Newsletter #10 - May 14, 2024

Author

Aseem Shrey
May 14, 2024

Cyber Security 101

How has everyone been taking in our CyberSecurity Series so far?

We'd love to hear your thoughts! Leave a comment through our website or send us a message to share your feedback.

This week, we'd like to talk about Social Engineering Attacks, a surprisingly common tactic used by cybercriminals to gain access to your data. These attacks don't involve complex hacking – they rely on human manipulation.

We'll equip you with the knowledge to identify these deceptive tactics and protect yourself from falling victim. We’ll teach you how to learn how to spot red flags and keep your information secure.

Stay tuned to learn how to protect yourself!

🧑‍🏭 Jobs & Internships

  1. CommScope seeks an entry-level Information Security Analyst (hybrid in Charlotte) to manage security tasks (experience with security platforms a plus). Prior experience in incident response, threat hunting & security engineering is preferred.

  2. Quantum Metric (remote-first, diverse culture) seeks a Cyber Security Intern to assist with cloud security, incident response, and vulnerability management.

  3. Heineken Cambodia seeks an IT Security Analyst to implement security standards, raise awareness, and collaborate on security strategy.

  4. Esure seeks a Cybersecurity Undergraduate Intern to gain hands-on experience in security operations, DevSecOps, security architecture, and risk management.

  5. ING Group seeks a coding-savvy Security Analyst Intern (3/4-time, flexible hours) to analyze security events, collaborate with stakeholders, and develop security applications.

🔏 Last Week in Cyber Security

Join our Discord to get more news in the Security Domain. 🛡️

The Mask Returns: Dormant Hacking Group Resurfaces After Decade with New Attacks
After a 10-year break, "The Mask" hacking group is back, targeting organizations in Latin America and Central Africa. They stole confidential data and infiltrated systems using custom techniques. Kaspersky identified new implants used by the group and warns companies to stay vigilant against even inactive APTs.

XSL Flaw Could Leak Local Files via Malicious Website (Even Without JavaScript)
A researcher discovered a way to exploit XSL (a formatting language for XML) to leak local files from a website, even if JavaScript is disabled. The attack uses a combination of XSL's "unparsed-entity-uri" function and XML External Entities (XXE). By cleverly crafting an XSL file, attackers could potentially steal sensitive information from visitors' devices. This vulnerability highlights the importance of secure coding practices for XML-based languages.

Ransomware Crisis Worsens: More Attacks, Hospitals Targeted, Businesses Struggle
Ransomware attacks are surging globally, with critical infrastructure, healthcare, and financial services at highest risk. Hackers are using more aggressive tactics, including threatening to leak sensitive patient data. Small and medium businesses are hit hardest, while outdated software and human error leave many vulnerable. Experts warn the situation will worsen as attackers become more sophisticated.

The Human Factor in Cybersecurity: Social Engineering Attacks

How many of you have been victims of those emails telling you to claim your prize on “this” link because you’ve won a lottery you aren’t even aware of?

Social engineering attacks exploit human psychology to manipulate individuals into divulging confidential information, performing actions, or compromising security controls.

Common Social Engineering Attacks

 👇️ Watch this video 👇️ 

Think you’ve been hacked because of a suspicious email?

✉️ 🐛 🐛 🐛 

Importance of Security Awareness Training for Employees

Security awareness training educates employees about cybersecurity risks, best practices, and their role in protecting sensitive information.

Key objectives include:

  1. Risk Awareness: Educate employees about common cyber threats, such as phishing, malware, and social engineering attacks, and their potential consequences.

  2. Best Practices: Guiding password management, secure browsing habits, data handling procedures, and incident reporting protocols.

  3. Behavioral Change: Encouraging employees to adopt security-conscious behaviors and cultivate a culture of cybersecurity awareness within the organization.

  4. Compliance Requirements: Ensuring employees understand regulatory requirements and organizational policies related to information security.

How aware are you Security-wise?

Security awareness training quiz: Questions and answers | TechTarget

Take this security awareness training quiz to test your knowledge of common cybersecurity threats and best practices, from phishing to malware.

Phishing Email Identification and Best Practices 👉️ Phishing emails are a prevalent form of social engineering attack that often targets individuals within organizations.

To mitigate the risk of falling victim to phishing attacks, employees should follow these best practices:

  1. Verify Sender Identity: Scrutinize email sender addresses for inconsistencies or suspicious domains.

  2. Check Message Content: Look for spelling and grammatical errors, urgent language, and requests for sensitive information.

  3. Avoid Clicking Links: Hover over hyperlinks to inspect the URL before clicking, especially if they appear unusual or unsolicited.

  4. Exercise Caution with Attachments: Don't open attachments from unknown or unexpected sources, as they may contain malware or ransomware.

By investing in comprehensive security awareness training programs, organizations can empower employees to recognize and respond effectively to social engineering attacks.

We do Cybersecurity training 🔧 🙋‍♂️ 

💡 Did you know? 💡 
Kevin Mitnick, the infamous hacker of the 80s and 90s, became a legend for his social engineering skills. While visions of him furiously typing away at a keyboard might come to mind, the truth is far more surprising - he often gained access to systems without ever physically touching a keyboard!

Here's how he did it:

  • Impersonate system admins or executives, tricking employees into giving him access.

  • Dumpster dive for discarded papers containing login credentials.

  • Shoulder surf in public places to steal passwords from unattended computers.

Mitnick's social engineering skills exploited human trust and security vulnerabilities, proving even strong systems can be compromised.

That wraps up our week about Social Engineering Attacks. We hope you found this information valuable. Now that you're armed with this knowledge, stay vigilant and remember: if something seems too good to be true, it probably is!

Reply

or to participate.