An advisory practice was the target of an attack, whereby the malware allowed the fraudster to gain access to an adviser’s login details for all systems he had used recently. The fraudster now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook. The next time the adviser tried to log in to his platform desktop software, he was locked out. He rang our account executive team to report his access was locked. He couldn’t login, even though he was using his correct user name and password. The platform reset his password. The next day when the adviser tried again to login, he was locked out of the system again. It became obvious that the adviser’s user ID had been compromised. At this point, the user ID was deleted.
1. Identify the malware attack experienced in the above scenario
2. What recommendations would you provide for preventing such type of attacks? The recommendations should be discussed individually for the scenario and should not be a general list of recommendations
Ans -1 : Using Keylogger malware attack, this attack can be carried out. In keylogger malware, the malware tracks every key stroke in keyboard entered by the user over a session. This is carried out to steal login, passwords, answer to security question etc.
Ans - 2 : Prevention can be achieved by -
a.) In case of suspicion of malware -
-- Disconnect the device from internet.
-- Calling the service provider(such as bank, credit card or wherever the user has visited in recent session after the malware is suspected etc) and ask them to block transactions immediately so that no damage can be initiated.
-- Running the security scan and fixing malware threats if any.
b.) In case of damage started /initiated by the attacker -
-- Disconnect the device from internet.
-- Calling the service provider(such as bank, credit card or wherever the user has visited in recent session after the malware is suspected etc) and ask them to block transactions immediately so that no further damage can be initiated.
-- Calling an security specialist such as antivirus service provider immediately so to scan and update security software and let restore your network back to normal, free from threats or malware.
-- Filing a complaint to cybersecurity for the attack so that attacker can be tracked.
-- Network upgrade regularly and internal organisation member check so to ensure if any one in organisation is not a threat.
Get Answers For Free
Most questions answered within 1 hours.