BYTE talked to security expert Raphael Mudge about how hackers "social engineer" their way into companies. Using a fake LinkedIn site, he showed us how all it takes is one computer to compromise the security of an entire organization.
Raphael Mudge, founder of Strategic Cyber LLC, a startup company that creates software for "red teams"--independent groups hired to break an organization's security--says firewalls work great. But it's still awfully easy for an attacker to take control of a company's entire network. To prove it, Mudge demonstrated how a hacker can compromise one user's computer by sending a trick email, and from there break into the organization.
"Usually our goal is to break into a network as an adversary would do and go after the crown jewels of an organization," said Mudge, who once worked as a penetration tester. "Maybe that is social security numbers or maybe it is proving that we can do something they don't want done. And we do that to demonstrate risk and understand how well their security systems work. The most common way into an organization today is through a client side attack," he said.
See the video below for Mudge's demonstration of how a hacker can take control of a company.
An attack that uses LinkedIn to fool a victim would follow these basic steps:
-- The attacker sends an email and generates a LinkedIn invitation to take over one computer.
-- The fake LinkedIn site redirects traffic to capture usernames and passwords.
-- The attacker uses that computer as a gateway to infiltrate other computers on the network.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.