Each month reports are being published which provide information about breaches that allowed the theft of financials or (classified) information.
The news states that these attacks are often successful because the cybercriminals use advanced tools to penetrate the networks of their targets, but if you take a good look, the criminals often use the same type of tools which you can find in your Kali Linux operating system.
Remote Access Trojans
The cybercriminals which are hunting down financials and (classified) information often use remote access Trojans to gain access to the information and data that they desire. A remote access Trojan allows the operator to gain full control over the infected device. It also allows the operator to extend the capabilities of the remote access Trojan.
The remote access Trojan is often installed by unaware users that have been targeted by an (sophisticated) social engineering attack.
For example; the financial data processor receives an “fake” e-mail from the company director. The fake e-mail contains an PDF file which holds information that needs to be seen by the financial data processor. Once the PDF file has been clicked the financial data processor device will get infected by an remote access Trojan.
It is an fact that a lot of anti-virus packages are not capable of identifying newly crafted payloads. We have tested this and you can find the report here. The report shows how “easy” it is for cybercriminals to hide their payloads by using encoders.
But let’s get back to the Remote access Trojan also known as a RAT. The RAT allows the operator to dig a path through the network which is connected to the infected device. The operator will often infect the environment and stay silent for a couple of days or hours. The cybercriminals do this to avoid detection.
The Metasploit framework in Kali Linux allows everyone to create a Remote Access Trojan.
Yes. Your free Kali Linux operating system holds code which allows cybercriminals to steal millions from unaware companies and people.
Point of sales malware
Now it can be more direct. Brian Krebs has reported a massive list of incidents which involved point of sales malware. Point of sales malware is used by cybercriminals which want to earn a fast amount of money. The cybercriminals will infect the network or device which is responsible for the payments in the company or store, for example we can take a look at the incident in 2014. The TARGET company was targeted by point of sales malware. The cybercriminals had stolen a big amount of money and financial information from the TARGET clients.