Report Shows Pressing Danger of BEC Attacks

On this the spookiest of all months, we once again delve into the realm of the unknown and terrifying for another instance of Cyber Security Stories that will keep you up at night. So gather around as we tell more terrifyingly true tales.

The Shining (Lights on the Server) The Tale:

The new job at the hotel was just what Jack needed, it was going to be an easy gig; overnight auditor. All he had to do was make sure the books balanced for the day, and once a month change the tape backups in the hotel’s server room. The previous employee had been let go for not performing this tape backup duty. Though Jack had never performed this type of work he had lied on his resume and mentioned a strong technical background, the managers believed him.

“How hard could this be, it must be like a cassette tape.” A month went by and Jack had balanced the books each night, earning the respect of the management. He was doing an amazing job, but tonight was the night he needed to change the tape backups. Not wanting to let on to management that he had lied on his resume he assured them again he knew exactly what to do.

After he had balanced the books he walked to the server room, the door creaked loudly as he opened it, inside lay the large server rack, each light shining in the darkness. Jack frowned heavily, he had no clue what to do, but surely it couldn’t be that hard. He opened the server rack and located three blinking lights, “That must be the tape drives.” He pulled two what he believed was two of the tape backups at once, threw them into the box marked “backups” and did what he did every night, watched Netflix on the front counter computer.

The next day his phone rang, it was the manager. “Jack do you care to explain why the servers are down and the tape backups from six months ago still haven’t been changed out?” Jack hung up the phone, and was never seen at the hotel again. To this day the hotel sits abandoned, Jack’s actions having doomed the hotel and all her staff.

The issue:

There are several lessons to be learned from this haunting tale. The first being proper employee training. Had management actually taken the time to ensure Jack was able to perform the tasks that had been assigned to him, they would have realized that what Jack thought was the tape backups was in fact the servers hard drives, him pulling both of the drives broke the array, making the data useless.

The second issue being, not ensuring the data had been backed up in the first place. The employee before Jack had not been performing the tape backup duty, and yet management hadn’t changed the tapes themselves after they discovered this. With the server’s data gone, and no backups the hotel was forced to close its doors; forever.

(Shadow) IT Part II

Mike’s younger brother Georgie had gone to work for King Productions a year ago and had told him about the atrocities that were being committed at the company. “We all upload here, Mike, We all upload here, especially to Dropbox and Google drive.” Georgie had explained to Mike when Mike had questioned his brother on how the company backed up their data to the cloud. Mike was appalled at this story and took it upon himself to right this wrong. “Georgie you need to talk to your manager or security team about shadow IT.” The mention of shadow IT made the blood drain from Georgie’s face. “We don’t talk about, shadow IT. We don’t ever talk about shadow IT.”

The next day at work Georgie was having issues with the new scanning software that the company had rolled out last week. “Please update your drivers.” the message box read. Georgie did what any other employee at King Productions would have done, a quick google search for ‘update your drivers.’ Georgie clicked the first link that popped up, and the download began, it only took seconds and the program began to run. A few moments later Georgie received a call from the security operation center’s analyst “Georgie, we are getting some odd readings from your machine, did you try to download Driverfixit.exe, because that program is actually malware. We were just lucky that our scanners caught it. You should have called the helpdesk. After all, you’re not part of IT.”

Georgie stared at his screen, the realization washing over him, he had participated in shadow IT, he had become part of shadow IT, he would be forever known as one of the shadow IT people.

The issue:

Another chilling tale of shadow IT, but this one explores the darker side of shadow IT. When end users begin to take it upon themselves to download programs without proper= management, who really knows what might be hiding in those programs? The boogeyman is back and he is smarter, craftier, and more agile than ever. Get in touch with a SecureNation professional today to begin the conversation, together we will turn your dread into a thing of the past.

Share This