May 6, 2015

By  (c) CSO Magazine

The now infamous Sony hack was the culmination of a variety of technical and non-technical vulnerabilities. While the attention tends to focus on the fact North Korea was the attacker, and that is important, from a practitioner’s perspective, it is more important to understand what let the attacks to be successful. I previously did that on a comprehensive scale.

However, as an awareness practitioner, the recent identification of spearphishing messages as the first step in the attack actually demonstrates many awareness-related failings that need to be addressed. It is all too easy to say that the attack exploited phishing, so people need phishing training. That is true, but that doesn’t help with the other exploited human failings, and frequently doesn’t help with many phishing attacks.

When you look at the description of the attack, clearly there were issues related to phishing involved in the attack. However, upon further analysis, there were also vulnerabilities related to oversharing on social networks, as well as password reuse. Those are issues that go beyond phishing, and most can be addressed by any competent awareness program.
First, it is appears that the North Korean attackers first scoured LinkedIn and other social networks for employees who might have administrator privileges. Even people with low-level privileges are targets as they at least provide a foothold inside the organization. While you cannot tell people not to post on LinkedIn, they do at least need to be aware that their social network exposure represents the fact that they can be a target.

For the rest of the article see:

InCyber Comments:

The InCyber PAS Pro-Active and Predicting System has been proven 100% effective against Insider Threats. For additional information write to: . We are now offering a Free Insider Penetration Test for up to 500 Employees using your own historical data.