10 Socially Engineered Cyber Attacks Coming in 2014
One security expert expects 2014 to be filled with cyber attacks driven by social engineering.–PC Pitstop
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
Here are 10 predictions for 2014, all cyber attacks using social engineering to penetrate the network. Have fun reading, and I will try to report back in 12 months which ones came out as real.
—1) The Registry Hack—
A mid-size Credit Union’s controller shares on Facebook that she is expecting a baby. She has a detailed profile on LinkedIn, and also creates a baby registry at Amazon. She receives an email from Amazon’s marketing department that they want to interview her about the registry and that she can choose one of her registry items for free. She clicks on the link. Her workstation gets infected with a Trojan and the bad guys transfer $495,000 to the Ukraine over a long weekend.
—2) Legal File Corruption—
In-house counsel of a large defense contractor, working long days on a corruption lawsuit against a former VP Sales works closely with their outside attorneys when the case comes to trial. She receives an email from her counterpart who complains the email server of his office is down and if she can email him the case file immediately as he’s on his way to court. The file is used by the competition to steal away a large deal.
—3) PCI Compliance Failure—
A system administrator gets an email from their credit card merchant account processor that his company has failed their PCI compliance and that their card processing will be shut down in 24 hours unless he immediately reports on the recent vulnerability scan what was done. A link is provided to confirm which patches have been applied. The system admin clicks and his workstation gets infected with a zero-day exploit that gives the bad guys the keys to the kingdom: admin credentials!
This excerpt appears with permission from knowbe4.com.