312-50V10 · Question #696
You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking d
The correct answer is B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or. When technical defenses at a highly secure target are too strong to defeat directly, social engineering - manipulating trusted insiders - is the most realistic attack vector. This approach exploits the human element rather than technology.
Question
You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed?
Options
- ALook for "zero-day" exploits at various underground hacker websites in Russia and China and buy
- BTry to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or
- CLaunch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000
- DTry to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn
How the community answered
(55 responses)- A15% (8)
- B73% (40)
- C9% (5)
- D4% (2)
Why each option
When technical defenses at a highly secure target are too strong to defeat directly, social engineering - manipulating trusted insiders - is the most realistic attack vector. This approach exploits the human element rather than technology.
Zero-day exploits purchased online are still technical attacks that a high-security bank environment may detect, sandbox, or have already mitigated through network isolation.
Social engineering by befriending a disgruntled or underpaid employee near the workplace targets the weakest link in any security model - humans. Insiders can provide credentials, bypass physical access controls, or reveal sensitive information that no technical exploit could uncover, making this the most viable approach against a hardened, well-patched target.
DDoS attacks against routers and firewalls disrupt availability but do not grant unauthorized access to classified data stored on the mainframe itself.
MiTM attacks require viable network interception points that a highly secured, internally isolated mainframe environment would not expose to an outside attacker.
Concept tested: Social engineering as primary vector against hardened targets
Source: https://www.cisa.gov/sites/default/files/publications/socialengineering_0.pdf
Topics
Community Discussion
No community discussion yet for this question.