It’s that time again, when the ghouls of cyber security come out to haunt you – and trust me there are plenty of them this year! Here are a few particularly gruesome attacks, which are sure to curdle your blood.
One particular attack this past year allowed a nasty ghoul to haunt a network by getting a domain administrator to click on a phishing link. Once clicked, the link executed a malware payload and installed malicious code onto the admins workstation. This wasn’t the most devious of all attacks, but it enabled the ghouls to take complete control over the domain (since the victim was running his system as domain admin). Please do not run your daily activities as the domain admin, it’s worse than picking up a hitchhiker with a hook hand. Just don’t do it!
Another particularly diabolical hack we saw this year was a soda machine that was attached to the corporate network for inventory purposes, and used by the attackers as an access point into the company’s environment. We all know that soda is bad for you, but this vending machine attack took it to a whole new level. The moral of this “crypto-keeper’s tale” is to always monitor which devices are allowed access to your network – and make sure they can’t go where they shouldn’t. Either way, knowing what’s living on your network is key to staying alive and keeping it from the undead.
My last horror story is an interesting one and shows the creativity of these demon attackers. This attacker had previously attempted to compromise a company’s network without success. So he then started physically spying on people in the company. What he figured out was that many of the employees went to lunch at a particular Chinese restaurant not to far from their headquarters. So this monster hacked into the Chinese food restaurant’s website menu and embed malware onto it. When an employee went to look up the daily specials, he was haunted with malware that then ran rampant across the company’s systems and enabled the attacker to compromise the entire network.
There are many things crawling and slithering across the Internet – its Halloween 24×7 on the web. But with proper policy, firewall rule management, and incident response planning and team in place–kind of like cyber the version of “Ghostbusters”–we might be able to stop at least a few of these hideous creatures from haunting our networks and limit the damage they inflict. Until next year, be safe out there.
Receive notifications of new posts by email.