“There is a guaranteed weakness in any security system: the human heart.” The controversial sentence was said by CJ, the main character GTA San Andreasin 2004, but it still serves as a lesson for companies like Rockstar Games, the game’s developer. The interactive entertainment giant recently suffered a major hack, with GTA 6 leaked that may have The human factor as the main vulnerability.
In addition to Rockstar, another big company has recently invaded Uber, and the perpetrators of both attacks may be under the age of 16. But how did the young man gain access to the files of the billionaire multinational companies? It seems to have been the main weapon of cybercrime Social engineering.
A very old and rudimentary concept in digital security, social engineering does not require high-tech equipment or advanced knowledge to carry out attacks. method bets Manipulating people to gain an advantageAccess systems and gain privileges to cause greater damage.
Manipulation and ingenuity are key ingredients in social engineering attacks
“Social engineering scams are built on how people think and act,” explains security firm Kaspersky. “Once an attacker understands what motivates a user’s actions, he can effectively deceive and manipulate them.
Like pre-Internet scammers, social engineering hackers create narratives to engage and deceive victims. Whether it’s an email from your boss asking for data, or a “supermodel” texting you about a job, an attack can happen at any time.
According to statements from Uber and Rockstar, the companies experienced a social engineering attack that targeted employees to gain Slack logins. The messaging app, which works like Microsoft Teams, has a Discord-like interface and is used by companies for remote work.
In a statement to TecMundo, Slack said it is investigating incidents involving Uber and Take-Two, which owns Rockstar, but the company says it has found no evidence of vulnerabilities in its services. Software or hardware security: Hackers have taken advantage of the ingenuity of company employees to gain privileged access.
Hackers took advantage of employee intelligence to gain privileged access
With the pandemic and the rise of the home office, platforms like Slack have become an important part of many employees’ daily lives, which ends up creating security holes. Now, sensitive materials that would be out of reach on the internet, such as GTA 6 gameplay videos, are shared on online platforms to facilitate development routines.
So, with just one access certificate obtained through social engineering, hackers can get hold of a huge amount of data. In Rockstar’s case, around 3GB of details about the game were mined and released, in addition to the alleged source code for GTA V and GTA 6, which created a major problem for Rockstar.
According to William Bergamo, co-founder and vice president of New Business at e-Safer, some companies still don’t take digital security seriously with the threats brought by the back office. “In terms of information security, the issue of remote work is a big challenge that is unfortunately still neglected by many companies, regardless of size.”
According to the expert, remote work leaves the employee and his data in a minimally controlled environment, which facilitates information theft. And even if just one login is stolen, the damage can be massive, as the recent cases of Rockstar and Uber show.
Protection against social engineering
While antivirus software can block malware, social engineering protection requires deeper and more dedicated training from companies and employees. “It is extremely important to have an information security policy, to promote awareness campaigns, followed by training to evaluate these trainings,” explains Bergamo.
In addition to raising employee awareness, the e-Safer chief recommends companies segment access and adopt a “zero trust” policy. So if an employee is hit, the entire business data chain is not affected.
Another simple solution to help protect your logins is classic two-factor authentication. Whether it’s a dedicated app or a simple email. By mail or text message, the solution already guarantees an extra layer of protection if you don’t share the information with a hacker.
Finally, it pays for the employee to be on the lookout for possible strange behavior, from emails that look suspicious to links that may contain fake forms. Since humans are the weak point of social engineering attacks, it is ideal to pay attention so that you do not end up being a victim.