SlideShare a Scribd company logo

10 Fun Short IT Horror Stories

Download as PPTX, PDF
Stu Sjouwerman
Stu Sjouwerman

Here are 10 predictions for 2014, all cyber attacks using social engineering to penetrate the network. Have fun reading, and I will try to report back in 12 months which ones came out as real.

TechnologyEconomy & Finance
1 of 13
Here are 10 predictions for 2014, all cyber attacks using social engineering to penetrate the network. Have fun reading, and I will try to report back in 12 months which ones came out as real.
1 The Registry Hack A mid-size Credit Union's controller shares on Facebook that she is expecting a baby. She has a detailed profile on LinkedIn, and also creates a baby registry at Amazon. She receives an email from Amazon's marketing department that they want to interview her about the registry and that she can choose one of her registry items for free. She clicks on the link. Her workstation gets infected with a Trojan
2 Legal File Corruption In-house counsel of a large defense contractor, working long days on a corruption lawsuit against a former VP Sales works closely with their outside attorneys when the case comes to trial. She receives an email from her counterpart who complains the email server of his office is down and if she can email him the case file immediately as he's on his way to court. The file is used by the competition to steal away a large deal.
3 PCI Compliance Failure A system administrator gets an email from their credit card merchant account processor that his company has failed their PCI compliance and that their card processing will be shut down in 24 hours unless he immediately reports on the recent vulnerability scan what was done. A link is provided to confirm which patches have been applied. The system admin clicks and his workstation gets infected with a zero-day exploit that gives the bad guys the keys to the kingdom: admin credentials!
4 Underperformance Review Dozens of employees in a healthcare company get an email from their CEO who is asking to participate in an anonymous "How Are We Doing?" survey. The CEO explicitly asks for feedback on herself, and also if the employee please rate the performance of their direct supervisor. 65% of the employees click on the link and all of their workstations get infected causing the IT team four days of twenty-hour frantic wipe & rebuild time.
5 iPhone Pwned A CEO of a non-profit shares on LinkedIn he really likes the new iPhone with fingerprint recognition. A few weeks later he gets a text message from Apple that there is an important update of the fingerprint software, and that he should do that as soon as possible. It will require a reboot of his phone though. He complies right away, but what gets installed is mobile malware that steals the credentials of his office VPN. Bad guys add phantom employees to their payroll and they lose $15,000 to money mules in Direct Deposit the next Friday.
6 Celebrity Trap The VP Sales of a large online ticket reservation site gets an email from the lead singer of his favorite band, inviting him to meet & greet backstage after the coming gig they have in his town. He's all excited and clicks on the link. That one click is enough to let the bad guys in, and exfiltrate their database with 275,000 full customer credit card transactions. Cha-Ching!
7 Credit Card Security Con The wife of a mid-size bank's President gets a phone call from their credit card company. The rep explains they are offering a new security service, to make sure their account is resistant against cyber attacks. This service will send a text to her phone if there is a fraudulent charge, so she can tap "no" on the phone if she wants to dispute the charge. The rep asks her to type a domain name in her browser so she can get her cell phone subscribed to the new service. The domain is malicious and drops a Trojan on her PC which allows the bad guys to take over the home network, and infect the laptop of her husband who plugs it in the bank's network during the week. The bank itself gets penetrated that way, and $2 Million gets transferred to Russia out of the bank's customer accounts.
8 Broken Cloud A few years ago, Chinese government-sponsored hackers opened a front office in the US and carefully developed it into a well-funded, up & coming cloud consultancy firm. They keep working at it, impressing cloud providers with whitepapers showing their indepth knowledge of cloud security. They even hire unwitting US employees that have security clearance. Finally they get invited by Amazon for a possible contracting job. They get access to the premises, are invited for a tour of the data center and manage to plug a small device in the ethernet jack of a conference room phone for a few seconds. That allows them to subtly sabotage that data center and write another whitepaper describing the specific problem. Next, they sit back and wait until they are called. Finally the call comes, they move in to "assist" and obtain full ownership of the cloud.
9 PDF Deception The CIO of a large insurance company gets a call from an attractive sounding recruiter, stating that he's been selected for an interview to discuss a CEO position at an online competitor. He has not heard of the recruiting firm but checks out the rep on LinkedIn. It all seems legit and she's a looker. As part of the procedure, the CIO gets a PDF with a description of the company that is interested in him. The PDF does not open up for some reason and he closes the reader. He retries but the PDF fails again. You guessed it. There was a Trojan inside and his workstation is pnwed, allowing very valuable confidential information to be exfiltrated.
10 Top Dog Social Engineer A man crafts a new web portal and establishes trust with new users, helping them to get ahead socially by sharing personal and work details, habits, and preferences. He collects all of this data, allows targeted advertising, and even goes public. It's unbelievable that he gets away with this when identity theft has become rampant and not giving out personal information is top priority. In case you did not guess, the Top Dog social engineer is Mark Zuckerberg, founder and CEO of Facebook. A billion people fell for his ruse. Remember, if you don't -pay- for the product you -are- the product.
10 Fun Short IT Horror Stories

