Main Area and Open Discussion > General Software Discussion

Best Keyloger detector and other theories on how the deed could have been done

(1/1)

questorfla:
A recent hack of the office email was done by someone who was sending emails from an Office 365 account belonging to one of the owners.  My personal bet is that they got access vie a simple matter of Social Engineering wherein the owner was tricked into giving her login and password to one of those ever-present Phishing emails from "Microsoft Security" telling you to log into your "secure access portal" by clicking a link that takes them into it through the hackers site while they log in with the hacker watching every entry. This allowed the hacker to reconnect later using what they learned and simply stay connected to the web portal  for that user.

The hacker created all kinds of mischief in that persons name by literally staying connected to their Outlook web portal and simply writing emails giving the company financial officers orders to send wire transfers to the hacker's banks.  But rather than deleting the conversations afterward, they kept then for some time in the drafts folder  The when they finally deleted them, i took a while to figure out what i need to recover were deleted draft emails. 

Neat trick and they got away with it for several few days before anyone noticed.  Even then, it took me a while to realize i needed to search for deleted "drafts".
 
Some people have suggested that a keylogger was involved but I think it was much simpler than that.  Still, I wouldn't mind running a few rootkit/keylogger scans to be safe.  I was wondering if anyone knew of some that might be the best to scan with. 

I have not dropped in at DC for some time, definitely not since the Holidays so I hope all at DC had a Merry Christmas and a Happy New Year for  2017.

wraith808:
You could setup 2FA, and that would have the simple expedient of making a keylogger useless.

questorfla:
That has been suggested by me before BUT.....
No one wants to deal wih the hassle due to the number of times used.  They can barely remember a Single password much less deal with 2 factor authentication.  But I 100% agre with you.

Stoic Joker:
I believe I've mentioned this before, but it sounds like they might be softened up enough - post breach - to pitch the Human Firewall idea to them.

It really does work.

wraith808:
We test everyone in the organization and find the percentage of employees who are prone to phishing attacks. Next we train everyone on all major attack vectors, and keep sending simulated phishing attacks to everyone on very a regular basis.

--- End quote ---

For anyone else who didn't know what that term was.

Navigation

[0] Message Index