Embedded Malware: Account Takeovers Multiplying

Robert McGarvey recently covered the topic of account takeover attempts in his regular column in the Credit Union Times. Michelangelo Sidagni, NopSec’s Chief Technology Officer was quoted, “This is a fast-growing problem.”

Phishing and account takeovers are a really scary prospect. And as Mr. McGarvey outlines in his article, both the frequency and sophistication of the attempts are on the rise. I’ve personally been a victim of embedded malware disguised to look like a Java update. Luckily I was able to recognize it and remedy the issue before any serious damage occurred.

How account takeovers work

Malware is embedded into an attacker-controlled webpage and is delivered via a phishing email with a link. The landing page contains obfuscated JavaScript that determines what is on the victim’s computers and loads all exploits to which this computer is vulnerable and sometimes a Java applet tag that loads a Java Trojan horse.

How vulnerability management helps

There are multiple facets to protecting users from these type of attacks. Because phishing intersects both technology and human nature, there is no silver bullet. Mr. McGarvey discusses some of the monitoring practices being employed by financial institutions. From NopSec’s perspective, eliminating the exploitable IT security vulnerabilities on infrastructure (such as networks and domain controllers) and applications (such a web applications that are public facing) is a way to combat the issue and limit risk.