Recommended

Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Ronak Jain
 
IT Sample Paper
IT Sample PaperIT Sample Paper
IT Sample PaperWrite My Essay
 
Blue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportBlue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportContent Rules, Inc.
 
Phishing
PhishingPhishing
PhishingJayaseelan Vejayon
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
Employee extortion
Employee extortionEmployee extortion
Employee extortionrhey02
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyharpinderkaur123
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 

Recommended

Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Ronak Jain
 
IT Sample Paper
IT Sample PaperIT Sample Paper
IT Sample PaperWrite My Essay
 
Blue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportBlue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportContent Rules, Inc.
 
Phishing
PhishingPhishing
PhishingJayaseelan Vejayon
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
Employee extortion
Employee extortionEmployee extortion
Employee extortionrhey02
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyharpinderkaur123
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing FrameworkIJAEMSJORNAL
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gchiewmingli
 
Symantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingMuhammad Haroon CISM PCI QSA ISMS LA CPTS CEH
 
FBI And Cyber Crime | Crime Stoppers International
FBI And Cyber Crime | Crime Stoppers International FBI And Cyber Crime | Crime Stoppers International
FBI And Cyber Crime | Crime Stoppers International Scott Mills
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till nowelakkiya poongunran
 
Top Cyber Threats of 2009
Top Cyber Threats of 2009Top Cyber Threats of 2009
Top Cyber Threats of 2009Symantec
 
Protecting Yourself Against Mobile Phishing
Protecting Yourself Against Mobile PhishingProtecting Yourself Against Mobile Phishing
Protecting Yourself Against Mobile PhishingAlliance Data card services - Know More Sell More
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemNarendra Singh
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
Anti phishing
Anti phishingAnti phishing
Anti phishingShethwala Ridhvesh
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishingRaviteja Chowdary Adusumalli
 
Social Networking Threats
Social Networking ThreatsSocial Networking Threats
Social Networking Threatsejhilbert
 
Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-UpdatedJayaseelan Vejayon
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Cyber crime
Cyber crime Cyber crime
Cyber crime srishtig993
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Securityscstatelibrary
 
Facebook
FacebookFacebook
FacebookSteph Cliche
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Data breach
Data breachData breach
Data breachBurhan Ahmed
 

More Related Content

What's hot

A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing FrameworkIJAEMSJORNAL
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Symantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec
 
FBI And Cyber Crime | Crime Stoppers International
FBI And Cyber Crime | Crime Stoppers International FBI And Cyber Crime | Crime Stoppers International
FBI And Cyber Crime | Crime Stoppers International Scott Mills
 
Top Cyber Threats of 2009
Top Cyber Threats of 2009Top Cyber Threats of 2009
Top Cyber Threats of 2009Symantec
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemNarendra Singh
 
Social Networking Threats
Social Networking ThreatsSocial Networking Threats
Social Networking Threatsejhilbert
 

What's hot (20)

A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Symantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec Report On Rogue Security Software
Symantec Report On Rogue Security Software
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In Phishing
 
FBI And Cyber Crime | Crime Stoppers International
FBI And Cyber Crime | Crime Stoppers International FBI And Cyber Crime | Crime Stoppers International
FBI And Cyber Crime | Crime Stoppers International
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
 
Top Cyber Threats of 2009
Top Cyber Threats of 2009Top Cyber Threats of 2009
Top Cyber Threats of 2009
 
Protecting Yourself Against Mobile Phishing
Protecting Yourself Against Mobile PhishingProtecting Yourself Against Mobile Phishing
Protecting Yourself Against Mobile Phishing
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
 
Phishing
PhishingPhishing
Phishing
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
 
