CyberScream - Hacking Like a Ghost(face)

CyberScream - Hacking Like a Ghost(face)
Aaron Moss
Author: Aaron Moss

It’s that most hauntingly wonderful time of year again! Halloween is upon us, along with the dread of Q4.  Are compliance horrors putting you in a ‘SAW’ like predicament, compelling you to navigate through agonizing trials just to make it to the end of the year alive?  Secure Ideas’ resident Horror Nerds, Kathy Collins and Aaron Moss, are slicing and dicing up the news to examine recent attacks from a hacker’s perspective. We’ll talk about some well known and not-so-well known attacks.  We’ll discuss our thoughts on what’s been reported about the attacks, and calm your fears about our own methods for reenacting similar horrors the Professionally Evil way.  (NOTE: Secure Ideas had no involvement in these reported breaches.  We are basing all commentary on news reports.)

While wrestling with your organization's security may feel like you are starring in your own slasher film, rest assured we are here to prevent your enterprise from meeting a grim fate.  So grab your hunting knife, slip into your black robe and put on your Father Death mask…then come join us on October 18th as we (s)talk about the following breaches: 

Casino Hacks

We’ll talk about ‘A Nightmare on Las Vegas Boulevard,’ a chilling tale of the latest hacks that are lurking in the dark closets of many delicious brains - the OMG Resorts International and Emperors Entertainment attacks.  Reports coming out suggest that social engineering attacks, including vishing, phishing, and MFA fatigue could be responsible for initial access. We’ll discuss the factors that are influencing this, and how we would approach it during a penetration test.  

Scarab Iris Breach

In a chilling 2021 event, researchers found a misconfigured AWS bucket belonging to mass marketing firm Scarab Iris was oozing over 1 GB of exposed data.  Most of the data was reportedly personally identifiable information (PII), with quite a bit of it being sales leads.  While this data might be information you can find in several different public locations, this data was aggregated and allegedly belonged to Scarab Iris’s customer base.  We’ll talk about why that’s still bad news, including exposure to all sorts of legal issues, reputational harm, and ease of access for serial killers.  And we won’t ignore the glaring don’t go in the basement alone mistake that could have been avoided here.

SleekArmor Data Breach

This 2020 breach slipped under the radar of many folks. Mobile device case retailer SleekArmor suffered a data breach that exposed the personal data of over 850,000 customers.  This tale gets extra creepy because the attacker provides a complete rundown of their diabolical deeds, not unlike the type of penetration testing report we provide after an engagement.  Except, we actually have permission from our clients.  Our Professionally Evil crew will rip apart the “Penetration Test Results” limb from limb, explaining why we believe that (to paraphrase Scream’s tagline) someone has taken their love of hacking one step too far

Register for the Webcast

So, what is your favorite scary movie?  What about your favorite hack (and slash)?  How can you dodge such horror movie pitfalls, ensuring your company doesn’t become the next victim? We’ll chat about all of this and more on October 18th at 1pm EST.  Register now before it’s too late.  We’ll be watching… and waiting.  (With all apologies to Kevin Williamson.)

Join the Professionally Evil Newsletter