#SecTorCa: A Hacker’s Perspective on Your Infrastructure

  • Staying conscious of likely hazards can assistance organizations to mitigate individuals threats, but very first they genuinely need to recognize what hackers are on the lookout at. That is the check out of IT security auditor Paula Januszkiewicz, founder of CQURE.

    Januszkiewicz delivered her information in the course of a keynote session at the virtual SecTor security convention. Januszkiewicz observed that during the pandemic there has been an raise in cybersecurity assaults as attackers intention to exploit weaknesses for their very own profit. In her view, defenders should get a hacker viewpoint to gain much better situational consciousness.

    “So recognition usually means we know what’s heading on with cybersecurity, we know, distinctive instances and examples, and we are educated in cybersecurity,” Januszkiewicz reported.

    Hacker Confidence

    To help emphasize what consciousness implies from her viewpoint, she gave an example of how she was able to get into a organization that she was undertaking a penetration exam for in Switzerland.

    Only by subsequent an approved worker into the constructing then generating little communicate with a different in an elevator, she was in a position to acquire accessibility to an employee region. When workforce were out at lunch, she observed her way to a desktop that was unlocked and inserted a digispark USB gadget to steal information.

    “That is the attractiveness of social engineering people assume that, when you do matters with self-assurance, they are the issues that you ended up intended to be executing,” she claimed.

    Seven Security Issues That Shouldn’t Occur

    In Januszkiewicz’s look at there are 7 key security issues that defenders want to be knowledgeable of, that hackers like to exploit.

    The 1st issue is weak passwords. She observed that in a single situation her company was conducting an audit of an oil and fuel company and executed a password spraying attack. She spelled out that her firm just took a record of the company’s 6000 workers and tried to entry user accounts with the employees’ identify as the username and a password of CompanyName2020. She was able to obtain 29 accounts with that system.

    The 2nd essential issue she identified as “Peeping ROM,” which is the place personnel are in a position to sneak a peak at a co-worker or stranger’s workstation in the place of work or in a community place. She proposed that companies have a policy for locking desktops, so when an employee is not energetic, the desktop is locked. The 3rd key issue she named “USB Stick Up,” which is when victims decide up a random USB stick and plug it into their system to see what’s on it. Which is an exercise that can lead to exploitation.

    Januszkiewicz said that there are a whole lot of phishing messages currently that get previous spam filters which potential customers to the fourth crucial issue that she identified as “Phish Biting.” The unlucky reality is that untrained users however simply click on phishing email messages, primarily when they get past spam filters. “Reckless Abandon” is the fifth issue, which is when people simply do not choose basic safeguards to secure their devices, these as not placing a passcode on a smartphone.

    Applying another person else’s Wi-Fi relationship is also a terrible practice that Januszkiewicz advocated from, as an attacker can most likely see all your traffic. The very last key issue that she talked about was staying way too social. Some people today have a inclination to share far too considerably facts on social media. The hacker perspective on that is that it can offer data that might be practical to aid exploit the user.

    “We had a case in which there was a male on LinkedIn from a selected corporation, and he liked Tesla vehicles, and for a single of his private emails he was employing, there was a restoration dilemma of what’s your preferred auto and we typed in Tesla,” Januszkiewicz recounted. “That worked and that was so considerably fun since this data was tremendous quick to obtain.”