KnowBe4 Chief Hacker: Anything Can Be Weaponized

G Suite is now being used by cybercriminals to phish without emails.

Edward Gately, Senior News Editor

May 10, 2019

4 Min Read
KnowBe4's Kevin Mitnick at KB4-CON in Orlando, May 10.

(Pictured above: KnowBe4’s Kevin Mitnick on stage at KnowBe4 KB4-CON in Orlando, May 10.)

KNOWBE4 KB4-CON — Think that USB you’re plugging into your laptop is safe? Think again. How about a charger cord? Don’t count on it.

Those were some of the advanced malicious hacking threats shared by Kevin Mitnick, KnowBe4’s chief hacking officer, during his keynote at KB4-CON, KnowBe4‘s second-annual user conference in Orlando, Florida.

Once one of the FBI’s most wanted because he hacked into 40 major corporations just for the challenge, he now serves as a security consultant to the Fortune 500 and governments globally.

“It’s really important to train people about the scams, new trade craft and new techniques so they become more knowledgeable, and get a healthy dose of skepticism,” Mitnick said.

During his keynote, Mitnick pointed out that:

  • LinkedIn increasingly is being used to gain access to victims’ email addresses and other data.

  • Anything you plug into your computer is a potential threat, especially flash drives from an unknown source.

  • A charging cable can be weaponized to attack your system.

“The cable is becoming a keyboard,” Mitnick said. “What’s critically important is to train users in your organization about this type of attack. Show people what the danger is, and once they’re aware, they less likely will fall for it. Anything you plug in, USB or firewire, you have to stop and think.”

G Suite now is being used by cybercriminals to phish without emails, he said. All it takes is scheduling a meeting on the calendar and tricking the user into thinking a meeting is scheduled and their participation is required.

“The victim gets a meeting invite, clicks it … to join, and game over,” Mitnick said.

He also illustrated the ease of gaining access to a victim’s PayPal account, and the speed in which someone’s identity can be stolen.

“In the next five years, I don’t think much is going to change,” Mitnick said. “There will be better phishing scams, so we need to be on top of it, become better defenders, and better resources to train … and inoculate users. When people are fooled, when they realize they fell for it, it becomes the … teachable moment that people will internalize this and not fall for this a second time.”

Hemmelman-Doran_Workplace-IT-Management.jpg

Workplace IT Management’s Dorin Hemmelman

Dorin Hemmelman, lead security advisory at Workplace IT Management, a KnowBe4 partner, said USB-borne attacks are the scariest example for his customers. Its customers are small and smaller businesses, and its target market is 30-40 users.

“And anything email born, those are just scary, everything they can do with those kinds of attacks,” he said. “I think our customers are coming on board as time goes on. Everybody’s awareness of this is certainly going up. Our customers are probably on the lagging side of really getting engaged in this, but we’re certainly seeing some increased interest. We’re out here just trying to figure out how …

… we’re going to bundle some of this in with our standard practice. Will it be a separate product offering, or will we just roll it into what we’re doing and charge everybody a little bit more? It’s certainly important. When we talk to people about it, there’s usually more of a ‘that’s good to know; we’ll consider it and talk to us in a couple of months.'”

The ones that get breached are a little more nervous than the ones who haven’t, Hemmelman said.

John Bynum, service engineer with Think Tech Advisors, also a KnowBe4 partner, said he’s looking forward to meeting with his colleagues and discussing what he learned and “what should we do about it.” Its customers are small businesses with 25-100 employees.

“We’ve met with them and introduced them to this way of training, and so far we’ve signed up a few of them … there’s a breach every week in any industry, so it helps move them toward, ‘OK, we need to understand this better, we need a better handle on it, and the technology isn’t the only answer here,'” he said. “The clients we have now seem to be receptive to it.”

Read more about:

Agents

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like