Social Networking Threats
Social Networking ThreatsSocial Networking Threats
Social Networking Threats
 
Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-Updated
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Security
 
Facebook
FacebookFacebook
Facebook
 

Similar to 10 Fun Short IT Horror Stories

National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
What Are My Risks
What Are My RisksWhat Are My Risks
What Are My Risksrothl
 
What Are My Risks
What Are My RisksWhat Are My Risks
What Are My Risksrothl
 
What Are My Risks
What Are My RisksWhat Are My Risks
What Are My Risksrothl
 
Case Project 2 Read the following Case Study and answer the que
Case Project 2 Read the following Case Study and answer the queCase Project 2 Read the following Case Study and answer the que
Case Project 2 Read the following Case Study and answer the queogglili
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 
Blue team responses to people who "hack like a girl"
Blue team responses to people who "hack like a girl" Blue team responses to people who "hack like a girl"
Blue team responses to people who "hack like a girl" Kate Brew
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019ImekDesign
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftAppsian
 
Read Ethics in IT. Information technology is the engine that make.docx
Read Ethics in IT. Information technology is the engine that make.docxRead Ethics in IT. Information technology is the engine that make.docx
Read Ethics in IT. Information technology is the engine that make.docxleonorepour284
 
Anatomy of a spear phishing attack
Anatomy of a spear phishing attackAnatomy of a spear phishing attack
Anatomy of a spear phishing attackMark Mair
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
 
12 Holiday Tech Shopping Scams
12 Holiday Tech Shopping Scams12 Holiday Tech Shopping Scams
12 Holiday Tech Shopping ScamsJim Evans
 
ImageQuest_Newsletter_July_Milton copy
ImageQuest_Newsletter_July_Milton copyImageQuest_Newsletter_July_Milton copy
ImageQuest_Newsletter_July_Milton copyAlisa Alvich
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Social Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageSocial Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageCindy Kim
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxtidwellveronique
 

Similar to 10 Fun Short IT Horror Stories (20)

National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Data breach
Data breachData breach
Data breach
 
What Are My Risks
What Are My RisksWhat Are My Risks
What Are My Risks
 
What Are My Risks
What Are My RisksWhat Are My Risks
What Are My Risks
 
What Are My Risks
What Are My RisksWhat Are My Risks
What Are My Risks
 
Social Engineering CSO Survival Guide
Social Engineering CSO Survival GuideSocial Engineering CSO Survival Guide
Social Engineering CSO Survival Guide
 
Case Project 2 Read the following Case Study and answer the que
Case Project 2 Read the following Case Study and answer the queCase Project 2 Read the following Case Study and answer the que
Case Project 2 Read the following Case Study and answer the que
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
 
Blue team responses to people who "hack like a girl"
Blue team responses to people who "hack like a girl" Blue team responses to people who "hack like a girl"
Blue team responses to people who "hack like a girl"
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit Theft
 
Read Ethics in IT. Information technology is the engine that make.docx
Read Ethics in IT. Information technology is the engine that make.docxRead Ethics in IT. Information technology is the engine that make.docx
Read Ethics in IT. Information technology is the engine that make.docx
 
Anatomy of a spear phishing attack
Anatomy of a spear phishing attackAnatomy of a spear phishing attack
Anatomy of a spear phishing attack
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on Cybersecurity
 
12 Holiday Tech Shopping Scams
12 Holiday Tech Shopping Scams12 Holiday Tech Shopping Scams
12 Holiday Tech Shopping Scams
 
ImageQuest_Newsletter_July_Milton copy
ImageQuest_Newsletter_July_Milton copyImageQuest_Newsletter_July_Milton copy
ImageQuest_Newsletter_July_Milton copy
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
Social Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageSocial Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the Message
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docx
 
Cyber safe girl e book
Cyber safe girl e bookCyber safe girl e book
Cyber safe girl e book
 

Recently uploaded

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Recently uploaded (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

