffer Overflow
- Data Caching

System
- No Passcode / Weak Passcode
- iOS Jailbreaking
- Android Rooting
- OS Data Caching
- Passwords & Data Accessible
- Carrier-Loaded Software
- No Encryption / Weak Encryption
- User-Initiated Code

Phone / SMS
- Baseband Attacks
- SMishing

Apps
- Sensitive Data Storage
- No Encryption / Weak Encryption
- Improper SSL Validation
- Config Manipulation
- Dynamic Runtime Injection
- Unintended Permissions
- Escalated Privileges

Malware

ATTACK SURFACE: NETWORK

- Wi-Fi (No Encryption / Weak Encryption)
- Rogue Access Point
- Packet Sniffing
- Man-In-The-Middle (MITM)
- Session Hijacking
- DNS Poisoning
- SSL Strip
- Fake SSL Certificate

ATTACK SURFACE: DATA CENTRE

Web Server
- Platform Vulnerabilities
- Server Misconfiguration
- Cross-site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Weak Input Validation
- Brute Force Attacks

Database
- SQL Injection
- Privilege Escalation
- Data Dumping
- OS Command Execution

Wednesday, 4 May 2016

The Profile of a Cyber Criminal

The original cyber criminal is typically seen as a smart, lonely deviant – a teenage or adult male who’s long on computer smarts, but short on social skills. But like most stereotypes, it doesn’t begin to tell the whole story.


The digital forensic experts at DLA have provided interesting facts and statistics to identify the exact profile of a cyber criminal.

- Every day over 105 million worldwide are victims to cyber crime.
- 65% global internet users have been victims of cyber crime.

So, who exactly are these cyber criminals?

Ageless Society
  • 50+ years old – 11%
  • 35+ years old – 43%
  • Under 25 years old – 29%
  • 14 - 18 years old – 8%


Gender
  • Male – 76%


Work in Packs
Cyber criminals work in groups as part of larger organisations…
  • 25% active cyber criminal groups have operated for 6 months or less
  • 50% cyber criminals groups have 6 or more members


Located in
  • North & South America – 19% of global attack traffic
  • Europe – 28% of global attack traffic
  • APAC – More than 49% of global attack traffic
  • Indonesia – Highest in APAC with 14%


Highly Organised
  • Full-fledged businesses with execs, middle managers and workers.
  • Underground chat rooms, web portals + market places for hiring hackers, buying malware + other illegal information are supporting these “businesses”.
  • Invitation-only, help wanted portals specifically for cyber criminals, most originating from Russia.
  • Hosting providers are key to success of cybercriminals who need servers to store illegal code, malware + stolen data, most of these providers are in Russia and China.


FIGHT BACK!

Always
  • If buying merchandise or making a payment online, make sure it is a reputable, secure source.
  • Track your online credit transactions often for fraudulent activity
  • Shred, don’t throw away any bank or credit card statements

Caution
  • Be wary of providing credit card information through email.
  • Be cautious when dealing with individuals from outside your country.
  • Be cautious when money is required up front for any job lead.

Never
  • Never provide unknown prospective employers with your social security number.
  • Never give your credit card number out over the phone unless you made the call to the known business.
  • Never open or respond to spam emails.



We can’t stop cyber criminals from attempting their crimes, but we can stop them from getting our identities and precious information online.