Social Engineering Reminder Skymaster Red Team

1
Social Engineering ReminderSkymaster Red Team

• Denise Sumikawa
• LBNL Computer Protection Program Manager
• cppm_at_lbl.gov
• cyber.lbl.gov
• November 19, 2008

2
Social engineering Dont get tricked!
Why spend hours breaking in when a few simple
emails will do the trick!
or well placed thumb drives
or mailed CDs
or phone calls
3
Thank you for registering!

• Subject www. vertical. com registration
• From Various
• Date Sat, 5 June 2008 0930 - 0937 (Eastern)
• Thank you for registering with vertical. Your
  temporary PIN is
• 459578
• Once you enter this PIN, you'll be prompted to
  change it to a different 6-digit code of your
  chosing.
• If you encounter any difficulty with the site
  registration process, please call us 24 hours a
  day, 7 days a week.
• http//www . vertical . com/support-documentation.
  html

4
Its your duty!

• From Centers for Disease Control and Prevention
  programs_at_cdc.govname
• Sent Monday, November 10, 2008 1148 AM
• Subject Government Health Program
• In attention of (real manager at LBNL)
• Within the last few years there has been a
  continue increasing of work-related diseases. A
  large part of interviewed personnel (about 65)
  thought that stress at work was one of the
  essential factors for the occurrence of some
  diseases.
• Centers for Disease Control and Prevention (CDC)
  has started a graduate program that instructs the
  employees to detect and avoid as much as possible
  the risk factors that may lead to circumstances
  that cause stress related disorders shown as
  factors of work environment.
• This is a Governmental Program and your duty is
  to verify that the attachment youve received is
  complete (if not you can find it here
  lthttp///DiseasePreventiondotdocgt
  ), and forward it to all employees.
• Laura Carielli, MD
• Work-Related Diseases
• Project Manager

5
Required DOE training, complete immediately!

• Subject HSPD-12 Identification Briefing
• As identified by Executive and Department of
  Energy (DOE) orders, all DOE and National Nuclear
  Security Administration (NNSA) Federal and
  contractor employees, and other government agency
  personnel detailed to the DOE, regardless of
  their security clearance status, will be
  participating in the switch to the new HSPD-12
  badge system. The DOE HSPD-12 Identification
  Briefing (HIB)......EMPLOYEES RECEIVING THIS
  NOTICE ARE REQUIRED TO COMPLETE THIS BRIEFING
  IMMEDIATELY.
• Link http//www.energyoclc.net/HSPD12Training/

6
What can you do?

• NEVER TRUST AN EMAIL SENDER
• Never trust an email just because it appears to
  be from a legitimate address.
• ALWAYS CHECK THE CONTENT
• Bad spelling and grammar is a dead giveaway.
• DON'T OPEN ATTACHMENTS OR CLICK ON LINKS
• It may trigger the download of malicious code.
• It may steal information from you without your
  knowledge.
• UPDATE YOUR COMPUTER SECURITY
• Keep you computer patched and software
  up-to-date.
• Get an antivirus program (and keep it updated).
• Use a personal firewall.

7
What can you do?

• NEVER GIVE OUT YOUR PERSONAL DETAILS
• Even if an email looks authentic, it more than
  likely isn't.
• VISIT SITES DIRECTLY
• If you need to enter your account details, only
  go there by typing the site's address directly
  into the browser.
• WATCH FOR SECURE WEBSITES
• Look for the HTTPS and the Yellow Lock when
  submitting sensitive information.
• IF IN DOUBT.DONT DO IT!
• If you have even the slightest suspicion that a
  email is not 100 legitimate, don't click or give
  out any of your details.
• Report it quickly to cppm_at_lbl.gov

8
Social engineering attacks are REAL

• Real attack compromised 3 DOE Labs in early 2008
• Phishing email was used to gain initial foothold
• Gained control of significant portions of the
  network
• Exfiltrated PII and other sensitive data
• Two DOE Labs still trying to contain attack
  (months later!)
• Similar DOE HSS Red Team attacks in Spr/Sum 2008
• Users at 3 SC Labs fell for social engineering
• Phishing email, CD via USPS
• Gained control of entire network
• Exfiltrated PII and other sensitive data
• Attack went undetected at compromised Labs for
  several months

9
Dr. Orbach is calling for cyber improvements
across Office of Science (SC)

• Skymaster Red Team
• SNL led team comprised of multi-lab members
• Have nation-state skill and tools
• Activities now through mid-January 2009
• External scanning of all 10 SC Labs
• Internal vulnerability assessments of 2
  unidentified SC Labs
• Will use phishing emails and other social
  engineering techniques!

Be extra diligent - watch for unsolicited email
and mail!
10
Remember When in doubt

• Dont click links!
• Dont open attachments!
• Report it quickly to cppm_at_lbl.gov

11
Resources

• Computer Security Annual Refresher
• http//www.lbl.gov/cyber/training/
• Updates list of examples
• www.lbl.gov/cyber/services/targeted-phishing.html
• Cyber Social Engineering Training
• www.lbl.gov/cyber/guidelines/social-engineering.ht
  ml