Preface
Enigma crypto currency Platform told the world they are next generation of cypto currency Exchange. Banking and financial industry believes that this is a trustworthy platform. Not Kidding, enterprise invests to build and support. Apart from that MIT expertise develop and design a prefect cryptographic mechanism. A shock to the world this week said that they are fall into the victim group of cyber attack.
https://www.wired.com/story/enigma-ico-ethereum-heist/
Headline news claimed that it cause by “DUMB MISTAKE” – Slack account with administrative privileges, had previously leaked
What if! We assume that their Enigma design architecture is not vulnerable. And there is another reason let this incident occurs. Is it a insider threat caused by end user computing?
This incident under law enforcement investigation. since we do not know the root cause. But we can setup a virtual reality scenario see whether we can find out the possibility.
PDF format of file, a benefits bring to malware
- Hidden inside a Word document that’s hidden inside a PDF
Scenario:
Step 1: Emailed spam with a PDF attachment
Step 2: PDF has an attached document inside, which is trying to get opened by the Acrobat Reader
Step 3: Once the document is opened in MS Word, it asks you to enable editing (social engineering attack)
Step 4: Runs a VBA macro, which downloads and runs the malicious code
Step 5: Insider threat happens. Try to collect the sensitive data includes credential
2. Open source applications lure malware infection
Sounds not possible! Enterprise firm less implement software application open source concept. As a matter of fact, similar idea happened in enterprise firms including broker firm and investment banking. It is hard to image that such profit making industries concerns about software licenses. But it is a factual case.
Scenario:
A critical zero-day security vulnerabilities in Foxit Reader software that could allow attackers to execute arbitrary code on a targeted computer.
CVE-2017-10951 – vulnerabilities can be triggered through the JavaScript API in Foxit Reader.
CVE-2017-10952: This vulnerability exists within the “saveAs” JavaScript function that allows attackers to write an arbitrary file on a targeted system at any specific location
Remark: Foxit refused to patch both the vulnerabilities because they would not work with the “safe reading mode”
3. Vulnerability in LinkedIn Messenger
Scenario:
Even though enterprise firm will be included Linkedin into the white list. It allow their staff access without restriction. Regarding to subject matter expert vendor (Checkpoint), Linkedin message Would Have Allowed Malicious File Transfer. LinkedIn allow the following file extensions to be uploaded and attached within a message:
Documents – csv, xls, xlsx, doc, docx, ppt, pptx, pdf, txt.
Images– gif, jpeg, jpg, png.
As a result, the specific issue triggers inherent risk fall into above item 1 information security design weakness.
Current status
Let stop discussion here, there are more possibilities or ways once the attack vector happens on insider threat (end user computing). We keep our eye open see whether any new findings later on.
Appreciation for this interesting writing. From the time that I commenced working on understanding much more with this topic, my entire life has better tremendously. I are looking at the choice of adding the opposite thing to my career for a year. For a nice and pleased with the sort of information I have gained from various websites, especially your site. I have a smaller budget to certainly obtain ebooks and video tutorials but your site is a good help to myself.
I just want to tell you that I am just all new to blogging and site-building and certainly enjoyed your web blog. More than likely I’m likely to bookmark your website . You amazingly come with impressive well written articles. Appreciate it for sharing your web-site.
You made some decent points there. I looked on the internet for the subject and found most persons will go along with with your blog.