How did they do it? (Hacked)

[pjknibbs]

Outlook.com accepts the same + syntax as GMail. Easy enough to test, anyway!

Odd, I just tested sending an e-mail to my work e-mail address (which is an Office 365 one) with that + thing on it, and it didn't work--got rejected due to the e-mail not existing. Guessing they only enable this feature for actual @outlook.com e-mail addresses.

[Gavrushka]

That is quite brilliant. I hadn't considered that. I need to find out if that's offered with MS accounts.

Outlook.com accepts the same + syntax as GMail. Easy enough to test, anyway!

That's simply awesome. I need to send you many, many dollars. Thank you!

[Vertigo 7]

Outlook.com accepts the same + syntax as GMail. Easy enough to test, anyway!

Odd, I just tested sending an e-mail to my work e-mail address (which is an Office 365 one) with that + thing on it, and it didn't work--got rejected due to the e-mail not existing. Guessing they only enable this feature for actual @outlook.com e-mail addresses.

I would bet that the enterprise accounts don't have that enabled. I could see that as something the admins would not want enabled (if it's an option), especially if they have a spam/AV filter before the emails hit the mail server. But it def works for personal accounts.

[Chips]

I talked her through it. She was adamant that she hadn't looked at the claimed porn sites. This was enough for me to say "there's a lot of bluff in this and that undermines the rest of the threat. Change all your passwords on everything and either ignore it or tell them where to get off, and report it to the police".

But if she'd been vulnerable in some way, and without access to somebody reasonably tech savvy, and had looked at whatever porn sites... it might have felt very threatening indeed.

It was, in effect, a reasonable sophisticated social engineering attempt.

I think it's more basic than you give them credit for 100k leaked email/passwords? Send out those emails with part password (rest starred out). Then take some guesses and leave the targets to self identify (common porn site, most laptops have webcams built in etc).

Now you just need a percentage to fall for it as they've kept it secret or think it's something to be humiliated over. Personally, I worked on the principle if you refuse to be embarrassed then hard to get blackmailed. No shame here

[red assassin]

That's simply awesome. I need to send you many, many dollars. Thank you!

Be aware that this is a fairly well-known trick and spammers may strip the +whatever off, replace it with something else, etc etc, so it's not reliable by any means, but it is often useful. (At least for telling you who to blame for losing your details!)

[jlehtone]

Odd, I just tested sending an e-mail to my work e-mail address (which is an Office 365 one) with that + thing on it, and it didn't work--got rejected due to the e-mail not existing. Guessing they only enable this feature for actual @outlook.com e-mail addresses.

Same here. Exchange server at work. Bounces with:

Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command)

Alas, Exchange was taken into use last year. The previous server (not a MS product) was ok with the aliases.

Then again, it is the private addresses that we primarily want to track, isn't it?

A "group" in MS Yammer has address of form nameofgroup+domainname@yammer.com. No idea what protocol it uses to parse the address.
MS Teams addresses do not have '+'.

I presume that most mail servers are highly configurable and that lack of a feature is due to (conscious) omission or disablement.

[red assassin]

MS say + is coming to Office 365 with an ETA of later this year: https://office365.uservoice.com/forums/ ... -office-36
Couldn't find anything specific about local Exchange, though. Lots of 365 features don't make it through to the local versions, so I wouldn't hold out much hope.

[Gavrushka]

I would still suggest a scan with Malwarebytes, just incase there is a miscreant onboard.

Loving Malwarebytes, and will buy the licence at the end of the trial. - Is it an addition to normal virus software, because it doesn't appear to have a 'full system scan' option? - I've Bitdefender running too and, although still active, it seems to take a back seat to Malwarebytes.

[Vertigo 7]

If I would suggest, look into Cylance. They're a relatively new player in the AV field and making some huge inroads in enterprise security. Their consumer AV product is essentially the same as their enterprise one. What makes them stand out is they do not use signatures to detect malware. Rather it's AI based malicious code detection that can even prevent code executions that traditional AV products wont even have a signature for yet. Their annual price point is very reasonable too.

[red assassin]

Don't pay for antivirus programs. The built-in Windows Defender is plenty good enough. Whatever the cause of your issue, it's almost certainly nothing to do with having malware on your device.

[felter]

Don't pay for antivirus programs. The built-in Windows Defender is plenty good enough. Whatever the cause of your issue, it's almost certainly nothing to do with having malware on your device.

Are you sure about that, Windows Defender Sandbox Test vs Malware

Now compare that to lets say the free version of Kaspersky Security Cloud Review.

By the way, a detection rate as low 98% is counted as being pretty bad, a good AV product will be well into the 99+% rate, where it may have missed 1 or at worst two viruses, when he had to quit defender because it couldn't handle it any more, it was at a 92.56% detection rate.

