We have firewalls and a DMZ. It's impossible, right? Wrong!
Have you ever used VNC or TeamViewer? A user can grant access to their computer to anyone on the internet, and that is exactly how it works.
It's called a Reverse Shell
Anatomy of a typical Phishing attack
A) User receives an E-mail from a colleague with a Microsoft Word Document attached.
- This Email is phished and not from their colleague!.
B) User open's the Word Document
- But a Word macro starts a rogue process in the background.
The process has 3 tasks:
- 1) Start a reverse shell (hacker gains same control as the logged in user).
- 2) Start a key logger.
- 3) Slow computer down by 75%.
C) User calls Windows support desk.
- Help, my computer is running so slowly!
D) Windows engineer visits to troubleshoot and logs on as a Domain Admin
- Key logger grabs the credentials and posts them up the reverse shell.
E) The hacker now has elevated Domain Admin access to customer Windows Domain.
- Hacker now has all the time they need, to download and install more payloads.
EESM Windows ransomware protection solution
We can protect 100% of Windows computers from ransomware
- The end of Windows ransomware.
Our EESM Windows Agent developed with Microsoft, terminate's reverse shells automatically.
- Legitimate software contains an X509 digital certificate from a trusted authority.
- Listening processes without X509 certificates are terminated.
- Microsoft process X509 certificates are hidden in Windows store and not available to engineers.
Please watch our Reverse Shell protection demo video