WEBINAR TAKEAWAY: When the Bad Guys Hide in Plain Sight: Hacking Platforms You Know and Trust

MY KEY TAKEAWAYS

• already 20 years ago, Kevin Mitnick testified before US Senate and highlighted social engineering and the need for training. Still today changing human behaviour is most times the weakest point.
• threat actors have almost unlimited time to do extensive research before an attack, so they are extremly good at buidling the trust factor
• Kevin recommends: trust your gut! If it sounds too good to be true, it possibly is.
• A crafty attacker tries to push the victim into system 1 thinking. To force yourself to remain in system 2, is a very effective defense mechanism against social engineering.
• While Trump was in hospital with COVID19, it created an information vaccum = working phish bait
• Common phishing tactic: link to trusted sources like Google Docs or O365. Document might contain hyperlink to malware.
• Having a good and tested(!) desaster recovery plan is cruicial with more and more ransomware attacks

Demo time

• Demo of a bad USB cable attack
• Demo a lot of phishing mail examples and red flags
• Demo of CVE-2020-1472 "zerologon " :fearful:

ENV

• Provided by Knowbe4
• Presenter: Kevin Mitnick
• Moderator: Perry Carpenter
• Social Engineering Red Flags