Noisy Fans & Fake Deli Coupons: How Hackers are Winning Now

Written by

In the race to come up with new and more sophisticated ways to invade victims' computers and networks, hackers will use any means necessary – even a computer's fan. Especially designed for highly secure computers that aren't even on a network, the Fansmitter exploit is just the latest in a never-ending cycle of attacks, with hackers constantly upping the ante as companies come up with methods to defend their systems – except that the defenses are usually for last week's attacks, and can't defend against all the zero-day exploits or permutations of existing exploits that hackers are constantly coming up with.

Fansmitter is based on the principle of air-gap hacking, where a hacker uses a mobile device to listen in on the electro-magnetic waves coming out of a computer. All it takes is infecting a nearby smart device with malware that can listen in to the electro-magnetic waves emanated by a computer; those waves can communicate, for example, keystroke information that can include passwords, encryption keys, etc. Malware that has been installed on the computer scrapes for the data it's sent to find, and then regulates the speed of the computer's fan to ‘broadcast’ electro-magnetic signals that reflect that information. The compromised Smartphone records the wave patterns and transmits it back to hacker headquarters. The result: even the safest computer that is completely disconnected from the internet is exposed.

It sounds like a far-out scenario but if the computer's contents are important enough, an army of professional hackers for hire stands ready, willing, and able to pull this off.

If they can get to a computer like that, they can get to anyone. Cleverly designed social-engineering messages can, it has been proven time and again, convince almost anyone to click on a rogue link or open an attachment that includes a malware payload. Over 90% of hacking attacks initiate with such social-engineering efforts – meaning that relying on human intelligence, resolve and common sense to prevent hacking attacks is next to futile.

However, it's not enough to trick people; today's top malware has to fool security systems, avoiding detection by anti-virus and anomaly-detections systems (like sandboxes) to continue operating and sending information to its masters.

Here are some of the latest ways they are doing this:

Webcam hacks: If the FBI director covers his webcam, then there must be a good reason – actually more than 73,000 reasons, according to a 2014 article by Network World columnist Ms. Smith, which states that hundreds of thousands of users are being monitored via their webcams, with hackers able to access them because users do not change the administrative login and password of the most popular models.

If a hacker is able to worm his or her way into a computer or laptop by acquiring the credentials of a user s/he can easily access the webcam to view a user's office, kitchen, living room, or anywhere else IP-connected cameras are deployed. What could they do with those images? Well, they could sell them to local criminals, who could use them to canvass the premises from the inside, looking for ways to easily break into a house.

Phony Images: During this feverish political season, everyone has an opinion – and everyone is ready and willing to believe the worst about either candidate, depending on whom they support, but if someone sends you a link that lets you download images of Hillary Clinton in a ‘compromising position’ or of Donald Trump beating up Mexican workers at his casino, resist the urge: the image could be a cleverly-designed image exploit.

The exploit is a reboot of an old data concealment technique called steganography. Used in the past by spies and secret agents to leak or hide data, the technique involves strings of code embedded in an image that once decoded can be used to execute malicious code to upload or download data from a computer or device. In the latest takeoff on this technique, hackers send out a phishing message that urges users to click on a link where they will get a view of some lascivious images – which they may or may not get. Along with that image, they will get an invisible payload that will install malware that imports other images of this type, seeking them out on social media. When it finds one, it automatically downloads and parses it – releasing code that will perform actions, like surreptitiously uploading files to a cloud site. Difficult to detect, the technique has allegedly been used by Russian hackers to steal data from companies.

Support your local hacker: As competition rises among hackers for ‘big fish’, cyber-crooks are finding there's money to be made outside the enterprise realm. In recent months more hackers have been focusing on localized attacks – crafting phishing messages that appear to be from local businesses, charities, and institutions, geo-targeted to sweep an area served by specific organizations. The advantage here is that potential victims who are sophisticated enough to avoid phishing messages from Amazon or a bank they do not do business with might be more willing to click on a link or open an attachment in a message they believe was sent by the local deli offering a coupon, for example.

Geo-targeted hacks and malware are now a hot item on Darknet, with malware that lets hackers choose specific countries, cities, and even neighborhoods to target. Some of the most common campaigns target victims in specific areas with phony email messages from local companies or tax agencies, with email messages containing a malicious attachment, such as Microsoft Word documents or JavaScript, or a link to a web page that will automatically download malware. With all that, however, it pays to remember the bottom line: without the phishing component of these attacks, none of them could take place. Something for the company's IT folks to keep in mind when developing a defense plan.

What’s hot on Infosecurity Magazine?