Call Today (888) 400-2748

Social Engineering in Action

October 4, 2022 /


October 4, 2022

Share it

Is social engineering that effective? Ask an Uber or Rockstar Games employee that question and you’ll likely hear a resounding yes. This effective mode of duping people within a targeted group or business was the method that one hacker used to hit both companies with a breach. Just how effective is it? In 2021, the FBI received 323,972 complaints of social engineering attacks. And there are many more that go unreported.

What Happened

A teenage hacker known as TeaPot claimed ownership of these attacks. The Uber network was accessed by convincing an employee contractor that they were part of Uber IT and their credentials were needed. They believe those credentials were first found and purchased on the Dark Web. From there, TeaPot tried to log in but was stopped by multi-factor authentication (MFA). TeaPot then contacted the employee through WhatsApp, a messaging platform. They then claimed to be from Uber IT, saying that they needed the employee to approve the MFA request. With Rockstar Games, it was Slack messages that were breached. It is believed that access was acquired through manipulation there.

Losses from a breach aren’t all the same. We often assume it comes in the form of stolen credentials. While this is often the case, in the Rockstar scenario, it was stolen intellectual property. Content from their upcoming game was released which means a loss of revenue. Additionally, the hacker is threatening to release code that would give access to anyone wanting to create pirated versions of the game.

How to Prevent Social Engineering

Humans are the access point, so it is through ongoing training that they must learn how to avoid succumbing to an attacker’s tactics. Enabling multi-factor authentication can assist with preventing access, but avoiding leaked credentials in the first place is critical. The Uber breach is a case in point.

Educating your workforce to recognize that they can be targeted through online platforms outside of work systems is part of the process. Humans remain the weakest link in cybersecurity. By taking a multi-faceted approach you can strengthen your human firewall and secure your business.

AllSafe IT recommends the following best practices:

  • Deploy a multi-layered stack of security solutions like AllSafe IT’s Safe Total, which includes endpoint protection, advanced email security, multi-factor authentication, security awareness training and compromised credential monitoring.
  • Implement Backup and Disaster Recovery (BDR). Restoring from backup is the easiest, cheapest and most reliable way to restore data after an attack.
  • Assume you will be hit. We only hear about huge corporations in the headlines, but organizations of all sizes are targeted. Do everything you can to avoid an attack, but also be prepared for the worst.
  • Have a malware recovery plan. Speaking of preparing for the worst, make sure you have an incident response plan in place. This will enable your IT team to quickly mobilize when a ransomware attack starts and may even be able to stop an attack before data can be encrypted.

AllSafe IT is proud to have spent over 15 years providing IT services to hundreds of companies. Our specialized services are uniquely tailored to provide our customers with the reliability, protection, and fast services needed to ensure 100% uptime and maximized data security. From comprehensive and preventative cybersecurity strategies to 24/7 customer support, AllSafe IT understands the unique needs of small to medium businesses.

Tags:    
Category:    

Bones Ijeoma

Author since Nov 11, 2022
Bones Ijeoma is CEO and co-founder of AllSafe IT, and his mission is to make downtime obsolete. Bones received a BS in Computer Engineering from Cal State Long Beach and received an MBA in Entrepreneurship from USC Marshall School of Business. After finishing school and working for companies such as Marriott Hospitality, Dreamworks, and UCLA Medical Center, Bones realized there was a need for small businesses to have access to the same technology solutions that large corporations leverage.
To know more…

Related Articles

© 2021 AllsafeIT. All Rights Reserved
phone-handsetcrosschevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram