Be the first to like this
During Waking Shark II, some impromptu testing was conducted against a very well-known 'core' Bank with test Phishing Attacks. Having located a user e-mail address, which was extracted from an object which had suffered some Data Leakage, with association with UK Government GSX account, it was simply a matter of sending them an email with a text like ‘Hi, we recently met as a Government Forum in London, and just wanted to get back in touch’ The response was almost immediate with a ‘Yes, probably, what can I do for you’. . It was that easy. The same deployment had also suffered having a connection in place, out to a .com.cn [Chinese set of Servers].
There is no doubt that when it comes to the Logical Environment being compromised, there is a lot of association with what the user does, or does not click upon.
This presentation looks at some of those issues: