Cyber Security Articles & News

Mitnick Talks Social Engineering and Attack Tactics

Breaches get worse and attacks keep happening, as threat actors have all of the capability thanks to user’s habits.

Speaking at Infosecurity North America in New York City, author, speaker and chief hacking officer of KnowBe4 Kevin Mitnick said that threat actors are able to collect information on their victims all too easily, and when evaluating a company it is also straight-forward to determine suppliers, customers, partners, vendors and employees to enable a social engineering exercise.

In his opening keynote 'How to fight back against hacker attacks', Mitnick cited several examples of how to socially engineer a company and bypass traditionally strong security tools like anti-virus and two-factor authentication.

In one example, he said he had been hired by a Canadian retailer for an assessment and he was able to determine who an HR provider was, so he set up a cloned website using the Canadian .ca domain, called a member of the company and told them they were “standardizing top level domains” and to try .ca first, which allowed him access to all payroll data, and all salary history. 

He said: “The attack was not so interesting to me, but the longest part of it was waiting for the DNS to propagate on the .ca domain, which took about half an hour.”

Mitnick was also able to demonstrate how to bypass two-factor authentication as “most companies offer one type of authentication” in the case of Paypal invoice which asked for credentials and once these were intercepted, so was the victim’s session cookies. To prevent this, he recommended using U2F protocol tokens, but said that these can also be stolen.

Overall, Mitnick demonstrated how simple it is to hijack a victim with a small amount of personal data when doing testing, and to defend against such attacks, to try using tactics that “the threat actors use” and create tools that the employees want to use.

To view this original article and other news items, please refer to the source.

Source: infosecurity

Topics: Social Engineering, U2F protocol tokens, data theft, hacker attacks, Infosecurity North America, keynote speaker, KnowBe4, two-factor identification, authentication, DNS propagation, New York City, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

What Are the Different Types of Hackers?

Hackers make the news regularly for their ever-evolving exploits on major brands and small businesses alike. 

Read more ›

An Overview of the 2021 Twitch Live Streaming Data Breach

Online video gamers everywhere had their eyes and ears on the news, curious to learn more about their popular live streaming service Twitch and its re..

Read more ›

Everything You Need to Know About National Cyber Security Awareness Month

Every October, people all across the U.S. celebrate a month full of cybersecurity awareness and education. 

Read more ›