Seriun have recently delivered their Live Hacking seminar for The Business Network at Hyatt Regency Manchester earlier this month.
Due to the success of their first Live Hacking event in April, Seriun were approached by Helen Bennett, owner of The Business Network, to deliver their Live Hacking Demonstrations workshop to their membership.
The business network launched over 28 years ago to bring together business leaders to develop meaningful relationships and learn about each other’s businesses. They operate a monthly business event where members meet to connect and collaborate with one another.
The Live Hacking session was introduced by Seriun’s Business Development Manager Bryn Speed who set the scene. He outlined who was on “stage” and what equipment would be used for the demonstrations. Wayne Fulton, Head of Cyber Security at Seriun, presented the seminar taking on the role of hacker, while Richard Lee, Seriun’s Technical Director, played the part of the victim.
Wayne explained: “We deliver ethical hacking sessions like this to educate business owners and managers in best practice cyber security measures to defend against hacking attempts. We show them how easy it is for someone to break into their networks and systems using basic tools that can easily be bought online. But the solutions we recommend can be implemented straight away to help prevent successful attacks.”
Wayne’s demonstrations began with a wireless LAN attack which quickly compromised Richard’s wireless network and connected to his router. The password was cracked in minutes. Wayne then continued with scanning and enumeration. After scanning for devices, he found a device he wanted to target and used an enumeration technique to identify vulnerable services. This process naturally led to a Brute Force attack, which automatically scanned for and found a matching username and password for the device – again within a couple of minutes. Wayne gained full remote access to Richard’s computer and all his sensitive files and information were stolen.
The final demonstration was a USB rubber Ducky attack. Wayne showed the audience the potential consequences of plugging a random USB device of unknown origin into your computer. Remote access to the device and network was gained within seconds. Despite the USB being unplugged, the hacker still has full access to all areas with the ability to create a new user account and change your password.
Wayne concluded by explaining how gaining the Cyber Essentials accreditations can significantly help prevent the attacks demonstrated. He explained that Cyber Essentials is a government backed scheme, which guides a business through various cyber security assessments to ensure they have implemented the IT security measures required to protect their business, their data, and their customers data. He clarified that Cyber Essentials Plus is the advanced certification, which offers technical verification of cyber security assessments by an official Cyber Essentials assessor.
After the event, Helen Bennett thanked the Seriun team: “Thank you for your excellent pre-lunch seminar at our recent Business Network event in Manchester. It was very impressive and the feedback from all who attended has been extremely positive. We look forward to seeing you again soon.”
Seriun are an official IASME Cyber Essentials Certification Body. IASME have been chosen by the Government’s National Cyber Security Centre (NCSC) to be their sole Cyber Essentials scheme partner.
If you are interested in finding out more about any of Seriun’s cyber security solutions, or in becoming Cyber Essentials accredited, please contact the Seriun Cyber Security Team on 01282 500770.
If you would like to find out more about becoming a member of The Business Network, please visit their website: www.business-network.co.uk
– Advice on preventative measures:
How to strengthen your cyber security in times of uncertainty
– An exploration into the different types of phishing and what to look out for:
The dangers of phishing and cyber crime
– An in-depth review of phishing tactics across email, websites and landing pages, with detailed analysis of a phishing email highlighting the dangers:
Phishing – the red flags