Cyber Security Articles & News

A New Form of Hacking

I recently learned about a new kind of computer hacking from Kevin Mitnick, a speaker at the recent 2017 AmeriQuest Symposium in Orlando who addressed a topic known as “social engineering.” Not so long ago, Mitnick was one of the world’s Most Wanted hackers.

He defined social engineering as “a form of hacking that relies on influence, deception and manipulation to convince another person to comply with a request in order to compromise their computer network.”

Hackers use social engineering for a variety of reasons:

  • It’s easier than doing software or technology hacks
  • It is nearly 99.5% effective
  • It leaves no audit trail

The real problem with social engineering is that your employees are unwittingly revealing information that the hacker then uses against you or your company.

Hackers start by doing information reconnaissance looking for organization charts, names and titles of employees so they can determine the type of information the employee may have access to. They can go to places like LinkedIn, enter your company’s name, get the names of key employees and find everything they need to determine who is in the “circle of trust” for those employees.

When hackers launch these social engineering hacks, they prepare in advance by adopting a role or identity and developing reasons to call your employees.

Another favorite trick is to send via snail mail a thumb drive specialty gift that looks like it comes from someone who is in that employee’s circle of trust. They go so far as to imprint the company logo on the drive and package it from the company they are impersonating. Since the recipient thinks the drive is coming from someone they trust, they insert it in their USB port. This allows the hackers to unleash a Trojan horse (virus) onto that computer or to steal passwords and other important data.

Mitnick advised meeting attendees to be careful when connecting to free wireless networks because hackers are setting up fake wireless networks which allow them to access information. He also said to be wary of software update notices; they could also be fake. Once a fake update is downloaded, the hackers have access to that computer and the all information it contains.

More sophisticated attacks are launched via browsers, media players, document readers and booby-trapped PDFs.

Why are these social engineering hackers successful? Mitnick says it’s because “there is a hole in the human firewall. People think it can’t happen to them.” Another reason is because of people’s natural desire to help.

So how do you prevent your employees from falling victim to these tactics? First inform them about the sophisticated tactics hackers are using today. You can also do mock attacks to test how your employees respond and then educate them on the right way to deal with these situations. You also need to establish a social engineering incident response program as well as modifying what Mitnick calls “your company politeness policy.”

He strongly recommends telling your employees, “It is okay to say no to information request.”

When building your human firewall, keep it simple. Set up a protocol that is easy to understand and follow. Develop interactive social engineering resistance training and whenever possible, use technology to take decision making out of the hands of your employees.

Read this cool event review and other interesting articles at the source.

Source: FleetOwner

Topics: Social Engineering, Trojan virus, fake update, human firewall, thumb drive, fraudulent email, hacking, keynote speaker, security awareness training, LinkedIn, snail mail, USB, wireless networks, AmeriQuest Symposium, booby trapped PDF, Orlando, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Is Kevin Mitnick a Famous White Hat Hacker?

Kevin Mitnick is considered one of the best hackers in the world, but what kind of hacker is he? Formerly on the FBI's most-wanted list for his pranks..

Read more ›

3 Things You Need To Know About Cyber Security Consulting Services

According to Fortune, “The world saw an alarming 105% surge in ransomware cyberattacks” in 2021, with no indication that 2022 will be any different. I..

Read more ›

Pros and Cons of Vulnerability Scanning vs Penetration Testing

When it comes to an organization’s cybersecurity, vulnerability scanning and penetration testing can protect your business from threat actors. But wha..

Read more ›
tech-texture-bg