[Vertigo 7]

I'm telling ya, Cylance is worth the money. and it really isn't much. I'm paying around $50 USD /yr for 5 licenses.

[silenced]

even if it is a Russian damsel looking for rescue ..

But ... this is how I met my wife! =) Ok, she's Ukrainian, but hey ...

[red assassin]

Don't pay for antivirus programs. The built-in Windows Defender is plenty good enough. Whatever the cause of your issue, it's almost certainly nothing to do with having malware on your device.

Are you sure about that, Windows Defender Sandbox Test vs Malware

Now compare that to lets say the free version of Kaspersky Security Cloud Review.

By the way, a detection rate as low 98% is counted as being pretty bad, a good AV product will be well into the 99+% rate, where it may have missed 1 or at worst two viruses, when he had to quit defender because it couldn't handle it any more, it was at a 92.56% detection rate.

Artificial detection rate tests have almost nothing to do with real world security and are extremely dependent on test methodology. (For example, here's the top result from Googling it which puts Defender on a 99.88% protection rate: https://www.av-comparatives.org/tests/m ... arch-2020/) Antivirus products in general and this sort of test in particular are a holdover from a bygone era of default-vulnerable Windows XP boxes. Any competent threat actor will test the new version of their malware against the full suite of antivirus products to ensure they don't flag before launching the campaign. There are also very few practical attack vectors left open for a criminal group attempting to get malware onto a home user's PC and pretty much all of them involve downloading something suspicious from a phishing email or webpage.

Furthermore, running an antivirus product poses significant risks, as you give them effectively unlimited access to your computer and the files on it. This is both an obvious privacy risk and a security risk: antivirus products have a long history of having their own critical exploitable security issues and breaking security in other applications via their hooking mechanisms. Plus of course you're paying money. And all for something that makes almost no difference to your actual security level. An antivirus is there as a backup in case all of the security mechanisms to stop stuff getting onto your computer in the first place fail and you're lucky enough to get hit late enough that AVs have had a chance to find and signature whatever it was.

Defender is fine, free, generally secure as AVs go, doesn't involve giving any more access to your computer than Microsoft already had, and takes advantage of Microsoft's general telemetry which gives them a good picture of what actual security threats are affecting their users.

Install updates for your OS and your software immediately. Keep backups. Don't download stuff you can't verify. Use Defender. And follow the password advice from my other post.

I'm telling ya, Cylance is worth the money. and it really isn't much. I'm paying around $50 USD /yr for 5 licenses.

AI in security products is pointless marketing and has very little to do with their actual effectiveness as a product. All it means is that when it does or doesn't find something, you can't explain why.

[Vertigo 7]

I'm telling ya, Cylance is worth the money. and it really isn't much. I'm paying around $50 USD /yr for 5 licenses.

AI in security products is pointless marketing and has very little to do with their actual effectiveness as a product. All it means is that when it does or doesn't find something, you can't explain why.

Really? So enterprises that are ditching multi million dollar contracts with Symantec/Broadcom and McAfee in favor of Cylance are just buying into marketing hype?

I can tell ya, as someone who does actually work in IT security for one of the largest healthcare providers in the US, and was directly involved in the efficacy of Cylance countering actual on going threats VS other products we were using at the time, Cylance hit all the marks and did so without consuming inordinate resources on both server and end user systems. We quickly switched products and have not regretted it once. It works, and it works damn well, and doesn't require constant updating of signatures to do it's job. We have had 0 malware or ransomware outbreaks since Cylance was deployed and field techs are no longer spending inordinate amounts of time cleaning or reimaging infected devices.

Their approach to using an AI engine to detect malware is definitely different from all the rest, but I can't argue with results. It's even detected PUPs on my machine that malware bytes and defender completely missed.

[felter]

red assassin, did you even look at either the stuff I posted or even the link you posted that. The 99.88% protection rate you linked as being good is actually one of the worst out of all of the AV software they tested. Then you have to take into account the other two percentages used, the online and offline detection rates, which were 70.5% and 85.9% respectively which puts them down in the bottom 5 not the top 5 like you are trying to make out that they are. Windows defender is bad, it is not the worst and it is better than it used to be, but it is still one of the worst anti-virus products out there.

[red assassin]

Really? So enterprises that are ditching multi million dollar contracts with Symantec/Broadcom and McAfee in favor of Cylance are just buying into marketing hype?

I can tell ya, as someone who does actually work in IT security for one of the largest healthcare providers in the US, and was directly involved in the efficacy of Cylance countering actual on going threats VS other products we were using at the time, Cylance hit all the marks and did so without consuming inordinate resources on both server and end user systems. We quickly switched products and have not regretted it once. It works, and it works damn well, and doesn't require constant updating of signatures to do it's job. We have had 0 malware or ransomware outbreaks since Cylance was deployed and field techs are no longer spending inordinate amounts of time cleaning or reimaging infected devices.

