| ▲ | z3ugma 3 hours ago | |
What always gets me about these red team attacks is the same thing that gets me about internal phishing test emails. My company sent an internal phishing test last week. Several people immediately reported it to a cybersecurity engineer, posted about it in Slack, saying they were surprised that such a sophisticated phishing attack was happening. I too was surprised - Google is usually much better about catching these kinds of things in the GMail filter before they get through. Oh well, sometimes one slips though. Reported it and moved on Come to learn that the only reason it made it through is because we let it through _on purpose_. By analogy to these red team attacks: _theoretically_ someone could rent a car, pose as an employee, and set up a Raspberry Pi in the network. But who would go to all that trouble? Theoretically, someone could craft a perfect phishing attack, but who would go to all that trouble? Spray-and-pray, low precision, high surface area, attacks are the ones I end up reading about. The only reason this attack vector was open is because the red team stood to gain a massive benefit from succeeding in the attack. What real-world actor would go to the trouble and stand to benefit as much? | ||
| ▲ | toast0 an hour ago | parent | next [-] | |
> Theoretically, someone could craft a perfect phishing attack, but who would go to all that trouble? Spray-and-pray, low precision, high surface area, attacks are the ones I end up reading about. I've been at a company that was well targetted. I forget which group it was, but they were got into a lot of customer service sites that week; not ours, but we had some near misses. Almost got me, sent me an email from the boss with 'The blog is down' and a link ... I was checking my mail on mobile as I was out the door, but of course mobile doesn't show any useful headers like from address. | ||
| ▲ | lnsru 2 hours ago | parent | prev | next [-] | |
Imaginary country called Nicha can’t buy lithography machine from imaginary company called SAML. Nicha can kidnap some scientists and torture them to get all the secrets. But it’s not elegant. Nicha can pay a lot for hacking and get the result in anonymous way. I guess 8 figures can be paid easily for these secrets. With that money “red team” can launch very nice multifaceted social hacking attack. | ||
| ▲ | lokar an hour ago | parent | prev | next [-] | |
I remember at some point Google disallowed more phishing attacks from red teams. Nothing new was being learned. They always work. | ||
| ▲ | Volundr an hour ago | parent | prev [-] | |
> But who would go to all that trouble? I mean, a company I worked at had a significant amount of money stolen after the attackers spent 6 months sitting on their access waiting for the right moment to fake an (expected) reply to an email exchange. The original breach (or at least the breach of this executives account) involved a very targeted phish. When the potential payout is millions it justifies a lot of effort. | ||