Hot Plug Attacks

Take social engineering to the next level with hot plug attacks (HAK5), which are devices hidden in the packaging of a common USB flash drive, network cable, wi-fi receiver and other devices.

Hot plug works largely on human vulnerabilities. For example, for devices that hide in the packaging of a flash drive - RubberDucks - the device is identified on the computer as a keyboard or mouse, and the device can easily be infiltrated. That's because virtually every computer, whether a desktop PC, laptop, tablet or smartphone, takes input from a human operator via keyboard, mouse or touch. This is the reason ehy the ubiquitous HID - Human Interface Device - standard was created. Simply put, if you connect a device to a USB that claims to be an HID standard keyboard, the vast majority of operating systems will automatically detect and connect it. Windows, Mac, Linux or Android - it's simply a keyboard.

The simplicity is taken into account, for example in the scripting language used in these devices. Writing a payload is as simple as writing in a notepad.

Social Engineering - other services

Phishing is one of the biggest threats that every internet user faces. 

It is a form of attack where the attacker tries to lure user´s data by using a fraudulent e-mail message or a page that resembles a familiar website or e-mail address. When the attack is successfully carried out, login data or even access data to bank accounts is stolen. The best targeted group is the elderly, who do not have sufficient knowledge in Internet security and are easily lured by fraudulent e-mails.

Most often, phishing attacks can be associated with topics such as:

  • fake sweepstakes;
  • the current epidemiological situation (for example, there are many attacks related to COVID-19);
  • requests to update personal data;
  • and more. 

However, there are ways to effectively defend against phishing attacks. In addition to properly set mail hygiene in the company (allowed and forbidden mail servers, spam filters, content filters, etc.), it is very important to ensure that employees are regularly trained in cybersecurity, thus ensuring their vigilance.
 

OUR APPROACH AND SOLUTIONS 

Social engineering is usually the first step to infiltrating a company. At BDO, we implement smishing and phishing campaigns, the aim of which is to verify how many of target users fall victim to social engineering.

Campaign steps:

  • In the first step, it is important to introduce our specialist to the company, to agree on the scope and target groups.
  • The next step is to create fraudulent pages that are a faithful copy of the original ones. Differences and substitutions are usually purposefully very small, for the reason that the copy is not easily recognizable at first glance.
  • This is followed by the creation of email templates to be used in various smishing and phishing campaigns.
  • The output is a report that informs how many people did not detect the scam, from which devices and with what frequency they accessed the fake site, etc...
  • (If interested) The training that follows the campaigns (and is highly recommended). Target users are introduced to the techniques that have been used and warnings on how to defend themselves, how to recognize them, how to prevent them etc...

Smishing is a cyberattack that is carried out using SMS messages. This is a type of social engineering attack that relies on human trust and carelessness rather than technological vulnerabilities. 

Similar to phishing attacks, victims are lured into disclosing their personal information, only instead of e-mail communication, SMS text messages are used. Attackers try to obtain sensitive data from users, which they then try to dispose of. Incoming SMS messages often pretend to come from the bank where the user has a bank account and are trying to steal bank details.

Smishing attacks are carried out in the following ways:

  • Using malware - An enticing link with a URL address leading to the download of malware and its subsequent installation on a mobile phone. This malware attempts to masquerade as a legitimate application, tricking the user into entering confidential information and thus sending data to attackers.
  • The second way is to link to a malicious website that asks the user to enter personal information. Cyber attackers always try to create malicious websites in such a way that they imitate the real ones as much as possible and thus facilitate the theft of data..
  • Target groups are usually employees of the companies concerned, customers of a particular institution, subscribers to mobile networks, university students or residents of the area. The attacker's disguise is usually related to the institution they are trying to access.

The target groups are usually employees of the companies concerned, customers of a particular institution, subscribers to mobile networks, university students or residents of the area. The attacker's disguise is usually related to the institution they are trying to access.

 

OUR APPROACH AND SOLUTIONS 

Social engineering is usually the first step to infiltrating a company. At BDO, we implement smishing and phishing campaigns, the aim of which is to verify what proportion of target users fall victim to social engineering.

Campaign steps:

  • In the first step, it is important to introduce our specialist to the company, to agree on the scope and target groups.
  • The next step is to create fraudulent sites that are a faithful copy of the original ones. Differences and substitutions are usually very subtle on purpose, for the reason that the copy is not easily and at first glance recognizable.
  • This is followed by the creation of templates to be used in various smishing and phishing campaigns.
  • The output is a report that informs how many people did not detect the scam, from which devices and with what frequency they accessed the fake site, etc...
  • (If interested) The training that follows  the campaigns (and is highly recommended). Target users are introduced to the techniques that have been used and warnings on how to defend themselves, how to recognize them, how to prevent them etc...

You can configure the wireless firebox to detect unauthorised wireless access points that operate within the same range as your wireless network.

An unwanted access point is any wireless access point within range of your network that is not recognised as an authorised access point or is not configured as an exception in your wireless deployment. A rogue access point can be an unauthorised access point that someone within your organisation has connected to your network without permission. These access points pose a security risk to your wireless and wired network if they do not have the proper security features enabled. A rogue access point can also be an access point outside of your wireless network that is within range of your network. This includes fraudulent access points such as Honeypot or Evil Twin that masquerade as legitimate access points by broadcasting the same network SSID name as your authorised access points.

When you enable rogue access point detection on your Firebox wireless device, the device's wireless radio scans the wireless channels to identify unknown wireless access points. You can configure the scan to run continuously or to run at a scheduled interval and time of day.

Main contacts

Related insights