Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a...
Transcript of Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a...
![Page 1: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/1.jpg)
Welcome
Breaking down the dangers of social engineering
The Weakest Link in Cybersecurity …
![Page 2: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/2.jpg)
Password Video
![Page 3: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/3.jpg)
![Page 4: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/4.jpg)
First, let’s have password humor
1. Change them regularly
2. Don’t leave them on your desk
3. Don’t loan them to anyone
4. Don’t use the same pair for all occasions
PASSWORDS arelike SOCKS…
![Page 5: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/5.jpg)
MISSIONThe Texas A&M Engineering Extension Service (TEEX) makes a difference by providing training, developing practical solutions and saving lives
Emergency Services
Homeland Security
Infrastructure & Safety
Disaster Response &
Recovery
Software Development
Cybersecurity Training
and Assessments
Manufacturing
Assistance
CNC/Welding Training
Programs
Veteran Training
![Page 6: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/6.jpg)
Program [email protected]
Software solutions Cybersecurity
John Romero• Software developer• Cybersecurity instructor• Geek• Outdoorsman
![Page 7: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/7.jpg)
Cyber History
'Cyber' is from the Greek word for navigator.
Norbert Wiener coined 'cybernetics' around 1948
Cybernetics …the science of communications and
automatic control systems in both machines and living
things…
Norbert Wiener
![Page 8: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/8.jpg)
Cybersecurity - CIA
This Photo by Unknown Author is licensed under CC BY-SA
Not this CIA
![Page 9: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/9.jpg)
Cybersecurity Definition
Cybersecurity – computer security, physical
security, information security
- Hardware
- Software
- Policies/procedures
- Plans
- Training
- Physical security (i.e. controlled access, locked
equipment, etc.)
- Personnel security (i.e. screening process,
background checks, etc.)
- 3rd Party Access security - Pivoting
![Page 10: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/10.jpg)
Social Engineering – Hacking the Mind
![Page 11: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/11.jpg)
Human Vectors
• Ransomware/Blackmail
• Flash drives
• Social Engineering
• Phishing/Smishing/Vishing
• Dumpster Diving
• Shoulder Surfing
• Face-To-Face
![Page 12: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/12.jpg)
SOURCE: (Jan 2019)
![Page 13: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/13.jpg)
SOURCE: (Jan 2019)
![Page 14: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/14.jpg)
• Social Engineering
• Fake Virtual Private Network
• Man in the middle
• Young people at school
![Page 15: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/15.jpg)
• Smishing (SMSishing)
Examples / Vectors of Cyber Attacks
![Page 16: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/16.jpg)
Examples / Vectors of Cyber Attacks
![Page 17: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/17.jpg)
Examples / Vectors of Cyber Attacks
![Page 18: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/18.jpg)
Public Wi-Fi
![Page 19: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/19.jpg)
Dangers of Public WiFi
![Page 20: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/20.jpg)
![Page 21: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/21.jpg)
Dangers of Public WiFi
![Page 22: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/22.jpg)
Protecting yourself – Public WiFi
• Turn off Auto-Connect
• Keep WiFi off when not in use
• Don’t connect to Unprotected
• Use a VPNTURN ON!!!
![Page 23: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/23.jpg)
Flash Drives
![Page 24: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/24.jpg)
Examples / Vectors of Cyber Attacks
Bash Bunny – by Hak5
• Flash drives
![Page 25: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/25.jpg)
![Page 26: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/26.jpg)
$100.00
![Page 27: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/27.jpg)
Hacking the mind is easier than hacking a computer
![Page 28: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/28.jpg)
Why is Social Engineering So Dangerous
1. We are social creatures! We want to be helpful, therefore, you
are more than capable of being easily fooled.
2. Trust! There is no level of trust to avoid conflict.
3. Information that you view as meaningless, we view as another
price to the puzzle.
4. Look nice, dress nice and talk nice are valued techniques
used to dupe you on a daily basis.
![Page 29: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/29.jpg)
Why is Social Engineering So Dangerous?
There are several methods social engineers use to get people to do things they
wouldn’t ordinarily do… PRETEXTING
• Persuasion
• Impersonation
• Ingratiation
• Conformity
• Friendliness
![Page 30: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/30.jpg)
Psychological Backdoor
We are all equipped with Psychological backdoors or triggers that are easily
taken advantage of by social engineering.
Psychological Backdoor #1 – Because
Psychological Backdoor #2 – Liking
Psychological Backdoor #3 – Confidence
Psychological Backdoor #4 – Just Ask
![Page 31: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/31.jpg)
Social Media
![Page 32: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/32.jpg)
Social Media
![Page 33: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/33.jpg)
Hacking the mind is easier than hacking a computer
Video
![Page 34: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/34.jpg)
Video – Hacking a company
![Page 35: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/35.jpg)
Hacking the company
• Spoof the number for inside the company
• Call tech support
• Have a presentation from sales - need website
• Send tech to hacked website
• Own the company … but why are they owned?
![Page 36: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/36.jpg)
Ransomware video
https://www.youtube.com/watch?v=4gR562GW7TI
![Page 37: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/37.jpg)
Taking down a company
•Company Earnings about to be released•Learns about CEO (via spouse on Facebook / Social Media)•Contacts sales via web (gets email back with company signature)•Creates a new URL just like company (instead of dell.com = del1.com)•Creates email to all C-Level directors – “A letter from your CEO”•Uses signature from sales with CEO’s name and info – crafted like the ceo would use (since I’ve found out more using spouse)•Attaches PDF (mime only) with Ransomware and exfiltration•Releases information to web – locks up company with Ransomware
•Shorted stock of the company – how much money?
![Page 38: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/38.jpg)
Hacking the mind is easier than hacking a computer
![Page 39: Welcome [growthzonesitesprod.azureedge.net]...Social Media Hacking the mind is easier than hacking a computer Video Video –Hacking a company Hacking the company •Spoof the number](https://reader036.fdocuments.us/reader036/viewer/2022062919/5f01e0757e708231d401784e/html5/thumbnails/39.jpg)
Video – Social Engineering