ZDNet recently published an interesting article on a Crowdstrike report. It details how a major retailer was compromised through the actions of just one employee. In this case, the individual was working remotely from their laptop and fell victim to a phishing email. This specific phishing email directed the individual to a malicious website which subsequently distributed malware via the FakeUpdates attack.
FakeUpdates is a malicious toolkit that uses social engineering to trick people into installing a malicious JavaScript which appears to be a simple browser update. Through the attack, the infected laptop then provided an entry for the attackers to the organization’s entire internal network.
What I thought was particularly interesting in this story is it outlines both the human and technical failures in this incident, including how the retail store failed to follow the concept of least privileges.
Managing cyber risk has become a priority from the Boardroom on down. Stories like this help emphasize that cybersecurity is more than just a technical challenge. It also includes the human element. Until organizations manage both technical and human risk, we will continue to lose this battle.
SANS Security Awareness offers a robust phishing awareness simulation training that can changes behavior.
We don’t rely on guesswork, we use the world’s best experts in Phishing and Defense to create phishing scenarios that are applicable to your organization right now. Our teaching methodology is defined by cognitive, behavior scientists who are authorities in maximizing learning effectiveness.
Schedule your Phishing Training Demo
