The Inner Circle

 View Only

  • 1.  #TechTopicTuesday

    Posted Aug 03, 2021 08:32:00 AM
    #TechTopicTuesday Account Takeover: A cyber attack in which the hacker spends extended periods of time dormant in a compromised account, spreading silently until they have access to information that is valuable to them. They may use the account to attack other organizations.

    True or False: The average person is not "important" enough to be valuable to an attacker.
    ​​

    ------------------------------
    Olivia Rempe
    ------------------------------


  • 2.  RE: #TechTopicTuesday

    CSA Instructor
    Posted Aug 04, 2021 03:29:00 AM
    Edited by Guillaume Boutisseau Aug 04, 2021 03:44:09 AM
    If not a hot target itself, the average person can link directly or indirectly to a hot target. Nobody is immune to attackers and account takeover , I think.

    ------------------------------
    Guillaume Boutisseau
    CCSK Authorized Instructor , CCSP
    ------------------------------

    Original Message


  • 3.  RE: #TechTopicTuesday

    Posted Aug 16, 2021 06:42:00 AM

    Already been involved in reviewing incidents like this too many times. Any account at any org adds credibility to a request to change bank account, for paying an invoice, changing details on salary, or expenses, when sent to another organisation, or internally. 

    I think of it as the transformation from "correctly secured", to "limited by attacker's imagination and skill".

    2FA isn't a cure all but Microsoft were saying it cures >99% in practice (that figure may be falling fast but still).



    ------------------------------
    Simon Waters
    Founder
    Insufficient Entropy
    ------------------------------

    Original Message