A new wave of phishing attacks that utilize spam to distribute links to phishing sites were found to be installed and hosted on the personal computers of residential broadband customers. Such a new trend named as 'Phish@Home' was noticed in the first quarter of 2014 by PhishLabs - a leading provider of cybercrime protection and intelligence services.
What are we talking about...
By scanning the residential service IP address space, attackers exploit individuals who have (1) enabled the remote desktop protocol (RDP) service on Microsoft Windows and (2) use a weak password. The attackers then install PHP Triad (free, open-source, web server software) and upload a number of different phishing pages. Links to the phishing sites (usually financial institutions and payment websites) are sent out via spam email messages.
By scanning the residential service IP address space, attackers exploit individuals who have (1) enabled the remote desktop protocol (RDP) service on Microsoft Windows and (2) use a weak password. The attackers then install PHP Triad (free, open-source, web server software) and upload a number of different phishing pages. Links to the phishing sites (usually financial institutions and payment websites) are sent out via spam email messages.
This trend is highly significant, as phishing sites hosted on compromised personal home computers are more likely to have a longer lifespan than those located in a traditional hosting environment. (The hosting provider's terms of service typically enable them to quickly shut down malicious sites; Internet service providers (ISPs), on the other hand, have little control over customer-owned home computers linked to the ISP by residential broadband networks.)While RDP is turned off by default on desktops with modern versions of Windows, it was found that the many individuals still use RDP as a free, no third-party way to remotely access at-home systems.
According to the report, a few of these recent phishing attacks suggested "evidence of social engineering to get the user to enable RDP or create Remote Assistance invitations; exploits with shellcode or malware that enables RDP; or attacks that target other possible weaknesses in RDP configurations such as Restricted Admin mode in RDP 8.1." In every attack analyzed, attackers gained access only through RDP-enabled connections and weak passwords.
Why worry?
Although these attacks target residential systems, the intentions of the attackers can't be predicted. Successful creation of such a network of compromised machines could lead to a huge bot network which can be utilised for larger attacks or breaches. It could be also used to send spam email or participate in distributed denial-of-service attacks.
Although these attacks target residential systems, the intentions of the attackers can't be predicted. Successful creation of such a network of compromised machines could lead to a huge bot network which can be utilised for larger attacks or breaches. It could be also used to send spam email or participate in distributed denial-of-service attacks.
Such event clearly indicate the need for security for home devices, owing to the evolution of Internet of Things. There exists a growing need for security solutions for home devices, besides the general office devices, as the level of risk and quantum of vulnerability is similar, irrespective of whether the device resides in your home or in your office network. Hence such a series of attack clearly indicate the need for security of home devices.
No comments:
Post a Comment