Saturday, March 21, 2015

How exposed are we in the digital world?

The deception techniques that work in the physical world also work in the digital world. And working even better because the users tend to understand the digital world as oblivious to reality. Some examples where actions in this world impact on a day to day many people.

Oh, those emails ... You wake up one morning and in the inbox you have a bank alert. Apparently, tonight have attempted a charge (or hundreds) by a far superior to what you usually do value, so have decided to temporarily block the account waiting for you to get directly in touch with them. They send you a Microsoft Word document explaining to the whole operation. But only you just have to open that document to be infected, and that your account is compromised.

Another case? This dental clinic where usually you are making annual checkups, discovers that he has been attacked, stealing 151,626 sensitive customer data. That same thing just happened to Advantage Dental. The method? A malware that infected one computer to any of its employees with access to internal company system. And thousands of real data (addresses, account numbers, medical data) that are now in the hands of anyone, and that could be used at any time to make criminal actions.

The blue team (security experts focused on defending and securize systems) play a major role in this war for the bit that has implications in the physical world. And have fortunately with tools useful to have at all times an overview of the situation: from firewall, through IDS (intrusion detection systems), WAFs and dozens of reporting systems both in real time as dashboard help the management in making decisions about future deterrents against those interested in gossiping.

We saw attacks on users, attacks on entities, and we left the other leg. The attacks on infrastructure usually require more control and resources, but its scope and reward is unfortunately more. In SecurityByDefault few hours ago we explained how microwave communication towers are exposed to possible espionage campaigns, putting both civilians and other critical infrastructures at risk (as may be a water treatment plant or a power plant).

0 comments:

Post a Comment