January 2022 Blog
What if I told you, you are a target? People are out to attack you and your loved ones every day for money, leverage, or use you for access to something bigger? Sounds unreal or like a high suspense thriller.
Well, it’s not, and you are a target….. Online. You’re a target because of who you know, what you have, or you are viewed as a means to attack an associated person or organization. Let me explain on a larger scale; bad actors, aka hacking groups, identify target organizations. They form attack trees, an attack tree is a hierarchical brainstorming activity of vulnerabilities or ways to attack the organization. Each vulnerability is an attack vector that an attacker can attempt to compromise or cause harm. Sadly, the easiest attacks target people using social engineering techniques like phishing.
Let’s play "Bad Guy". STOP I know what you’re thinking, this can be used to cause harm so why are you showing it? Attack trees are learning tools to identify weaknesses in systems and leaders can use the tool to implement safeguards.
First, we identify who we should attack, what we want to do, and how to cover our tracks. We select an A&M-SA event and brainstorm what makes up the event; form dependencies, and evaluate what would be the best method to disrupt the service.
In the end, we attacked the department or someone close to them and the external supporting staff. The attack tree would continue to drill down into the methods like phishing or vishing.
The moral of the story is that humans are the easiest attack vector so we must remain vigilant and always think before we click!