Their approach to using an AI engine to detect malware is definitely different from all the rest, but I can't argue with results. It's even detected PUPs on my machine that malware bytes and defender completely missed.

I am an infosec professional. Symantec and McAfee are pretty terrible, so I wouldn't exactly describe switching away from them as a bad move. Also, the situation for a corporate network is a bit different from home use under discussion here. Nonetheless, I stand by my statement: there are eleventy billion AI-powered network defence startups out there right now and how loudly they yell about AI in marketing has very little to do with how effective they are. A machine learning detection engine is vulnerable to just the same evasion processes any other detection engine is vulnerable to. As soon as Cylance gets popular enough for malware authors to start testing against it like they do more common AV engines, it'll start missing stuff in the critical early window and needing to push out engine updates just like other AVs.

red assassin, did you even look at either the stuff I posted or even the link you posted that. The 99.88% protection rate you linked as being good is actually one of the worst out of all of the AV software they tested. Then you have to take into account the other two percentages used, the online and offline detection rates, which were 70.5% and 85.9% respectively which puts them down in the bottom 5 not the top 5 like you are trying to make out that they are. Windows defender is bad, it is not the worst and it is better than it used to be, but it is still one of the worst anti-virus products out there.

Did you read anything I wrote? Detection rates are not a useful measure of how an antivirus affects your security posture.

[Vertigo 7]

Really? So enterprises that are ditching multi million dollar contracts with Symantec/Broadcom and McAfee in favor of Cylance are just buying into marketing hype?

I can tell ya, as someone who does actually work in IT security for one of the largest healthcare providers in the US, and was directly involved in the efficacy of Cylance countering actual on going threats VS other products we were using at the time, Cylance hit all the marks and did so without consuming inordinate resources on both server and end user systems. We quickly switched products and have not regretted it once. It works, and it works damn well, and doesn't require constant updating of signatures to do it's job. We have had 0 malware or ransomware outbreaks since Cylance was deployed and field techs are no longer spending inordinate amounts of time cleaning or reimaging infected devices.

Their approach to using an AI engine to detect malware is definitely different from all the rest, but I can't argue with results. It's even detected PUPs on my machine that malware bytes and defender completely missed.

I am an infosec professional. Symantec and McAfee are pretty terrible, so I wouldn't exactly describe switching away from them as a bad move. Also, the situation for a corporate network is a bit different from home use under discussion here. Nonetheless, I stand by my statement: there are eleventy billion AI-powered network defence startups out there right now and how loudly they yell about AI in marketing has very little to do with how effective they are. A machine learning detection engine is vulnerable to just the same evasion processes any other detection engine is vulnerable to. As soon as Cylance gets popular enough for malware authors to start testing against it like they do more common AV engines, it'll start missing stuff in the critical early window and needing to push out engine updates just like other AVs.

Cylance isn't a startup... Research, my friend. They've been around since 2012 and were bought by BlackBerry in 2018. They are constantly evaluating processes for malicious code. Sometimes, at least on the enterprise level, a bit too over zealously and flagging activity as suspicious that isn't, but not that often and nothing that has majorly impacted business.

Anyway, since I have actual real world experience with Cylance and have seen first hand it stopping zero-day threats long before any other AV product is able to, I'll stick with what I'm seeing first hand. As I said, it works. If something else comes along down the road that can do the job better, great. For now, I'm putting my trust in Cylance's ability to neutralize threats since it's accomplishing its task where others have failed.

We would not rely on Windows Defender in the corporate network, even with all of the strict controls and security appliances in place to prevent bad actors from gaining access. With far less controls on a home network, why should anyone rely on Windows Defender to keep their data safe? Cuz it's free? It's not nearly as effective as you claim it to be, again... PUPs were detected by Cylance on my machine that defender missed. Shit that GOG and Twitch threw out there. Hell, I wasn't even aware of it and I like to stay on top of what's going on with my machine. Not to mention, both Malware Bytes and Defender have been directly circumvented by certain malware and Cylance has built in process protections that prevent tampering.

Bottom line is, as I said, I can't argue with results. Show me something better, I'll take it into consideration. "marketing" is not a sufficient reason to dismiss an effective product.

[silenced]

But on a side note: Wasn't Cyclance the one that could be circumvented by using "whitelisted" files that had been infected after being "whitelisted" and so the system totally failed?

I think it was them, and they said all of this was not true, but lots of patching and hotfixing was made a very short time after ...

[Vertigo 7]

I don't think so. Cylance evaluates processes in active memory, it doesn't care what the filename is.