This morning’s news brings two stories that demonstrate the importance of the recon phase of an APT attack in perpetrating a successful cyber attack.
Recall the phases of an APT attack:
Recon is not a passive activity. The attacker gets to shape the decision space to deceive the victim. The recon phase is the place to shape the decision space.
In the first story, Networkworld reports on a penetration test in which the researchers created a false social media presence for a non-existent pretty young women. In Fake social media ID duped security-aware IT guys, the work of Aamir Lakhani, a counter-intelligence and cyberdefense specialist IT services provider World Wide Technology is reported. Lakhani created an online identity for a fake attractive female named Emily Williams. The Emily Williams social media deception project lasted three months, but the penetration testing team reached its goals within one week. “After that we just kept the project going for research purposes to see how far we can go,” Lakhani said.
Every time we include social engineering in our penetration tests we have a hundred percent success rate. Every time we do social engineering, we get into the systems.
Does this experiment apply to the real world? Websense, the leading security company, reports that it does. In yesterday’s posting LinkedIn Lure Looking for Love-ly Profiles, Possibly More, Websense reports discovering an APT attack in the making that uses social media to surveil the target for the inevitable attack down the road. Websense reiterates the importance of recon in the APT attack:
Stage 1: Reconnaissance – the act of uncovering information that will facilitate the attacker to conduct a later, more successful attack . We believe that this particular campaign may be a precursor to a more specialized targeted attack.
Humans’ email decisions can compromise security. Attackers use social engineering to guide people into bad decisions. IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.
You can contact us at 408-727-6342,ext 3 or use our online form.