Copy-paste compromises
Copy-paste compromises: Introduction and overview
Although the concept of copy-paste compromises is not exactly new, there are now several different forms of the attack. In the version of copy-paste compromise that we’ll discuss today, malicious actors use open-source or publicly available exploit code, web shells and other tools to gain information.
Recently, Australia has revealed a wide-scale attack across all levels of government, essential service providers, and private businesses across the country. Australia labeled the attacks as “copy-paste compromises,” alluding to the observation that the attacks made use of the public domain of exploits. Based on what was disclosed, the attacks primarily exploited vulnerabilities in Microsoft Internet Information Services (IIS), a 2019 SharePoint vulnerability and the 2019 Citrix vulnerability. These exploited vulnerabilities have patches available, which means the attack did not require significant effort or zero-day exploits.
During the investigation, they found that most organizations that are susceptible to phishing attacks struggle to keep up with critical security patches, unnecessary exposure of internal services and often leave default credentials on sensitive systems.
As for phishing, malicious actors have used various kind of techniques:
- Links to credential harvesting websites
- Emails with links to malicious files or with malicious file directly attached
- Links prompting users to grant Office 365 OAuth tokens to the actor
- Use of email-tracking services to identify the email opening and lure click-through events
Once initial access is achieved, the malicious actor has utilized a mixture of open-source and custom tools to persist on and interact with the victim network. Although tools are placed on the network, the actor migrates to legitimate remote accesses using stolen credentials.
Copy-paste compromises accomplished
Now we’ll show some examples of the ways in which attackers have used publicly-available exploits and carry out copy-paste compromises.
Example 1: Exploit Tomcat Manager
In this example, (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Jatin Jain. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/ZCKOX2fdmsc/
