The weakest link in safety is still man. Kevin Mitnick showed us how to outsmart us

Written by Mitnick Security | Oct 20, 2018 12:00:00 AM

Over the past 16 years, Kevin Mitnick's team of hackers broke into every company whose security he checked. - Those evil hackers are always looking for the weakest link in the security chain. In my opinion, most often these are people, not technology - said Mitnick on stage during the Business Insider Inside Trends conference at the Koneser Center in Prague. He showed that hackers are copying even the security cards of their victims during visits to office bathrooms.

Kevin Mitnick, once the most-sought-after FBI person in the United States , has been helping companies to check their security levels for years with his team.

Mitnick emphasized during the Business Insider Inside Trends conference that the most effective weapon in the hands of hackers is social engineering , which is appropriate manipulation of people and extracting information from them. - If an attacker can thus get into one person from your organization, all security measures can be bypassed without any problems - said Mitnick on the stage.

Interestingly, according to Mitnick, it may be easier to hack companies in the United States or Japan than in Poland, because people in our region are more skeptical and suspicious.

During the Business Insider Inside Trends conference, Mitnick presented techniques allowing to gain access to company systems.

Social engineering in practice

Mitnick points out that using people to reach company systems is easier than utilizing hacking technology. It's almost free, and the risk for the attacker is very low. He noted that the effectiveness of such methods is even 99.5 percent.

The most famous hacker in the world pointed out that gathering information is a very important tool. He added that it is best to manipulate representatives of the sales and marketing department. - Students often work there - he explained.

Sometimes it's only a cursory search for information and the use of generally available tools. Mitnick told about one of the cases when he was hired by a large Canadian company. - I noticed that the website advertises a company dealing with human resources management in the Internet cloud - said Mitnick. All it took was just a few steps : registering the right domain, creating a fake page and tracking the person you can enter and the person to whom you should speak.

Within a few hours, he gained access to the data of all employees in the organization.

Watch out for passwords, pendrives and cables

Mitnick also pointed out that by changing the password, which was previously stolen, it must be significantly modified . Hackers, using the database of stolen information, can check if the password has been changed only gently.

Many people know that they should not connect pen drives received from strangers to computers. Mitnick said that the attacks can be carried out using special, swapped ... USB cables.

Double verification and copying of cards

Mitnick also showed that sometimes double verification will not save us from breaking into some websites . Hackers can steal ... session cookies that allow you to log on to a given page on another computer.

One of the most interesting "tricks" shown by Mitnick was copying access cards to office gates and doors. Hackers have tools that allow you to copy access cards to the building and premises in the company . It is enough to sometimes stand next to another person in a public toilet in a given building.

How to defend yourself?

Kevin Mitnick pointed out that the best way to educate in companies is to carry out simulated tests . - When someone in the company clicks on such a link in the email, instead of downloading the malware, he will receive the following message: "You made a mistake. You have to watch the instructional video". The second mistake? He must watch the movie again. Third error? An hour of educational materials - said Mitnick. In the end, people have to learn, if only for their own protection..

He added that conducting security penetration tests is necessary in large organizations. Employees should also report suspicious emails or other activities within the company.

- "The bad guys" will always look for the weakest link in the security chain. In my opinion, most often these are people, not technology - explained Mitnick.

To view the original article and to read other great busines articles, refer to the source.

Source: BUSINESS INSIDER POLSKA