Mitnick Talks Social Engineering and Attack Tactics

Breaches get worse and attacks keep happening, as threat actors have all of the capability thanks to user’s habits.

Speaking at Infosecurity North America in New York City, author, speaker and chief hacking officer of KnowBe4 Kevin Mitnick said that threat actors are able to collect information on their victims all too easily, and when evaluating a company it is also straight-forward to determine suppliers, customers, partners, vendors and employees to enable a social engineering exercise.

In his opening keynote 'How to fight back against hacker attacks', Mitnick cited several examples of how to socially engineer a company and bypass traditionally strong security tools like anti-virus and two-factor authentication.

In one example, he said he had been hired by a Canadian retailer for an assessment and he was able to determine who an HR provider was, so he set up a cloned website using the Canadian .ca domain, called a member of the company and told them they were “standardizing top level domains” and to try .ca first, which allowed him access to all payroll data, and all salary history. 

He said: “The attack was not so interesting to me, but the longest part of it was waiting for the DNS to propagate on the .ca domain, which took about half an hour.”

Mitnick was also able to demonstrate how to bypass two-factor authentication as “most companies offer one type of authentication” in the case of Paypal invoice which asked for credentials and once these were intercepted, so was the victim’s session cookies. To prevent this, he recommended using U2F protocol tokens, but said that these can also be stolen.

Overall, Mitnick demonstrated how simple it is to hijack a victim with a small amount of personal data when doing testing, and to defend against such attacks, to try using tactics that “the threat actors use” and create tools that the employees want to use.

To view this original article and other news items, please refer to the source.

Source: infosecurity

Topics: Social Engineering, U2F protocol tokens, data theft, hacker attacks, Infosecurity North America, keynote speaker, KnowBe4, two-factor identification, authentication, DNS propagation, New York City, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Remote Security: 5 Cyber Security Tips for Employees and Businesses

By 2025, 32.6 million Americans are estimated to work remotely. Additionally, 73% of executives believe employees who work remotely present more cyber..

Read more ›

How Long Will It Take To Recoup From a Data Breach?

While many think of the steps needed to avoid a data breach, it’s equally important to think about the steps your business would need to take in the w..

Read more ›

Ransomware Attacks: Trends and Most Targeted Industries

With the rise of worldwide ransomware attacks, 2024 is the perfect time to understand why these current cyber threats are happening and how to safegua..

Read more ›
tech-texture-bg