Badge Surfer Attack – Physical Security – SAUDI ARAMCO BREACHOrhan Sari
Badge Surfer Attack – Phishing security test tool – HOW IT REALLY HAPPENED: NINJIO SEASON 2, EPISODE 1, SAUDI ARAMCO BREACH
In our 1st Episode of Season 2, one of the world’s largest oil producers has roughly 35,000 of its computers shut down in a matter of hours due to a malware attack. After turning off the remaining systems, they scrambled for days trying to figure out what to do. Even after paying a large sum of money to get new systems quickly, it wasn’t quick enough. The tankers lined up waiting for their oil and the paper system wasn’t cutting it. At the end of the day, the CEO decided to give the oil away for free as that was the fastest method of getting tankers in and out and keeping their customers.
We learn that the source of the breach was two attack vectors that commonly go together: a badge surfer who then proceeds to take pictures of passwords. Something he was able to do because employees were violating their clean desk policy.
Details of the worst hack in history explain how hackers were able to disrupt a Saudi oil company, Saudi Aramco.
Hackers have turned to oil and gas companies as a target because of their ability to cause major destruction such as explosions.
This article covers the aftermath of the data breach. IT administrators were forced to take the entire system offline after malware took 35,000 computers offline.
“Tailgating,” “badge surfing,” and “piggybacking” are all terms given to a security issue where a hacker follows an employee into a secured area. The employee does not ask for credentials for fear of being rude.
Clean desk policies avoid the security risks of piggybacking. This article explains the policy and how it can help with security and social engineering.
Due to the nature of phishing, your colleagues and employees have become the weak link in your cybersecurity.
Our industry-leading Phishing security test tool allows you to test and quantify that human vulnerability safely and proactively by sending benign phishing attacks to your team, tracking their actions and reporting back to you.
We don’t stop there, our Phishing security test tool is fully-integrated with our Awareness Educator to automatically place employees who are caught by our phishing simulations onto appropriate e-learning courses to improve their vigilance to genuine phishing attacks
Scheduled & Targeted
Keepnet’s Phishing security test tool Simulator module allows you to create unlimited departments, groups, teams and individuals so you can schedule and target your phishing tests in a very targeted and granular way.
The available Phishing security test tool content is varied and effective to provide a robust test to your organisation’s security. We are constantly developing new content to respond to real-world threats and trends.
Tracking & Reporting
Keepnet’s Phishing security test tool tracks all user activity allowing you in-depth analysis of performance over time. This gives you full visibility on improvements and trends — from the whole organisation down to individual staff members.
Learning & Development
Keepnet Labs has an Education Awareness module which integrates with the Phishing Simulation module to automatically send staff members to the appropriate learning and development pathway if they fail a phishing simulation.
Our phishing simulations are completely customisable and the platform even allows you to run your own content if you have specific threats you wish to test against.
Quick Launch Feature
The Keepnet platform is designed to put you in control. Our quick launch feature makes scheduling and running campaigns a simple point and click operation.
Phishing Test Security Tool
Phishing test software – No matter how secure your infrastructure is, the weakest link in your security chain is your employees, because they can easily be hacked.
Using phishing techniques, it is simple to impersonate people acquainted, and get the information needed. Thus, traditional security solutions are not enough to reduce these attacks. Through pPhishing security tests – it is possible to send fake emails to test users, and test employees behaviour with the phishing email.
Phishing security tests are effective to see vulnerability and built mechanisms to businesses to fight against attack vectors, such as spear-phishing attacks.
Keepnet Labs phishing security test software, phishing simulator, is a cost-effective and influential way of executing simulated phishing test and fake attacks. Keepnet Labs phishing security test software, phishing simulator can test your employees’ behaviour against phishing attacks.
Phishing simulator enables custom phishing templates that were built by security experts. Also, you can select or create the scenarios to be used in your phishing security test.