1. INFO 644
Enterprise Cyber Security Critical Thinking #1
Tyler Brunet
VCU Department of Information Systems

2. What Will Be Covered
 Why security breaches happen
 How attacks happen
 What a social engineering attack is and how they happen
 An example of reverse social engineering
 How to protect from different breaches

3. Why Breaches Happen
 Individuals looking to „steal‟ corporate or private information
 Sell information to other companies
 Use the information to find out what industries are doing/working on
 Counterintelligence measures
 Gain a competitive advantage by duplicating a product and getting it to market
before the initial company does
 Individuals hack for the fun of it

4. How Breaches Happen
 Most classic example will be illustrated later in presentation
 Someone giving out personal identifiers to the wrong person
 Phishing by means of fake emails and spoofed websites
 Reverse Social Engineering

5. How Social Engineering Attacks Happen
 Social engineering attacks
 The gaining of information from legitimate users for illegitimate access
 Dumpster diving – look for any information that can be used such as names, project
leaders, meeting notes, etc.
 Pose as employees in order to get support from the Help Desk

6. Social Engineering Attack Techniques
 Physical attacks
 Require the social engineer to be at the company‟s location.
 Sorting through trash – most common form
 Consultant
 Network Engineer
 Repair Technician
 Psychological attacks
 Work to create an environment that will enable them to most easily acquire the
necessary information
 Impersonation
 Conformity
 Being friendly
 Reverse social engineering

7. Reverse Social Engineering Example
 Attacker first learns about the organization as much as possible
 They then cause problem for a particular individual (HR, Manager etc.)
 Come in to fix the problem
 Give contact information to the targeted individual
 Week or so later causes same problem
 The targeted individual contacts the “attacker” who fixed it the first time
and asks if they could fix it again
 “Attacker” says cannot get to the location today, but can do it now if the
individual gives them a login username and password
 Individual complies and not the attacker has a legitimate login that they can
get to anything that the individual may have access to

8. Technical and Social Vulnerabilities
 Technical
 Lack of security measures on servers
 Ports left open that should not be
 Weak password policies
 Redundancy in username and password use
 Social
 Weak means of who is in charge of what
 Trust in outsiders that could be possible hackers
 Passwords are written down and dishonest employees may take note of them

9. Preventing Security Breaches
 Develop policies that have social implications (4G methods)
 Develop policies that incorporate all methods (1G, 2G, 3G, and 4G)
 1G – Checklist approach
 2G – Flow of data Ex: Firewalls
 3G – Interconnected devices
 4G – Social implications
 Conduct random audits
 Social penetration tests
 Review of log files of webservers and other IT devices
 Training of employees on monthly, semi-yearly etc. on security policies and procedure

10. Questions to Think About
 What ways do business‟s control their information?
 Are there written security measures?
 Are these measures updated routinely?
 Are these practices conducted on a day-to-day level?