Scammers would send people phishing emails – which were on fraudsters’ top 10 list for 2018 – or otherwise try to contact them via other mediums to get them to open malicious links, files and so on.
Unsuspecting users, especially company employees, who were cyber criminals’ target of choice last year, would download malware or login pages used for phishing.
Another notable trend was malware delivered to smartphones via e-mails, giving attackers access to company’s internal networks or otherwise sensitive data through people’s mobile devices.
Cyber security experts remain in short supply, but F-Secure is addressing this. The Finnish cyber security company has academies in Denmark, Finland, and now in the UK with last year’s acquisition of MWR InfoSecurity.
In the video below, Donato Capitella, Principal Security Consultant, explains how they school their fresh cyber security industry recruits to infiltrate networks as part of their training. This includes hacking a fictitious e-commerce retailer.
The exercise demonstrates what a real end-to-end attack is like, using a phishing email with a malicious payload to establish a foothold and C2 (Command & Control) channel.
From this position, they leverage different enumeration, privilege escalation and lateral movement techniques to reach their objective. Their ultimate task is to reach one of the company’s core servers operating the automated warehouse that is in a located segregated environment behind a firewall.
Watch the three-minute video to find out more.