Recently, hackers found a way to abuse Microsoft support similar in architecture to the dreaded sim-swaps we see growing every year. While this comes as a shock to some, I've warned these type of attacks are easier than people think and will become more common. Sim-swapping, as a case in point, is growing rapidly because most people - including cybersecurity experts - do not understand the risks of complex systems. Many penetration tests do not account for realms outside what people expect and this completely misunderstands attackers.
Check out the highest-rated Automating ETL course on Udemy, if you're interested in data. From some of the reviews:
I've been able to adapt much of Tim's ETL architecture and deploy new/augment existing procedures in a variety of Data warehouse applications - mostly by augmenting existing SSIS packages with PowerShell code (to shred XML, JSON), and to dynamically render SSRS reports (querying SSAS cubes). This course is worth every penny paid.
Attackers Have More Tools That You Know
I made one point to an audience a few years back regarding cybersecurity: when development complexity increases - a common observance - attackers have factorial growth attack vectors. Penetration tests cannot keep up with this factorial growth - the time and resources it would take would be enormous. The big reason for this is as complexity increases, the understanding of each interaction of the system decreases. If we have a simple system with two entities that can have four interactions between the entities, we have a strong idea of our system.
By contrast, if we have a complex system of a thousand entities with at least four interactions per other entity (and these entities can have a growth of interactions such as going from four to eight), we have little insight into the system as a whole. This says nothing of the complex systems which are constantly adding new entities along with the existing entities as well as adding new interactions for each entity.
If you want to avoid losing over $89,000 like this guy, check out The Millionaire Guide To Digital Security. Don't focus on your returns if you don't know the basics of security.
Attackers Have the Advantage
Attackers will always have the advantage because attackers live in the world of results - they only get "paid" if they get results. No one else lives by this. As one senior official in the United States Military said - paraphrasing him, "While we had always been successful at defending on the perimeter, we came to the realization that we could never fully secure our systems." No amount of penetration testing can cover every possible vulnerability when we're talking about complex systems. Unfortunately for many people - as in the case of this Microsoft situation - many people will discover this the hard way.
Are you looking to review your firm's security? This post is sponsored by FinTek Development, a company that produces data and security solutions for businesses. Get an outside view of your security practices and how you can enhance these to minimize attacks. Image from Pixabay.