
While phishing, spearphishing, and malicious web links are probably among the most common attacks used by hackers to infiltrate an organization, some old-school techniques still exist—and are just as effective as hacking techniques due to the focus on more modern methods.
Here are five “forgotten” attack methods to watch for and ensure your organization is safe from unauthorized access.
The irresistible USB drive
As a curious human, what would you do if you found a USB drive lying on the ground? Most people would pick it up and insert it into a computer to see its contents, but by doing so, you may just have infected your computer and/or network with a virus. Hackers prey on human nature, and a discarded or lost thumb drive is a tempting treasure.
There are two popular methods that hackers can use: –opening a document on the thumb drive and using a “rubber ducky.”
Opening a Word document with an enticing file name prompts the user to enable macros. Enabling macros allows malicious code in the file to run on the computer, installing viruses, capturing keystrokes, or creating backdoors for later use.
A “rubber ducky” is a small computer that looks just like a USB drive and tricks the computer into thinking it is a new keyboard or harmless device it needs to install, thus bypassing any anti-virus or other defenses.
One way to combat these tricks is to disable USB drives on laptops and computers. Another is to educate users on the dangers of seemingly innocuous things such as picking up a thumb drive and plugging it into a computer.

Unsecured network access points
Hollywood loves this trick—someone sneaks into an office building and either gains access to a server room or networking closet and can hack the entire network by plugging in a laptop or accessing a conveniently-located terminal and furiously typing away while a timer runs.
While it adds to the drama of any good flick, having unsecured wireless access points is never a good idea. Are you properly securing all of your switches and networking equipment? An unlocked network closet could allow anyone in to cause damage to equipment or use a switch port to access the network. LAN turtles are particularly nasty devices that are likely to go unnoticed while gathering data, installing software, or facilitating man-in-the-middle (MITM) attacks anywhere on the network.
Network admins should consider restricting physical access to networking equipment at all times, disabling ports that are not in use, and restricting a general work area’s network access by MAC addresses.

A lost or stolen laptop
Laptop owners have probably left a laptop in a car at some point in their lives, whether purposefully for a grocery run or accidentally in a rental car. A laptop can give thieves access to confidential resources, possibly even VPN access to a corporate network if stolen. It is essential to have security measures to restrict automatic VPN connections, encrypt hard drives, and require strong passwords to wake or access laptops. Using multi-factor authentication (MFA) is another common practice to prevent unauthorized access.
In this scenario, “Bob” left his laptop in a rental car when returning it to the agency. He didn’t immediately report it but was relieved when the rental company called him the next day and said they had it. Bob plugged his laptop back into the network at work and unleashed a virus. He had also unknowingly shared confidential blueprints because they were unencrypted. Better security practices for mobile or portable devices can prevent this nefarious activity.
Free Wi-Fi, Sweet!
People who travel for work are likely at higher risk for cybersecurity crimes than those who do not. Finding a place to connect to Wi-Fi between meetings or during lunch is common, but not all wireless networks are safe. Workers conducting business on corporate laptops should not connect to unsecured wireless networks of any kind. They should understand bad actors can be lurking nearby with fake wireless networks designed to steal your information.
Securely tethering a laptop to a phone or corporate mobile hotspot is a safer way to access the internet or VPN resources while in public places and generally will be faster, too.
As IT professionals, we must do everything we can to safeguard ourselves against cyber threats. We find ourselves trying to keep up with new technologies and attack vectors and often forget some of the most basic security principles.
More Cybersecurity Articles
Hackers Use Coronavirus to Exploit Human Nature
As expected, hackers are taking advantage of people and companies during the COVID-19 pandemic. In the past, hackers used real-world events to prompt people to click links or open malicious email by sparking concern or a need in order to remain healthy or safe....
Backup and security go hand-in-hand
Russia, the United States and many points in between have been hit by what's now a common form of cybercrime. Ed Wallace, MWR Infosecurity: Ransomwares become a tool of choice for all sorts of criminals simply because it's very, very easy to make money very quickly....
Real Life Ransomware Protection with Global Data Vault
This recent case of ransomware protection and recovery is a great example of the effectiveness of Global Data Vault's services which are usually a powerful but mostly invisible security blanket, working quietly in the background to safeguard company data. It's only...
How Coronavirus Could Affect Your Network Security and Business Continuity
In an unprecedented response to a new human virus, upwards of 60 million people are currently in quarantine in China and the Chinese government is engaged in a desperate battle to get control of COVID-19, the newly emerged coronavirus. At the time of writing, even...
0 Comments