If you are still trying to convince staff that EVERY one of us are susceptible to succumbing to a well-crafted socially-engineered cyber attack, then you’ll want them to read this post. The Google Threat Analysis Group (TAG) has identified a recent campaign targeting security researchers. The pretext of the attack involved engaging researchers to collaborate on vulnerability research. Vulnerability research is some of the most technical and complex work in the cybersecurity domain. Vulnerability researchers intimately understand and daily work with the technical inner-workings of our computers and network systems to find and exploit technical vulnerabilities. But as previously mentioned, the initial attack vector wasn’t technical in nature…it was a well-crafted social engineering technique that enabled further exploitation. Not only does this campaign embody the fact that we are ALL vulnerable, but like the comments regarding the SolarWinds Situation Update for January 26, 2021, attackers are using our defenses/defenders against us. Read more about this campaign at Google, or for a more user-friendly version, pass this HelpNetSecurity post along.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!