Page 1056 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1056

Executives that approved the installation of the add-on installed
               malicious software that logged their keystrokes, capturing login

               credentials for different websites they visited. It also gave the attacker
               remote access to the executive’s system, allowing the attacker to install
               additional malware, or read all the data on the system.


               Vishing

               While attackers primarily launch phishing attacks via email, they have
               also used other means to trick users, such as instant messaging (IM)
               and VoIP.

               Vishing is a variant of phishing that uses the phone system or VoIP. A

               common attack uses an automated call to the user explaining a
               problem with a credit card account. The user is encouraged to verify or
               validate information such as a credit card number, expiration date,
               and security code on the back of the card. Vishing attacks commonly
               spoof the caller ID number to impersonate a valid bank or financial
               institution.



               Smartcard Attacks
               Smartcards provide better authentication than passwords, especially

               when they’re combined with another factor of authentication such as a
               personal identification number (PIN). However, smartcards are also
               susceptible to attacks. A side-channel attack is a passive, noninvasive
               attack intended to observe the operation of a device. When the attack
               is successful, the attacker can learn valuable information contained
               within the card, such as an encryption key.

               A smartcard includes a microprocessor, but it doesn’t have internal

               power. Instead, when a user inserts the card into the reader, the reader
               provides power to the card. The reader has an electromagnetic coil
               that excites electronics on the card. This provides enough power for
               the smartcard to transmit data to the reader.

               Side-channel attacks analyze the information sent to the reader.
               Sometimes they can measure the power consumption of a chip, using a
               power monitoring attack or differential power analysis attack, to

               extract information. In a timing attack, they can monitor the
   1051   1052   1053   1054   1055   1056   1057   1058   1059   1060   1061