{"id":4651,"date":"2016-04-26T09:02:42","date_gmt":"2016-04-26T14:02:42","guid":{"rendered":"https:\/\/www.poweradmin.com\/blog\/?p=4651"},"modified":"2016-04-18T16:47:10","modified_gmt":"2016-04-18T21:47:10","slug":"unmasking-the-imposters-part-2-detection-and-damage-control","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/unmasking-the-imposters-part-2-detection-and-damage-control\/","title":{"rendered":"Unmasking the Imposters, Part 2: Detection and Damage Control"},"content":{"rendered":"

In the first of this two-part security report, we discussed the threat presented to individuals and enterprises by malicious outsiders posing as members of an organisation itself, or representatives of a trusted external institution like a bank or popular online resource. We looked at how these imposters are refining their methods of extracting funds or confidential information from victims targeted through phishing campaigns, backed up by malware, and supported by data gleaned from contact databases and social media.<\/span><\/p>\n

\u00a0<\/p>\n

To conclude, we\u2019ll be considering the various ways that companies and individuals can spot the presence of an imposter, mitigate the damage they potentially cause, and take measures to render an organisation less vulnerable to attack, in the first place.<\/span><\/p>\n

Detection in Principle<\/b><\/span><\/h2>\n

The unique slant of an imposter attack which makes this kind of cyber-assault difficult to detect is that the intruder (having gained the relevant information and access permissions from someone within the organisation or closely associated with it, by phishing) now has the freedom to operate within the corporate network, looking to all intents and purposes like a legitimate user. From this position, an imposter can sabotage existing operations, steal vital information and \/ or funds, and compromise the network.<\/span><\/p>\n

\"imposter2_gathering\"<\/a><\/p>\n

So the key for network administrators and security officers is to look for activity that originates from within their own system, but which runs counter to the objectives and overall best interests of the organisation.<\/span><\/p>\n

\u00a0<\/p>\n

A \u201ctypical\u201d imposter assault on a network occurs in three distinct phases<\/a>:<\/span><\/p>\n

Phase 1: Infiltration of the Network<\/b><\/span><\/h2>\n

As we\u2019ve seen, it\u2019s no longer a case of simple \u201cbait and lure\u201d phishing. Targeted campaigns are now conducted based on research taking in contact lists, user profiles, and data gleaned from social media. This may be supplemented by the insertion of malware into the targeted system \u2013 malicious software that can assist the initial phase of attack by scanning for access credentials, cracking passwords, and eating away at network defences.<\/span><\/p>\n

The Tell-Tale Signs:<\/b><\/span><\/h3>\n