//
you're reading...
Information Security, IT & TECHNOLOGY

Job Boards, Social Networking Sites Can Set Cyber Attacks in Motion


Jesse FernandezOne of the most common cyber security questions I get is: How do attackers plan/carry out their attacks? I thought this would be a great topic to address since we are always asked to explain the risk of any audit observation we make. So, what is risk anyway? In a cyber security context, think of risk as the overall probability of our systems or data being compromised by a malicious individual.

Attackers (which could be insiders) make up one piece of our risk equation, the other piece being vulnerabilities. If one piece of the risk equation does not exist (attackers or vulnerabilities), then there would be no risk to our systems and/or data. Why? Because if the world was full of attackers, but our systems/data were not vulnerable to any attack, then the attackers could not steal our data. In a similar way, if we ran a system full of vulnerabilities (think Windows XP, which is no longer supported by Microsoft), but attackers simply did not exist, then there would not be a risk of our systems or data being compromised.

So, how do attackers operate? Here are some common techniques:

1. Attackers perform reconnaissance activities on the targeted organization and can gather data from the following:

  • Websites
  • Forums
  • Job boards
  • Social networking sites, such as LinkedIn, Facebook, Twitter, Google+
  • Employees (e.g., sales, human resources, executives)

2. The data uncovered during reconnaissance allows the attacker to identify who/what to target within your organization. Next, the attacker prepares and delivers the exploit to your organization. The following are common methods of delivery:

  • Watering hole attacks are used to infect websites that your users/members of your group are known to visit.
  • Spear phishing attacks are used to trick specific users into infecting their system.

3. Once on your network, the attacker will attempt to compromise additional systems and exfiltrate your data. They do this by exploiting known/unknown system vulnerabilities via command and control.

There you have it – those are the basic steps of an attack. I recommend you watch this video produced by Cisco that illustrates an attack better than I can. Here are some recommendations that can be acted upon:

  •  Ensure your organization has an adequate cyber security awareness program in place.
  • Ensure your organization conducts spear phishing exercises on all employees.
  • Work with human resources to avoid including too much detail in job ads.
  • Monitor social media use/review public posts made about your company.
  • Educate your employees on what information should not be disclosed to anyone in normal day-to-day conversations.
  • Ensure adequate malware prevention capabilities are in place.
  • Ensure adequate intrusion detection/incident-handling capabilities are in place.

Editor’s note: Jesse Fernandez presented on auditing cyber security at North America CACS 2017. For highlights and key takeaways from the North America CACS and EuroCACS conferences, read the CACS 2017 Conference Report

Jesse Fernandez, CISA, Senior IS Auditor

[ISACA Now Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 119,161 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,247 other followers

Twitter Updates

Archives

July 2017
M T W T F S S
« Jun   Aug »
 12
3456789
10111213141516
17181920212223
24252627282930
31  
%d bloggers like this: