Back

Social Engineering Leads to Unauthorized Network Access

Severity: Medium (Score: 51.1)

Sources: Theregister

Summary

Brandon Dixon, a former penetration tester, successfully gained root access to a company's network by impersonating an executive. He called IT support, claimed to be the head of security, and requested a password reset, which was granted despite failing challenge questions. This incident highlights significant flaws in the company's security protocols, particularly the lack of verification procedures. The IT staff prioritized appeasing an executive over following established security protocols. Dixon's experience underscores the dangers of social engineering and the need for robust verification systems. He later implemented a 'Chal-Resp' system to prevent similar incidents in the future. The company involved has not been named, and there are no reported breaches of sensitive data at this time. Key Points: • An intruder gained root access through social engineering by impersonating an executive. • IT staff failed to follow security protocols, prioritizing executive convenience over security. • Dixon's experience led to the creation of a challenge-response system to enhance verification.

Key Entities

  • Phishing (attack_type)
  • Social Engineering (attack_type)
  • CWE-287 - Improper Authentication (cwe)
  • ent.in (domain)
  • sitpub.com (domain)
  • [email protected] (email)
  • T1566 - Phishing (mitre_attack)
  • Chal-Resp (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed