From: thepipeline_xyz
Attackers often target three core things: funds, access, and data [00:00:00].
What is “Access” in this Context?
“Access” refers to the ability to use an individual as an interception point to people around them [00:00:09]. This includes colleagues, friends, family, or other individuals associated with the target [00:00:16].
Why is “Access” a Target?
If an attacker gains access to an individual’s account, they can leverage that access in campaigns, such as spear phishing, to gain access to someone else’s accounts [00:00:25]. Examples include sending malicious meeting invites [00:00:34].
Mitigation
A strong handle on potential points of failure is crucial [00:00:46]. This involves inventorying potential vulnerabilities and starting to create an attack surface map to identify points of concern [00:00:53]. Once identified, these issues can be tweaked and mitigated [00:00:59].