(Pictured above: KnowBe4’s Kevin Mitnick on stage at KnowBe4 KB4-CON in Orlando, May 10.)
KNOWBE4 KB4-CON — Think that USB you’re plugging into your laptop is safe? Think again. How about a charger cord? Don’t count on it.
Those were some of the advanced malicious hacking threats shared by Kevin Mitnick, KnowBe4’s chief hacking officer, during his keynote at KB4-CON, KnowBe4‘s second-annual user conference in Orlando, Florida.
Once one of the FBI’s most wanted because he hacked into 40 major corporations just for the challenge, he now serves as a security consultant to the Fortune 500 and governments globally.
“It’s really important to train people about the scams, new trade craft and new techniques so they become more knowledgeable, and get a healthy dose of skepticism,” Mitnick said.
During his keynote, Mitnick pointed out that:
- LinkedIn increasingly is being used to gain access to victims’ email addresses and other data.
- Anything you plug into your computer is a potential threat, especially flash drives from an unknown source.
- A charging cable can be weaponized to attack your system.
“The cable is becoming a keyboard,” Mitnick said. “What’s critically important is to train users in your organization about this type of attack. Show people what the danger is, and once they’re aware, they less likely will fall for it. Anything you plug in, USB or firewire, you have to stop and think.”
G Suite now is being used by cybercriminals to phish without emails, he said. All it takes is scheduling a meeting on the calendar and tricking the user into thinking a meeting is scheduled and their participation is required.
“The victim gets a meeting invite, clicks it … to join, and game over,” Mitnick said.
He also illustrated the ease of gaining access to a victim’s PayPal account, and the speed in which someone’s identity can be stolen.
“In the next five years, I don’t think much is going to change,” Mitnick said. “There will be better phishing scams, so we need to be on top of it, become better defenders, and better resources to train … and inoculate users. When people are fooled, when they realize they fell for it, it becomes the … teachable moment that people will internalize this and not fall for this a second time.”
Dorin Hemmelman, lead security advisory at Workplace IT Management, a KnowBe4 partner, said USB-borne attacks are the scariest example for his customers. Its customers are small and smaller businesses, and its target market is 30-40 users.
“And anything email born, those are just scary, everything they can do with those kinds of attacks,” he said. “I think our customers are coming on board as time goes on. Everybody’s awareness of this is certainly going up. Our customers are probably on the lagging side of really getting engaged in this, but we’re certainly seeing some increased interest. We’re out here just trying to figure out how …