Read Time: 3 Minutes
In the latest episode of our “Adventures in Cyberland” documentary series, Linda Liukas, a renowned children’s book author and TEDx speaker, takes part in an interesting experiment. She agrees to do something most people would not do – she lets our cyber security experts hack her.
Attackers Use Trust to Gain Access to the Target
Hacking, should one be worried about it? For ordinary people, it is indeed not very common to be a target of an advanced cyber attack, but for employees who have access to companies’ most critical information and systems, it is actually a very relevant concern. In Linda’s case, the goal of an attacker could be for example to gain access to the valuable network of companies she works with.
Nowadays, one of the best methods for an attacker to get in is social engineering, the exploitation of human psychology. To gain access to companies’ valuable assets, the recon phase is significant. In addition to online data mining and social media research, the attacker might attempt to gain physical access to the company’s premises or even dig through the trash to find material that will help establish access to the target.
In Linda’s case, one interesting avenue of attack would be to gain access to Linda’s email or social accounts through a phishing email, for example. Spear phishing emails appear to be from someone the target trusts. They are designed to trick the target into clicking on a malicious link and give out sensitive information, such as passwords. With access to Linda’s accounts, the attackers would be able to leverage the trust Linda’s network has on her, send over a crafted malware payload and gain access to the target organization.
Is Clicking on a Phishing Email a Mistake?
Most attacks are a result of simple human errors. For a savvy individual, it might be possible to dodge an attack for some time by being extra alert and suspicious. For organizations, the problem is that all it takes is a single mistake by one individual employee. Attackers, on the other hand, have an unlimited number of attempts and time on their side. With enough time and persistence, they will get in.
In fact, it is not fair to talk about human errors. Emails are designed to be opened and read, aren’t they? The right way to address the issue is to have other controls in place. If you have a business to protect, you shouldn’t depend on the fact that people don’t open malicious emails.
A Targeted Attack Can Remain Unnoticed for Months
An attacker who has gained access by social engineering methods is extremely difficult to trace. Typically, an organization is unable to detect a well-crafted cyber attack for months. Attackers rely on companies’ lack of visibility to their IT infrastructures to hide their movements. The longer the attacker remains unnoticed, the bigger the financial losses and damage to the company brand and reputation will be.
The only way to protect your company against targeted attacks is the combination of smart software and top human talent. Powerful detection and response solutions are a great way to make sure your organization is well equipped to face an attack.
Did Linda get hacked?
So, what was the result of the hacking experiment with Linda and what kind of tactics were used? Check out the second episode of Adventures in Cyberland.
Missed the first episode? Check it out here.
Linda Liukas is a programmer, children’s book author and TEDx speaker. She is a master of turning complex issues into simple, fun and colorful. So often cyber security sounds like sex education: full of fearmongering, or dull and impractical. In F-Secure’s documentary series ‘Adventures in Cyberland’, Linda explores the modern threat landscape, how attackers operate, and how companies can keep their business running by efficiently detecting and responding to cyber attacks with the help of modern technologies and skilled human talent.