| |
N3BYR > CYBER 24.02.25 16:00l 44 Lines 3513 Bytes #350 (0) @ WW
BID : 14455_N3BYR
Read: GUEST
Subj: Part 2 of 2 - Attack Surfaces
Path: IW8PGT<LU4ECL<VK2RZ<VE3CGR<KC4NWK<KD4WLE<N3BYR
Sent: 250224/1244Z 14455@N3BYR.#CGA.GA.USA.NOAM BPQ6.0.24
Picking up where I left off last week on attack surfaces, if you have questions please send me a message! I enjoyed
the positive feedback last week. Remember this is to get you thinking, it is not a solution or set of solutions to any
specific area. Do some reading and actively engage cyber security!
Two areas left to cover - Physical and Social. These are the more common methods used to compromise a computer or
personal information. I see more compromised computers through the use of physical and social threats than any
other area. 95% of these could have easily been avoided.
Physical Threats: Most people look at physical threats as a less-than-likely situation. If you travel with a computer
device (laptop, cell phone, tablet, etc.) then you may be sharing more than you realize. Are you using a safe Wi-Fi
connection? Did you know some companies that offer 'free wi-fi' actually log and track those connections for marketing
data and other statistics? Hackers can actively monitor wi-fi connections too... remember, its just RF!! What about
accessing your bank account while out shopping? Do you have a security screen protector? Ever think about security
cameras that have high resolution overhead? While not as prominent, there are cases where those cameras have been
used to disclose passwords, pins, and other information on your screen!
While we are discussing public areas, when is the last conference, convention, or hamfest you attended? Ever get a
bag of freebies from a vendor like thumb drives (USB Memeory Storage)? While most companies will not intentionally
put malicious code on a thumb drive, the company they order it from might. Wipe that thumb drive out if you don't know what is
on it.
It may be better to just not use it, or if you have a spare computer with nothing on it, set that up to wipe the device
before you use it. And if you find a thumb drive someone left... just don't... throw it away! There is a 70% chance
that thumb drive was not 'lost' but instead it was placed there to be 'found'!
Social Threats: Social engineering is the number one attack surface used by hackers. Everything else I have typed about
prior to Social is just a drop in the bucket compared to social engineering tactics. These threats come packaged in
emails, SMS (text messages), messenger apps, social media pages, random unexpected messages from friends, and even
unsolicited advertisements. They will all demand immediate attention either with lines like "I can't believe this
just happened!" or "If you do not take action in 3 hours you will be billed...". These are socially engineered
messages that lure you in to click a link, pay a service, disclose financial information, or give away passwords.
A fellow ham here mistakenly clicked on one a couple years ago and it cost him over 4000.000 usd and his bank
shut off all his cards. Check and double-check that the message is coming from a reliable source! If you are not sure
then contact that person or business another way... don't respond to the message. If your gut says this looks a little
weird or suspicious... it probably is. The most common statement I hear while dealing with social engineering
compromises: "I thought it was weird, but I figured it must be real".
That's it for this week. Please send ideas or feedback to me! I'm not sure what to cover next week, but until then
stay safe, and have an excellant week!
Greg Colburn - N3BYR
n3byr@n3byr.#cga.ga.usa.noam
A Middle-GA data node and TPRFN network station
Read previous mail | Read next mail
| |
