22 Mar Social Engineering: Hacking Dave To The Rescue
“It’s the basics that are biting us when it comes to large-scale breaches”
Northport, N.Y. – Mar. 22, 2021
If you don’t know Dave Kennedy, then you don’t know social engineering. Or at least how to defeat it.
Former NSA hacker. U.S. Marine Corps intelligence veteran. One-time chief security officer at a Fortune 1000 company. Founder of Kentucky’s DerbyCon. Author of a number one best-selling security book. Consultant to the Emmy award-winning drama series Mr. Robot. Co-founder and chief hacking officer at Binary Defense Systems. Founder and CEO at TrustedSec.
And let’s not forget CISSP, MCSE, OSCP, OSCE, and some other certs.
Appearing on the Cybercrime Magazine podcast a week after appearances on FOX News and CNBC, Kennedy waxed on social engineering, the SolarWinds hack, and more.
Cybercrime Radio: Hacking Dave on Social Engineering
Warnings and advice from a top expert
“Social engineering is rampant across all organizations,” said Hacking Dave. “It’s always been so effective because people are trusting until they’re violated.”
This method of deceiving others to gain control over their devices is the most effective way a cybercriminal can strike. Only three percent of the malware hackers use today targets technical flaws, according to KnowBe4; the other 97 percent tries to trick users via phishing, whaling, baiting, or other social engineering scams.
Though SolarWinds’ late 2020 breach was accomplished using a more complex tactic, it’s an example of what could be coming for big businesses if users remain vulnerable.
With cybercrime costs estimated to exceed $10 trillion annually by 2025, “We have to be continuously educating employees on how to identify and prevent these attacks,” warned Kennedy.
“It’s the basics that are biting us when it comes to large-scale breaches,” he continued. “When one person is compromised, it impacts the whole organization.”
One defensive weapon is the Social-Engineer Toolkit (SET), which has been downloaded by more than two million users. Created and written by Kennedy, it’s an open-source Python-driven tool aimed at penetration testing around social engineering.
SET is the go-to for social engineering penetration tests — but there’s a lot more to be concerned about. “Passwords are the most abused,” Kennedy cautioned. “I’d highly implore people to put in multi-factor authentication on any site they can.”
Hacking Dave On Last Year’s Twitter Attack
A major coordinated social engineering attack
“We’re in an age where we share so much about ourselves online,” informs Kennedy. “You have to recognize, that does create potentially dangerous exposure for you, your family, and everyone around you.”
With a name like Hacking Dave, a white hat, and a homemade weapon, Kennedy is a real-world cyber hero. He’s someone for kids to look up to, and black hats to stay away from.
Learn more about how to prevent social engineering and Kennedy’s adventure-filled career, including the time he dressed up as a burglar (for research purposes), by listening to the full podcast episode here.
– Amanda Glassner is a staff writer and reporter at Cybercrime Magazine.
Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.