Written By Michael Ferrara
Created on 2022-09-20 17:35
Published on 2022-09-20 17:38
Fairytales are not just for children. They can teach us valuable lessons about the importance of security.
The tale of 'Three Little Pigs' depicts three siblings who decide to leave home to seek their fortunes in the world, beginning by building their own houses. The first little pig was lazy and picked straw because it was the easiest material to obtain. A second little pig built his house out of sticks, which were stronger than straw; and the third little pig built his house out of bricks, which were the strongest of all.
One night, a big bad wolf decided to try his luck at finding some dinner. He devoured the first two pigs after blowing down the first two houses made of straw and sticks. In spite of his huffing and puffing, the wolf couldn't blow down the brick house when he came upon the third house.
Evidently, the stronger the material used for building a house, the harder it is for an intruder to gain access. That’s fundamental for improving security.
Security is a major concern in the digital era. In order to protect your data and devices, you need to be aware of the various hacking techniques and methods.
The most common way hackers manage to break into a company is through social engineering. They usually send phishing emails with malware attachments or links that lead to malware sites. These emails are designed in such a way that they make the user believe they are coming from someone trustworthy, like a friend or colleague, so they will click on them without hesitation
The first thing that comes to mind when we think of hacking is a malicious person who is trying to break into a system. But what if the person who is hacking is not a malicious hacker, but instead, an honest person who wants to know how secure their system really is? This is what white-hat hackers do: they find vulnerabilities in systems and report them so that the company can fix them before it becomes too late.
The phrase " zero trust " has become a sometimes-meaningless buzzword in the security industry, but the recent Uber breach shows what it isn't. After the attacker gained access to the network, they claim they were able to access scripts for PowerShell, Microsoft's automation and management tool.
According to the attackers, one of the scripts contained credentials for a Thycotic administrator account. As a result of controlling this account, the attacker claimed to have gained access tokens to Uber's cloud infrastructure, such as Amazon Web Services, Google's GSuite, VMware's vSphere dashboard, Duo authentication manager, and OneLogin.
This is not the first time Uber has been in the news for security issues. In 2016, a hacker was able to steal personal data from over 57 million people by hacking into the company’s database. Through social engineering, the hackers gained access to Uber's GitHub account, where they obtained an API key to retrieve the names, email addresses, and phone numbers of customers and drivers.
The hackers also accessed the driver’s license numbers of 600,000 drivers. The company had to pay a $100,000 ransom to stop the hackers from releasing data on the internet. They also offered a $50,000 reward for any information leading to the arrest of the hacker.
There are as many real nightmares of security breaches as dreams made in fairytales.