Assuming that basic technical blocking-and-tackling issues are addressed,like not having SQL injection exploitable databases, limiting brute force attempts, and using robust egress traffic monitoring/data loss prevention infrastructure,the most vulnerable components of any corporate network are humans. Most breaches start with an employee electing to open the door for an attacker after being socially engineered.
The most basic social engineering attacks still take place by spoofing email addresses of known colleagues or contacts found during initial reconnaissance on sites like LinkedIn or Facebook and sending malicious content.The Syrian Electronic Army has used this method with surprisingly effective results to access web-based work email accounts that can then be used to subsequently cause more damage, like changing DNS and accessing social media accounts or document theft. Hacktivist groups like Anonymous will often use similar reconnaissance to take advantage of call centers and customer support to reset passwords in order to gain access to corporate servers and inboxes.
Unsurprisingly,other social engineering campaigns have leveraged the global connectedness that social media offers. A China-linked campaign in late 2014 targeted employees of male-dominated sectors like technology and nuclear engineering. Attractive women “friended” engineers using Facebook and then passed along links to malicious files in chat messages.
Similarly, a recent financial-related network attack began with a targeted employee being contacted on Skype by a supposed trade organization.An initial registration document was passed to the victim, which was not malicious.A subsequent Word document was passed along that contained custom-written malware. From there the attackers gained access to the network and made off with over $1 million and credentials for attacks on partners.
For more about other network security issues as well as some basic best practices from a network security training consultant, read the article “Basic Training in Network Security” in the July-August issue of LP Magazine.