Well, hello if you made it to day 4 with me! So, I initially wrote this blog on Saturday 9/11. Well, technically I took notes. Weekends are mostly family time (which I planned to get up early before the kids and handle my business) BUT this particular weekend I was sick. Your girl literally could not move. So now we are here Monday, and I am cleaning up my notes and writing blogs.
As I mentioned above my Saturday didn’t go as planned but that’s ok. I managed to attend the Black Cybersecurity Association Security+ 601 study session. I think that’s a win especially with how I was feeling. The study session started at 9:00 AM CST and lasted until about 11:30 AM CST.
We started with a game on Kahoot. The professor had questions from the previous study session. Some of the questions/puzzles were really tricky and made you think which is similar to the exam. I like the challenge, bring it on! Guess what! I came in SECOND place! Second out of like thirty-eight people! Next time you will see me in 1st place! Yes, I can be competitive at times. There is nothing wrong with a friendly competition.
Social Engineering Attack Types & Techniques
Social Engineering is a very important topic to know about. I have a few books in mind that I plan on reading that is all about social engineering.
A few books that I plan on reading:
The Art of Deception
No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing
Social Engineering: The Science of Human Hacking
Social Engineering: The Art of Human Hacking
Social engineering ("Hacking the human") involves some type of psychology. To trick you into getting you to do something you normally wouldn’t do.
Possible Scenarios:
Persuade a user to run a malicious file
Contact a help desk and solicit information
Gain access to premises and install a monitoring device
We discussed quite a few real-life events of social engineering, hackers hacking celebrities' accounts, insider threats, &, etc.
One was the Massive Twitter attack. President Obama, Elon Musk, Bill Gates, Kanye West, and other Twitter accounts were hacked and used to run a bitcoin scam. The scammer collected nearly $120,000. From what I read was that Twitter’s system was exploited and confirmed that employee tools were used in the hack. Can you believe this! The hackers CALLED a few of the employees acting as if they were someone from a trusted company or person. JUST WOW!
Read about the Massive Twitter hack here! You can find more articles by doing a googling search.
Ok, I decided to add another article concerning the massive Twitter hack here . Now this one caught my eye because I was able to identify a few keywords like spearphishing & phishing!
Alright, I have another for you all! This attack is focused on insider threats.
An insider threat is a malicious threat to an organization that comes from the people within the organization. This person normally has authorized access and misuses that access to negatively impact the organization’s critical information or systems.
This one is about Robert Hanssen. He was a former FBI double agent who spied for Soviet and Russian intelligence services against the U.S. from 1976 to 2001.
Another attack that was close to being an insider threat happened with Tesla. Oh, my word! This group had been doing a lot of research and planning. A Russian citizen, who claimed to be part of a group, proposed an offer to pay a Tesla who is a Russian-speaking, non-US citizen employee if he helped introduce malware in Tesla’s internal computer system to extract corporate data and affect Tesla’s operations. The employee didn’t refuse but ended up informing Tesla. Tesla then informed the FBI and they were able to obtain information about the group, including previous attacks.
I also learned about Kevin Mitnik. He is known to be the godfather of social engineering. He is so good the FBI hired him to help build their cybersecurity force and catch those who use social engineering tactics. You can read up on him here.
I will end today’s blog and pick it up tomorrow with additional information and terms we went over in the study session. I will say the BCA study session was amazing. I can say I learned a lot. I like the way everything was presented. Being able to relate terms with real-life events made the study session so much more intriguing. I recommend to anyone that is looking to break into the Cyber field to join BCA.
I hope you enjoyed today's blog! See you tomorrow for Part 2!