“ I forward this file to you for review,” the unsigned email, sent to four employees of RSA's parent company EMC, stated. “Please open and view it.” 1 of the 4 retrieved the email from their junk mail folder, and opened the Excel file “2011 Recruitment plan.xls”, that contained a malicious Adobe Flash object,
Ap fake tweet
The AP Fake Tweet&Other Social Media RisksPhilip Alexander CISSP-ISSMP, CEH, CHFIFounder - Data Privacy Network
Agenda Fake AP Tweet Rattles Stock Market Cyber Warfare Social Media’s Impact on Core Industries Phishing for the Weakest Link People & Politics BYOD Questions
Fake AP Tweet Rattles Stock Market FAKE Tweet from AP Twitter account: 1:07PM – 23 Apr 13Breaking: Two Explosions in the White House and Barack Obama isInjured Dow plunged more than 140 points with minutes Was seen by nearly 2,000,000 followers Was re-Tweeted nearly 1,500 times
Cyber Warfare Impact of Cyber Warfare (Hacking) Rattles investors faith in US Stock Market Syrian Electronic Army Claimed responsibility for posting fake Tweet They also claimed to target:NPRReutersBBCAl Jazeera
Social Media’s Impact on Core Industries Dow impacted even though it wasn’t hacked.**Companies that outsource security to Social Networking sites
Phishing for the Weakest Link AP reports receiving Phishing email prior to fake Tweet Attachments Links People & Politics: A hole in a strong Defense-in-Depth posture RSA’s SecurID Breach Started with a Phishing Email: April 2011***OSI Layers 8 & 9.
People & Politics Education & Awareness Did the AP change their Twitter account password?Twitter reported being hacked back in February 2013 Least-Privileged Access From the CEO on down Web Filtering Block access to risky web sites***Security is not just the Security Guy’s job!
BYOD Support & Data Leakage (DLP) challenges associated with BYOD Thumb DrivesDo your systems allow USB Drives to be used? Smart PhonesCan your employees send/receive work emails from their personal CellPhones? iPad – iPodAre personal devices allowed at work?
QuestionsPhilip Alexander CISSP – ISSMP, CEH – CHFIFounder – Data Privacy Networkphil@dataprivacynetwork.comhttp://www.dataprivacynetwork.comhttps://www.facebook.com/DataPrivacyNetworkhttps://twitter.com/DataPrivacyNtwk