Remaining mindful of potential dangers can help companies to mitigate these risks, but initially they actually have to have to comprehend what hackers are wanting at. That is the perspective of IT security auditor Paula Januszkiewicz, founder of CQURE.
Januszkiewicz delivered her information for the duration of a keynote session at the virtual SecTor security meeting. Januszkiewicz mentioned that through the pandemic there has been an increase in cybersecurity attacks as attackers intention to exploit weaknesses for their personal advantage. In her see, defenders should really just take a hacker viewpoint to gain much better situational consciousness.
“So consciousness usually means we know what is heading on with cybersecurity, we know, distinct cases and examples, and we are educated in cybersecurity,” Januszkiewicz stated.
To help spotlight what consciousness usually means from her perspective, she gave an example of how she was equipped to get into a enterprise that she was accomplishing a penetration examination for in Switzerland.
Just by subsequent an approved staff into the constructing then generating smaller talk with another in an elevator, she was equipped to attain access to an staff location. When employees ended up out at lunch, she identified her way to a desktop that was unlocked and inserted a digispark USB machine to steal information and facts.
“That is the magnificence of social engineering persons hope that, when you do factors with self esteem, they are the things that you had been supposed to be doing,” she mentioned.
Seven Security Issues That Should not Materialize
In Januszkiewicz’s see there are seven crucial security issues that defenders want to be informed of, that hackers appreciate to exploit.
The initially issue is weak passwords. She pointed out that in 1 scenario her firm was conducting an audit of an oil and gas firm and executed a password spraying attack. She explained that her organization basically took a record of the company’s 6000 workers and tried to obtain user accounts with the employees’ name as the username and a password of CompanyName2020. She was capable to entry 29 accounts with that technique.
The next crucial issue she identified as “Peeping ROM,” which is where by staff are capable to sneak a peak at a co-employee or stranger’s workstation in the place of work or in a general public place. She instructed that businesses have a plan for locking desktops, so when an worker is not active, the desktop is locked. The 3rd critical issue she identified as “USB Adhere Up,” which is when victims decide up a random USB stick and plug it into their procedure to see what’s on it. Which is an activity that can guide to exploitation.
Januszkiewicz claimed that there are a ton of phishing messages currently that get previous spam filters which sales opportunities to the fourth vital issue that she referred to as “Phish Biting.” The regrettable actuality is that untrained users continue to simply click on phishing e-mails, specifically when they get previous spam filters. “Reckless Abandon” is the fifth issue, which is when consumers just do not just take simple precautions to safe their products, this sort of as not putting a passcode on a smartphone.
Applying another person else’s Wi-Fi relationship is also a bad exercise that Januszkiewicz advocated versus, as an attacker can probably see all your website traffic. The past important issue that she mentioned was staying far too social. Some men and women have a inclination to share much too a lot facts on social media. The hacker standpoint on that is that it can give information that might be handy to enable exploit the consumer.
“We experienced a case where there was a man on LinkedIn from a sure firm, and he favored Tesla cars, and for a person of his individual e-mails he was applying, there was a recovery issue of what’s your favorite vehicle and we typed in Tesla,” Januszkiewicz recounted. “That worked and that was so a lot enjoyable mainly because this details was tremendous quick to discover.”
Some components of this report are sourced from: