I hope this letter finds you well. I have been a very good hacker this year. Did you hear about the Facebook breach? Yeah, that was me, good one, right? I mean, at least 87 million records breached! What about the Marriott breach? You know the one that gave us access to personal data for about 500 million people. Me, again!
But let’s not focus on the past – I really want to focus on even bigger and better things for 2019! So, for my Christmas wishes this year, I really would like to see things under my tree that will help me be even better at my job!
1. Open WiFi: It really is just an open door for me, and I get to be the Man in the Middle. Public WiFi networks are often unencrypted and unsecure – which will allow me to jump in and see information users are sharing, their account logins, purchases – giving me access to sensitive data such as passwords, financial data and leaving my victims open to identity theft.
2. Weak passwords: What hacker among us doesn’t love a good, weak password. You know the ones – less than eight characters, or same as login info or simply a common password like “Password01.” Just think of the fun I can have with passwords – the access to bank accounts, credit accounts – and that is just the beginning! Once I have cracked the passwords I can compromise IT assets and security controls, get access to sensitive data, so much more.
3. Unpatched systems: Santa, did you know that the most successful exploits are thanks to unpatched computers? Because many companies will not install the patch or, if they do, may not install properly – I can craft the perfect exploit that goes after what the patch is intended to fix gaining access to sensitive data.
4. Employees who like to click first, read later: These are my favorite. The ones you can dupe with a Conversation Hijacking Attack or a Business Email Compromise … or just simple malware. And, it is the gift that keeps on giving. Seriously. Year-round.
See Santa, I don’t need much. Just these few things can help me pull off even bigger and more profitable breaches!
Harry the Hacker
Guest blog courtesy of AppRiver. Read more AppRiver blogs here.