topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 12:11 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Best Keyloger detector and other theories on how the deed could have been done  (Read 3115 times)

questorfla

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 570
  • Fighting Slime all the Time
    • View Profile
    • Donate to Member
A recent hack of the office email was done by someone who was sending emails from an Office 365 account belonging to one of the owners.  My personal bet is that they got access vie a simple matter of Social Engineering wherein the owner was tricked into giving her login and password to one of those ever-present Phishing emails from "Microsoft Security" telling you to log into your "secure access portal" by clicking a link that takes them into it through the hackers site while they log in with the hacker watching every entry. This allowed the hacker to reconnect later using what they learned and simply stay connected to the web portal  for that user.

The hacker created all kinds of mischief in that persons name by literally staying connected to their Outlook web portal and simply writing emails giving the company financial officers orders to send wire transfers to the hacker's banks.  But rather than deleting the conversations afterward, they kept then for some time in the drafts folder  The when they finally deleted them, i took a while to figure out what i need to recover were deleted draft emails. 

Neat trick and they got away with it for several few days before anyone noticed.  Even then, it took me a while to realize i needed to search for deleted "drafts".
 
Some people have suggested that a keylogger was involved but I think it was much simpler than that.  Still, I wouldn't mind running a few rootkit/keylogger scans to be safe.  I was wondering if anyone knew of some that might be the best to scan with. 

I have not dropped in at DC for some time, definitely not since the Holidays so I hope all at DC had a Merry Christmas and a Happy New Year for  2017.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
You could setup 2FA, and that would have the simple expedient of making a keylogger useless.

questorfla

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 570
  • Fighting Slime all the Time
    • View Profile
    • Donate to Member
That has been suggested by me before BUT.....
No one wants to deal wih the hassle due to the number of times used.  They can barely remember a Single password much less deal with 2 factor authentication.  But I 100% agre with you.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
I believe I've mentioned this before, but it sounds like they might be softened up enough - post breach - to pitch the Human Firewall idea to them.

It really does work.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
We test everyone in the organization and find the percentage of employees who are prone to phishing attacks. Next we train everyone on all major attack vectors, and keep sending simulated phishing attacks to everyone on very a regular basis.

For anyone else who didn't know what that term was.