![]() ![]() Below is a listing of the categories that will be referenced throughout the rest of this post and a brief definition of what we looked for during analysis. Throughout the analysis of the more than 125,000 images, we defined a number of data points to track across all infections. ![]() More often than not, we needed to combine information from multiple screenshots to determine the user or company.įigure 2 - Signature based identification on e-mail being composed Similarly, if we see images showing three different Facebook accounts logged in during the course of the infection, we assume the system is a shared resource among multiple people. For example, if an image shows an e-mail being composed and the e-mail has a signature at the footer with a company name and position, we assume this to be an indicator of the company and user’s role. Defining terms & the analysis processīefore we dive into the data, it must be said that since we are analyzing images, we are making some assumptions. Attackers captured screenshots of sensitive e-mails, bank account transfers, security cameras and hotel management systems.Īttackers who (accidentally) infected their own systems revealed the tactics, tools and procedures they used to launch their attacks. ![]() Companies in the manufacturing and transportation industries see the most KeyBase infections. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |