Is Social Engineering Effective?
Ask an Uber or Rockstar Games employee if they consider Social Engineering effective. Unfortunately, both companies were duped by one hacker. In 2021, the FBI received 300,000+ complaints of social engineering attacks—and statistics show that many more go unreported.
What Happened at Uber And Rockstar Games?
A hacker known as TeaPot claimed responsibility for both attacks.
TeaPot purchased an Uber list of credentials on the Dark Web—but was foiled by multi-factor authentication (MFA). So, using the stolen list, TeaPot contacted and convinced an Uber contractor via WhatsApp that he was from IT and needed his credentials. The rest is history.
In the Rockstar Games caper, TeaPot breached Slack and acquired credentials there. Then, teapot used the stolen credentials to breach the company.
Losses Are Not Only From The Sale Of Credentials
While selling credentials on the Dark Web is a significant money-maker for cybercriminals, hackers sometimes hit the “big time” with intellectual property (IP). Depending on what it is, IP can fetch tons of cash, and its illegal sale can significantly damage a victim.
In the Rockstar scenario, content from their soon-to-be-released game was published, translating into lost revenue. Then, as if that wasn’t enough, the hacker also threatened to release code that software Pirates can use to create bootlegged versions of the game.
How to Prevent Social Engineering
Nothing is 100% foolproof, especially when humans are involved. Therefore, ongoing training is essential, and enabling multi-factor authentication on all critical systems is vital.
It is important to educate employees to recognize that they can be targeted through external platforms. Therefore, you must take a multi-faceted approach to strengthen your human firewall—your employees—to properly secure your business.
XSolutions is an IT Services Provider serving New York (NY), New Jersey (NJ), and Connecticut (CT). We provide Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection | Security Awareness Training. Call (845) 362-9675 for a free consultation.