Vulnerabilities / Threats
08:15 AM

Dark Reading Radio: The Human Side Of Online Attacks

Today's DR Radio show offers a look at phishing, social engineering, and the weakest link in the cyber defense chain: humans. Showtime is 1:00 p.m. EDT.

From the most mundane spam to the most sophisticated targeted exploit, most online attacks begin with a simple step: fooling a human.

Whether it's phishing, watering holes, social networking scams, or some other form of social engineering, most attackers agree that it's easier to fool a user into downloading malware or giving up a password than it is to crack a computer-based defense system. In many cases, all the attacker has to do is find one user who's willing to click on a bad link -- and they're in.

On today's Dark Reading Radio show at 1:00 p.m. Eastern, we'll be taking a look at some of the latest trends and threats in the world of phishing and social engineering, including some of the most recent attacks that led to major business breaches and some new attacks that may affect users in your organization. I'll be joined on the show by Scott Greaux, an executive at security firm PhishMe who follows these trends and threats and can offer some insight on how they work and how your users can recognize them.

From the early days of easy-to-spot Nigerian money scams, online social engineering has evolved a great deal over the years. Today's attacks are not always simple ploys to get users to download malware via email -- they may involve infecting your users' favorite websites ("watering holes"), detailed surveillance of specific users via social networks, or even phone calls or personal visits designed to fool individual users into giving up their passwords. Today's show will look at some of these current scams, and how your organization can detect them before they go too far.

A key part of the discussion will be the tools and techniques your organization can use to stop social engineering. While simple anti-spam programs may filter out some of the threats, it is not unusual for these attacks to elude electronic defenses and arrive safely in the end-user's mailbox or social networking account. In these cases, a program of security awareness training may help users to recognize a scam or fake email message -- and prevent the infection of your network. But not all experts agree on user training strategies. Today's show will discuss those strategies, and what works.

Dark Reading Radio offers community members a chance to not only listen to the discussion, but to participate through online chat. We hope you'll join today's show and offer your insights on social engineering -- and how to protect the organization from this constantly growing threat.

Tim Wilson is Editor in Chief and co-founder of Dark, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
6/20/2014 | 12:46:23 AM
Phishing and Your Identity
It seems that the more features we have may bring more trouble to the table than it's worth with email and your identity on the internet.

Everyone loves to personalize their email message body in one way or another. Wheither it be their BOLD font, or company logo in their signature at the bottom. But using HTML markup and viewing embedded images from an internet based source will instantly reveal your public facing IP address to the Phisher leveraging an infinate possibility of attacks to your company network.

The Picture You Never Saw.

The concept is quite simple and highly effective in targeted phishing attacks.

A tiny 1x1 pixel embedded image in the body of the email hosted on the Phisher's webserver logs your IP when the email is viewed.

Right away this raises 3 concerns:

1) When the email is opened it instantly confirms to the Phisher that the user actually viewed it.

2) The Phisher has now identified your User Agent String (Email Client / Web Browser Version etc)

3) They have your IP Address and have already started enumerating all the ports on your Router / Firewall.


Because phishing is increasingly more targeted you can see how a simple HTML based email can provide a Phisher with enough intellegence to craft the most effective attack vector against that user.





User Rank: Ninja
6/19/2014 | 1:22:31 AM
Re: Phishing
I think there are certain departments in a company that continued training could be very useful. For example: Human Resources. They may be more targeted with emails claiming to have an attached resume in regards to an open position. In the process of hiring they may have to sort through dozens if not hundreds of responses to a job listing. How are they to quickly and safely determine wheither or not to view the attachment of the candidate? Because the HR email address is publicly facing the internet this makes it an extremely vulnerable target.

Another prime example is Shipping/Receiving. Employees using online resources to ship and track packages. The most common response I hear after a machine has been compromised is "I was expecting a package so I clicked the tracking link." Again they may have the task of proccessing/tracking hundreds of packages.

We could just take the fun out of email and strip all incoming mail of HTML code and have an improved attachment restrictions and filtering proccess.

But even using signature based and the most advanced heuristic detection teqniques some will still get through.

I also don't expect an end user to be able to analyze IP header information from an email to determine it's origins or legitimacy.
Christian Bryant
Christian Bryant,
User Rank: Ninja
6/18/2014 | 4:14:31 PM
Re: Phishing

It's a touchy call and highly depends upon your users.  For instance, I've supported IT for users that saw us as a reason not to learn anything at all about their computers, outside of typing and reading emails.  On the other hand, I've worked with users that were very interested in learning new things, especially about how to not be victims of malicious email.

I think you also need to ask "What if they fail?  Repeatedly?"  What is the consequence?  I know for some jobs, if you can't certify or reach a certain level of testable knowledge, you can't stay in the role.  Would failing to master the basics or recognizing phishing attempts bring a drastic response?

In general, I love the idea.  Especially if I get to write the CBT :-)  Though I've never been one for certifications or degrees, I absolutely believe a person should be able to demonstrate knowledge of what they are tasked to do.  And if you are tasked to be a responsible employee, then perhaps you should demonstrate that skill.

But, of course, as with any employee testing, you can update this test and put it in front of staff every 6 months, and there will still be victims of phishing, whether the staff pass the tests or not.
User Rank: Strategist
6/18/2014 | 2:35:45 PM
Re: Phishing
Interesting idea -- quizzing users on what they know. Our speaker today advocated the use of phishing simulations over quizzes. What do readers think?  Is there a good way to test users to see what they know or don't know about phishing attacks and how to spot them?
User Rank: Ninja
6/18/2014 | 2:32:03 PM
There is an excellent resource worth checking out to test your ability to recognize phishing attacks.

It's called the SonicWall Phishing IQ Test. You can find it here:


What I like is that it provides an explaination at the end for each question.  You or your employees/clients just might learn something. 

I got 100% first try but I must say some of them are quite tricky. Look closely at each example!
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
6/18/2014 | 8:55:17 AM
Great topic & speaker -- Be there or be square!
Some logistal suggestions for newbies to our radio show. To access the broadcast and live chat, you will need to register for the site and today's broadcast, which may require you to temporarily disable your popup blocker. 

If you can't attend today's event, the audio will be available after the fact, as well as the transcript to the text chat.

Finally, if you have specific questions or comments about the topic, you can post them in advance here and we will deliver them to our virtual radio studio for our guest to address.

Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I think rainbows are priitttyyy.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.