Cover Your Webcam

Cover Your Webcam

Have you ever felt like someone is listening to your conversations, watching you on your webcam? Would you believe that this is true?

In one of our red team engagements we had just managed to gain foothold to the company’s network and gain high privileges. The goal was now to gather trophies that was decided on the engagement.  

One of the trophies was to show the executives the possibility to spy on the employee’s computers by recording their microphones and seeing their webcams. Our team searched for computers around the network and finally found one computer with a working webcam. We recorded the microphone and were able to hear conversations that were done with clients, see the employee’s webcam and fully control his computer.

What should we learn from this first of all? Besides the lack of security that let us control the employee’s computer, the webcam was also not covered. This let us spy on the employee.

Secure me.

Secure me.

One of the largest Industrial companies in the world with branches world-wide got attacked by a critical Ransomware which shut down their production for weeks. In the after-math of the incident , Cybia was hired to assess the organization’s cyber security level in several of their branches world-wide. This included assessing executive-level process and policies, Technical system, Awareness and more of all the branches, and calculate the organization’s overall risk level.

The organization received a technical level report that presented all of the findings in each of the branches, and an executive-level report that presented the main business risks. The company also received a tailored  plan and strategy on how to improve their cybersecurity posture according to their current budget. The screenshot below describes the current cybersecurity posture of the organization according to what we refer to as the security pillars of the organization. 

Breaching Government Tax Systems

Breaching Government Tax Systems

The big question we usually ask our clients is “are you secure?” To get an answer to this question you need to know your organization, and the adversary, how he operates, which techniques he would use to attack your organization and where your weak points are. 

Cybia was once contracted by a foreign government to conduct an adversary simulation on their tax department. The goal was: hacking their tax systems to prove the possibility of  gaining access to citizen’s data and tamper with it. The scenario was external breach to full takeover of tax systems. 

Cybia engaged the project by doing some simple recon on the tax department. After discovering the email address template of the organization it was easy for us to gather emails of victims in the tax department. 

We designed a very sophisticated spear phishing attack on one of the employers of the tax department. Before launching the attack we learnt exactly what kind of security systems was present in the organization to tailor the attack payload. The attack succeeded and bypassed all security systems. 

We had a reverse shell into the organization. Now we had to understand where the tax system was to be able to breach it. We started with the endpoints in the organization to understand how the employees worked and what kind of programs they where using. Usually the employees dealing with taxes has their own developed programs. We enumerated the endpoints of the organization and found out that all of the users where using a specific tax program. 

We started to analyze this program to understand how it worked. We found out that the program was communicating with a remote server. We analyzed the communication with this server and started analyzing the server. We found a critical vulnerability on the server allowing us to execute arbitrary commands on the server remotely. 

We had now reached the tax systems and were able to execute commands on the server. We were not exactly sure what kind of information was stored on this server, but we knew it had something to do with taxes.

After analyzing the server a bit more we found another vulnerability allowing us to reach the database of the server. We quickly understood what kind of data we had access to. Game Over.  

We were now able to read tax data of citizens and change it. You can imagine what the consequences are if a malicious actor had gained access to this data.