The simple things in life are often the best.

It doesn’t matter how strong your defences are, if the operator/human is tricked, it is a game over.

Targeting infrastructure for malicious attacks water, gas, electricity, telecommunications, etc. could lead to a massive loss of lives. Transport and the Airline industry is a big one.

Something as simple as a social engineering attempt shows that, as long as humans are in control or have access to powerful systems, they will also be targets for attack.

The compromise started with a phishing attack in which email containing a malicious link was sent to people working in the aviation industry. The CIS said the attackers used a “public document” in selecting their victims, but did not identify the document.

The fact that the attackers were able to trick people into downloading malware that led to the compromise is “surprising, but not unexpected,” Murray said. “Simple attacks work.”

You’re a CxO of a company or a high risk individual, you receive an e-mail, you fall for the trap. Now, is your company, family, reputation, etc at risk?

If you need further proof that social engineering affects everyone, just ask the  head of Australia’s Military. His pictures were lifted from a site and used for a lonely hearts scam. This is a reverse scenario where leveraging someone’s position of power to carry off a scam.

Remember phishing:

  • Addressed in a personal nature
    • Connected via Facebook, ‘direct’ relationship to you
  • Something to get you to react
    • He has been single and is looking to meet up
  • Consequence should you fail to act
    • Missing out on an opportunity to meet someone
  • The con: need to send €300 to ‘him’ to arrange for costs

Side note: with greater access to anonymous methods for money transfer, traditional financial gain crimes will become increasingly prevalent, brazen and are harder to stop (scams, extortion, etc).

http://www.csoonline.com/article/2378585/data-protection/airport-breach-a-sign-for-it-industry-to-think-security-not-money.html

http://www.smh.com.au/national/defence-chiefs-identity-stolen-in-love-scam-20140628-3b0jk.html

Advertisements