As anti-malware tools improve, attackers look for other easy attack vectors. Social Engineering is one of those attack vectors. Using Case Project 2-4 found in your text as a guide, create a scenario that could be
used to train an organization’s employees on this potential attack. Keep in mind this is a wetware attack.
Explain how your scenario will provide information that would be beneficial to the attacker in future exploitation of the organization.
Hello professor and class,
I have worked for companies that have used wetware attacks to train employees. The easiest method would be to send a test email at random intervals from a known domain name and type it personally so there are no misspellings. It would have the employee click a link that takes them to a backdoor site that
the hacker would normally use to gain all the personal information on their desktop. Instead it would take a screenshot, blacking out any sensitive information and would be brought up as an example in a meeting once the test is concluded. As best practice I would recommend the employees to forward any suspicious emails to their security compliance officer or IT department and require training modules for the employees that opened the email. The next actions upon having this meeting would involve retaining files for more than 90 days, creating a GPO that backs up important files more frequently, and setting up a CPU usage clock and only allowing it up to 70 percent. Another precaution would be prohibiting employees from logging into personal emails or social media platforms on their desktops or company devices.
