We support managers in case of an incident or any suspicious movements in cyberspace. We’re always available on a confidential line and continuously deliver value by becoming a patron in manager’s online presence and constantly taking care of his private IT security by:
We’re familiar with situations, where on clever malware attack aimed at the right person compromised the company’s assets and brought unpleasant consequences. Social engineering scenarios are successfull because cybercriminals tend to use data they intercept and rely heavily on Open Source Intelligence practices. The data they gather is then verified and processed to create the most realistic scenario, that will force the target to perform an action that the malicious hacker wants. Whether it’s about infecting the device, collecting private data or integrating the computer into a botnet - it’s bad. Let’s look at the example of such an attack.
A large organization’s CEO is forced to work after hours because of a big deal, that must be finished. He’s tired so his mind tends to pass the red flags, that would’ve normally been noticed. He receives an e-mail, saying that there are some compromising pictures of his daughter’s vacation, and they’re on her Facebook profile. There’s a link and an attachment containing the photos. He clicks the link and is forced to log in, despite he was logged before. Feeling fatigued, the addictive factor - social media, playing on emotions - father-daughter relations and the threat of putting his reputation into jeopardy combined, make him skip the “red alert process” as he proceeds to log in.
The Facebook page was, in fact, an exact copy of a real page but created by a cybercriminal to get the password to the CEO’s account. He knows his daughter was on holidays in that time and in that place, but the Facebook page says that the files were deleted, so he downloads the .zip file, to find out what’s all the fuss about. He opens it, tries to open photos, but in fact, the malicious code in the file is being executed and no photos are displayed. Now there are two options:
- the good case scenario where he talks to his technical staff about a problem with MS Office, that can’t open them. This way they can discover the attack, find the malware, nip it in the bud and work on upgrading security procedures
- the bad case scenario, where the CEO assumes he was a victim of a prank and does nothing about it. It gives the malicious hacker time he needs to penetrate the system and steal or encrypt valuable data.