10 Fun Short IT Horror Stories

  • 1.
  • 2. Here are 10 predictions for 2014, all cyber attacks using social engineering to penetrate the network. Have fun reading, and I will try to report back in 12 months which ones came out as real.
  • 3. 1 The Registry Hack A mid-size Credit Union's controller shares on Facebook that she is expecting a baby. She has a detailed profile on LinkedIn, and also creates a baby registry at Amazon. She receives an email from Amazon's marketing department that they want to interview her about the registry and that she can choose one of her registry items for free. She clicks on the link. Her workstation gets infected with a Trojan
  • 4. 2 Legal File Corruption In-house counsel of a large defense contractor, working long days on a corruption lawsuit against a former VP Sales works closely with their outside attorneys when the case comes to trial. She receives an email from her counterpart who complains the email server of his office is down and if she can email him the case file immediately as he's on his way to court. The file is used by the competition to steal away a large deal.
  • 5. 3 PCI Compliance Failure A system administrator gets an email from their credit card merchant account processor that his company has failed their PCI compliance and that their card processing will be shut down in 24 hours unless he immediately reports on the recent vulnerability scan what was done. A link is provided to confirm which patches have been applied. The system admin clicks and his workstation gets infected with a zero-day exploit that gives the bad guys the keys to the kingdom: admin credentials!
  • 6. 4 Underperformance Review Dozens of employees in a healthcare company get an email from their CEO who is asking to participate in an anonymous "How Are We Doing?" survey. The CEO explicitly asks for feedback on herself, and also if the employee please rate the performance of their direct supervisor. 65% of the employees click on the link and all of their workstations get infected causing the IT team four days of twenty-hour frantic wipe & rebuild time.
  • 7. 5 iPhone Pwned A CEO of a non-profit shares on LinkedIn he really likes the new iPhone with fingerprint recognition. A few weeks later he gets a text message from Apple that there is an important update of the fingerprint software, and that he should do that as soon as possible. It will require a reboot of his phone though. He complies right away, but what gets installed is mobile malware that steals the credentials of his office VPN. Bad guys add phantom employees to their payroll and they lose $15,000 to money mules in Direct Deposit the next Friday.
  • 8. 6 Celebrity Trap The VP Sales of a large online ticket reservation site gets an email from the lead singer of his favorite band, inviting him to meet & greet backstage after the coming gig they have in his town. He's all excited and clicks on the link. That one click is enough to let the bad guys in, and exfiltrate their database with 275,000 full customer credit card transactions. Cha-Ching!
  • 9. 7 Credit Card Security Con The wife of a mid-size bank's President gets a phone call from their credit card company. The rep explains they are offering a new security service, to make sure their account is resistant against cyber attacks. This service will send a text to her phone if there is a fraudulent charge, so she can tap "no" on the phone if she wants to dispute the charge. The rep asks her to type a domain name in her browser so she can get her cell phone subscribed to the new service. The domain is malicious and drops a Trojan on her PC which allows the bad guys to take over the home network, and infect the laptop of her husband who plugs it in the bank's network during the week. The bank itself gets penetrated that way, and $2 Million gets transferred to Russia out of the bank's customer accounts.
  • 10. 8 Broken Cloud A few years ago, Chinese government-sponsored hackers opened a front office in the US and carefully developed it into a well-funded, up & coming cloud consultancy firm. They keep working at it, impressing cloud providers with whitepapers showing their indepth knowledge of cloud security. They even hire unwitting US employees that have security clearance. Finally they get invited by Amazon for a possible contracting job. They get access to the premises, are invited for a tour of the data center and manage to plug a small device in the ethernet jack of a conference room phone for a few seconds. That allows them to subtly sabotage that data center and write another whitepaper describing the specific problem. Next, they sit back and wait until they are called. Finally the call comes, they move in to "assist" and obtain full ownership of the cloud.
  • 11. 9 PDF Deception The CIO of a large insurance company gets a call from an attractive sounding recruiter, stating that he's been selected for an interview to discuss a CEO position at an online competitor. He has not heard of the recruiting firm but checks out the rep on LinkedIn. It all seems legit and she's a looker. As part of the procedure, the CIO gets a PDF with a description of the company that is interested in him. The PDF does not open up for some reason and he closes the reader. He retries but the PDF fails again. You guessed it. There was a Trojan inside and his workstation is pnwed, allowing very valuable confidential information to be exfiltrated.
  • 12. 10 Top Dog Social Engineer A man crafts a new web portal and establishes trust with new users, helping them to get ahead socially by sharing personal and work details, habits, and preferences. He collects all of this data, allows targeted advertising, and even goes public. It's unbelievable that he gets away with this when identity theft has become rampant and not giving out personal information is top priority. In case you did not guess, the Top Dog social engineer is Mark Zuckerberg, founder and CEO of Facebook. A billion people fell for his ruse. Remember, if you don't -pay- for the product you -are- the product.