BrightScan #ThreatIntelThursday | Front Door Attacks
This article is part of #ThreatIntelThursday @OpenAVN, an ongoing series that offers readers authoritative, but easily digestible, information about different malware, how they might be vulnerable to attacks, and what they can do to protect themselves. To read past Threat Intel Thursdays articles, click here. (We suggest starting from Week 1: Malware.)
Front Door Attacks
In a previous article, we addressed social engineering and defined it as, “a type of attack that manipulates individuals to perform act(s) that compromise information or systems.” In this week’s discussion, we address one kind of social engineering, front door attacks, where the attacker accesses a system with the assistance of the target individual by tricking them into letting them in. It’s referred to as a front door attack because it’s analogous to a physical intruder entering your home because you opened the front door for them.
Background
Kevin Mitnick, the world’s most notorious hacker stated, “companies spend millions of dollars on firewalls, encryption, and secure access devices and it’s money wasted because none of these measures address the weakest link in the security chain: the people who use, administer, operate and account for computer systems that contain protected information.” Forrester Research states, “the majority of security breaches involve internal employees, with some estimates as high as 85 percent.” Often times it’s individuals’ lack of knowledge that allows attackers to inject the plethora of malware onto organizational or individual systems.
Types of Harm
Front door attacks may inflict the full gamut of malware onto target systems. Such attacks may include, viruses, worms, ransomware, spyware, rootkits or even attacks on infrastructure. The attacker may assume the target individual’s permissions, and potentially capture all information entered, transferred or stored on the system. This could include the exfiltrate ion personally identifiable information, banking or credit card information or health information.
What Can We Do to Protect Against Front-Door Attacks?
As individuals unknowingly “open the doors” for unwanted cyber intruders, training and awareness become critical aspects of protecting information assets. Here are some common practices to avoid front-door attacks:
- Don’t open email attachments from unknown individuals;
- Only open email attachments from known individuals when you’ve expected them to send an attachment;
- Avoid disreputable websites;
- Deploy world-class endpoint protection.
To defend your system from front door attacks and other digital threats, a lightweight but heavy-duty EPP is imperative. BrightScan is a cloud-based, blockchain-powered endpoint protection platform that can be customized to fit your needs and is user-friendly enough for the home office and powerful enough to protect large enterprises.
Contact our Head of Sales, Jourdan Parkinson, to schedule a free demo of our cloud-based EPP, BrightScan, or just to chat about how our products can work for you.
For more of the latest in cybersecurity, subscribe to OpenAVN’s blog right here on Medium. In addition to Threat-Intel Thursdays, we also write about breaking news, thought leadership, and deep-dives into cyber intel.
About the Author: Ted Udelson, PMP, CISSP, Security+, Network+, A+ is the chief learning officer and cofounder of Succinctive Training, LLC. Ted uses his over 35 years of experience in information security and technology to inform his writing for #threatintelthursday.
