Here are 10 predictions for 2014, all cyber attacks using social engineering to penetrate the network. Have fun reading, and I will try to report back in 12 months which ones came out as real.
ICT role in 21st century education and its challenges
10 Fun Short IT Horror Stories
1.
2. Here are 10 predictions for
2014, all cyber attacks
using social engineering to
penetrate the network.
Have fun reading, and I will
try to report back in 12
months which ones came
out as real.
3. 1
The Registry Hack
A mid-size Credit Union's controller shares on
Facebook that she is expecting a baby. She has a
detailed profile on LinkedIn, and also creates a baby
registry at Amazon. She receives an email from
Amazon's marketing department that they want to
interview her about the registry and that she can
choose one of her registry items for free. She clicks
on the link. Her workstation gets infected with a Trojan
4. 2
Legal File Corruption
In-house counsel of a large defense contractor,
working long days on a corruption lawsuit against a
former VP Sales works closely with their outside
attorneys when the case comes to trial. She receives
an email from her counterpart who complains the
email server of his office is down and if she can email
him the case file immediately as he's on his way to
court. The file is used by the competition to steal away
a large deal.
5. 3
PCI Compliance Failure
A system administrator gets an email from their credit
card merchant account processor that his company
has failed their PCI compliance and that their card
processing will be shut down in 24 hours unless he
immediately reports on the recent vulnerability scan
what was done. A link is provided to confirm which
patches have been applied. The system admin clicks
and his workstation gets infected with a zero-day
exploit that gives the bad guys the keys to the
kingdom: admin credentials!
6. 4
Underperformance Review
Dozens of employees in a healthcare company get an
email from their CEO who is asking to participate in an
anonymous "How Are We Doing?" survey. The CEO
explicitly asks for feedback on herself, and also if the
employee please rate the performance of their direct
supervisor. 65% of the employees click on the link and
all of their workstations get infected causing the IT
team four days of twenty-hour frantic wipe & rebuild
time.
7. 5
iPhone Pwned
A CEO of a non-profit shares on LinkedIn he really
likes the new iPhone with fingerprint recognition. A few
weeks later he gets a text message from Apple that
there is an important update of the fingerprint software,
and that he should do that as soon as possible. It will
require a reboot of his phone though. He complies
right away, but what gets installed is mobile malware
that steals the credentials of his office VPN. Bad guys
add phantom employees to their payroll and they lose
$15,000 to money mules in Direct Deposit the
next Friday.
8. 6
Celebrity Trap
The VP Sales of a large online ticket reservation site
gets an email from the lead singer of his favorite band,
inviting him to meet & greet backstage after the coming
gig they have in his town. He's all excited and clicks on
the link. That one click is enough to let the bad guys in,
and exfiltrate their database with 275,000 full customer
credit card transactions. Cha-Ching!
9. 7
Credit Card Security Con
The wife of a mid-size bank's President gets a phone
call from their credit card company. The rep explains
they are offering a new security service, to make sure
their account is resistant against cyber attacks. This
service will send a text to her phone if there is a
fraudulent charge, so she can tap "no" on the phone if
she wants to dispute the charge. The rep asks her to
type a domain name in her browser so she can get her
cell phone subscribed to the new service. The domain
is malicious and drops a Trojan on her PC which allows
the bad guys to take over the home network, and infect
the laptop of her husband who plugs it in the bank's
network during the week. The bank itself gets
penetrated that way, and $2 Million gets transferred to
Russia out of the bank's customer accounts.
10. 8
Broken Cloud
A few years ago, Chinese government-sponsored
hackers opened a front office in the US and carefully
developed it into a well-funded, up & coming cloud
consultancy firm. They keep working at it, impressing
cloud providers with whitepapers showing their indepth knowledge of cloud security. They even hire
unwitting US employees that have security clearance.
Finally they get invited by Amazon for a possible
contracting job. They get access to the premises, are
invited for a tour of the data center and manage to plug
a small device in the ethernet jack of a conference
room phone for a few seconds. That allows them to
subtly sabotage that data center and write another
whitepaper describing the specific problem. Next, they
sit back and wait until they are called. Finally the call
comes, they move in to "assist" and obtain full
ownership of the cloud.
11. 9
PDF Deception
The CIO of a large insurance company gets a call from
an attractive sounding recruiter, stating that he's been
selected for an interview to discuss a CEO position at
an online competitor. He has not heard of the recruiting
firm but checks out the rep on LinkedIn. It all seems
legit and she's a looker. As part of the procedure, the
CIO gets a PDF with a description of the company that
is interested in him. The PDF does not open up for
some reason and he closes the reader. He retries but
the PDF fails again. You guessed it. There was a
Trojan inside and his workstation is pnwed, allowing
very valuable confidential information to be exfiltrated.
12. 10
Top Dog Social Engineer
A man crafts a new web portal and establishes trust
with new users, helping them to get ahead socially by
sharing personal and work details, habits, and
preferences. He collects all of this data, allows targeted
advertising, and even goes public. It's unbelievable that
he gets away with this when identity theft has become
rampant and not giving out personal information is top
priority. In case you did not guess, the Top Dog social
engineer is Mark Zuckerberg, founder and CEO of
Facebook. A billion people fell for his ruse. Remember,
if you don't -pay- for the product you -are- the product.