Massive and tailored attacks against webmail platforms: Gmail, Hotmail and Yahoo mail.
The reputable IT security company, Trend Micro, has recently published a report of extreme seriousness on attacks against the most commonly used webmail platforms in the world.
The attacks have 2 main purposes:
(1) for the attacker to obtain full access to the victims email accounts
(2) for the attacker to obtain full access to the victims PC configuration by exploiting vulnerabilities within the browser and webmail platform itself
The #1 attack gives the attacker possibilities of launching identity thefts and possibly exploit sensitive information stored within the victims email accounts.
The #2 attack gives the attacker possibilities of obtaining the victims user names and passwords of other applications and services used by the victims.
Such attacks are launched through tailoring methods that get round anti-virus software installed on the victims PC in order to run malicious software e.g. a tailored key-logger that sends the users’ logon information for certain applications to the attacker.
These attacks gives attackers access to any content, including content protected by password based secure email systems, or other applications with encryption having the same weak level of authentication. The reason is that no matter how strong encryption that is implemented, it is irrelevant since the victims’ logon passwords are in the hand of the attacker.
Trend Micro advice on 2-step user verifications of the email accounts in order to get a better protection.
Protectoria goes further and offers One-Time-PIN codes distributed instantly and out of band in order to protect messages sent to any recipient, and 2-factor authentication for protection of webmail accounts of its users.
Read more about the report from Trend Micro here
10/6-2011
(1) for the attacker to obtain full access to the victims email accounts
(2) for the attacker to obtain full access to the victims PC configuration by exploiting vulnerabilities within the browser and webmail platform itself
The #1 attack gives the attacker possibilities of launching identity thefts and possibly exploit sensitive information stored within the victims email accounts.
The #2 attack gives the attacker possibilities of obtaining the victims user names and passwords of other applications and services used by the victims.
Such attacks are launched through tailoring methods that get round anti-virus software installed on the victims PC in order to run malicious software e.g. a tailored key-logger that sends the users’ logon information for certain applications to the attacker.
These attacks gives attackers access to any content, including content protected by password based secure email systems, or other applications with encryption having the same weak level of authentication. The reason is that no matter how strong encryption that is implemented, it is irrelevant since the victims’ logon passwords are in the hand of the attacker.
Trend Micro advice on 2-step user verifications of the email accounts in order to get a better protection.
Protectoria goes further and offers One-Time-PIN codes distributed instantly and out of band in order to protect messages sent to any recipient, and 2-factor authentication for protection of webmail accounts of its users.
Read more about the report from Trend Micro here
10/6-2011
