Cyber’s Substack

Share this post

Cyber’s Substack
Cyber’s Substack
A Construction Company Gets Hammered by A Keylogger
Copy link
Facebook
Email
Notes
More

A Construction Company Gets Hammered by A Keylogger

A Cyber Security Alliance Case Study

Cyber Armored @ CA
Jun 03, 2023

Share this post

Cyber’s Substack
Cyber’s Substack
A Construction Company Gets Hammered by A Keylogger
Copy link
Facebook
Email
Notes
More
Share

Chapter 1.  Introduction

Lets look into a Case Study from NIST related to a company targeted by cybercriminals who used attack keylogger malware.

 With this attack, the company had a loss of $350,000.

Since the company didn't have a cyber security plan, the company needed to hire an external cyber security company to minimise the losses.

As part of this post I need to look into answer how differently they could respond to this attack, what should be done to prevent it in the first place.

To analyse this case study, mainly academic journals from the University of Liverpool only Library were used as the information from NIST Small Business Cyber Security Corner and the National Cyber Security Analysis.

The main idea is to prove that a company without a Cyber Security plan can be penalised twice since it will be more susceptible to cyber-attacks and will take longer to respond and contain losses.

The body of this post it will be divided in explain what type of attack it was, what the academic world sees as a possibility to not get caught by this type of keylogger malware and a briefly cyber security plan.

Chapter 2.  ANALYSING THE CASE

2.1      The keylogger Malware

A Keylogger attack aims to capture authentication from a user. This can be done by software or hardware. By using social engineering phishing, sending an email to one of the case study companies' employees, the malicious software was installed, and the ID and password of that user were stolen.
According to (Moshchuk et al., 2006), the malicious software sits between the user authentication and the bank server pc, and from the moment the user types the ID and password, the keylogger gets that information, and the hacker can log in to that bank using the ID and password of that user.
Over the years, many banks and other institutions tried to protect the plain-text password using other authentication factors (Sodiya et al., 2011). Smart devices, graphical and multi-factor authentication are the most common, but they all have different vulnerabilities.
 Smart device authentication manages to split the non-Secure Source with an encrypted source outside of that non-secure PC, like the smart device, and the problem with a smart device is that it is like a PC (Mannan et al., 2007).
 Graphical authentication is very good regarding plain-text passwords, but, as explained by (Lashkari et al., 2009) is susceptible that someone close to the user can see that picture.
Moreover, the last one, the multi-factor authentication, is the best of the three with different credentials but is still vulnerable to brute force attacks and keylogging attacks.

2.2       Faking the User Authentication

(Sodiya et al., 2011) studied the possibility to trick the keylogger.
The idea was to generate random passwords from the user input at the front end because the keylogger gets the information at the front end. Then at the back end, an algorithm filters the wrong characters which were put into those random passwords and sends the right ID and password to the authentication server.
The results had an average of 95% in “tricking” the keylogger, but like the authors also assumed that the study didn’t went through different malware attacks.

2.3      Cyber Security Plan

It was clear on the case study that the company didn’t have a plan in place.
A plan helps an organization to Identify, Protect, Detect, Respond and Recover (NIST, 2013).

A cyber security plan helps to identify the risks which the company can be exposed to. Understand what cyber security governance model a company has, understand how many penetration tests are done in order to protect their IT systems, what type of network exists, is it the firmware up to date, is the software up to date in regards to security patches (Dunne, T. , 2019).
NIST collaborated with different industries and governments to create a framework that can guide small business.


2.4      Construction Company Response and Prevention

The construction company response according to the guidelines it was not enough. The company hired an external cyber security consultant which help them to review their systems, understand from where it came that branch and recommended to update the security software.
There is no information if the consultant company analysed their network cyber security. No information if the company helped them to create a cyber security plan regarding the risk and exposure that that company can be. It looks like, from the lessons learned, a cyber incident response plan was created, but that is only one of the steps (Respond) of what should be a cyber security plan.
It is possible to foresee that the Identify part of the plan was done, but with the information available, it’s hard to identify the Protection, Detection and Recover.

All the processes should be documented in order to protect the plan.
External penetration tests should be done in order to prevent future attacks.
It is good that the company realised the need to train their employees on cyber security users.

Chapter 3.  Conclusions

The case study aimed into analyse an attack which is often happened. A phishing technique to allocate a malware keylogger to extract authentication data from a particular user to access an online bank account.

The post tried to explain what type of attack is the keylogger and what academic science is working on in order to avoid this type of attack. It also aimed to describe that the most crucial step in cyber security is to prevent by having a robust cyber security plan, which includes: Identification, Protection, Detection and Recovering (NIST, 2013).

It will be crucial for small companies to further cyber security academic studies just with a focus on the small companies which don’t always have financial resources available to protect their own business from cyber attacks.

REFERENCES

Dunne, T. (2019) ‘PLAN DISTRIBUTIONS: Cybersecurity Should Be a Top Plan Priority’, Journal of pension benefits, 27(1), pp. 60–62.

Lashkari, A.H., and Farmand S., 2009. "A Survey on Usability and Security Features
in Graphical User Authentication Algorithms". International Journal of Computer Science and Network Security, VOL9, September 2009

Mannan M. and P. C. van Oorschot., 2007. "Using a Personal Device to Strengthen
Password Authentication from an Untrusted Computer". Financial
Cryptography and Data Security (FC '07). Feb 2007

Moshchuk, A., T. Bragin, S. D. Gribble, and H. Levy., 2006. "A crawler-based study
of spyware in the web". In Network and Distributed System Security (NDSS),
2006.

NIST (2023)  ‘Cyber Security Framework’ Available at: https://www.nist.gov/itl/smallbusinesscyber/nist-cybersecurity-framework (accessed on: 2023-06-01).

Sodiya, A.S. et al. (2011) ‘Preventing Authentication Systems From Keylogging Attack’, Journal of information privacy & security, 7(2), pp. 3–27.

Rodrigo Mendes Augusto
https://www.linkedin.com/in/rodrigo-mendes-augusto/

#cybersecurity #malware #keylogger

Share this post

Cyber’s Substack
Cyber’s Substack
A Construction Company Gets Hammered by A Keylogger
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2024 Cyber Armored @ CA
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More