Lateral attacks

More than ever there is a need for healthy paranoia in how we deal with all communications we receive.

Cyber Security

The other day I was looking at Facebook and a post appearing to come from one of my relatives outlining how they had made easy money based on a guide on a website they had found.   The post seemed out of character and therefore I treated it with a healthy amount of paranoia.   Having contacted my brother in law via text it became apparent he hadn’t posted the comment on social media.  He had in fact been hacked however prior to my text he was unaware.

This highlights the dangers of lateral attacks.   Rather than come straight at us the cyber criminal attempts to get to us via a trusted person or organisation.    Due to the increasing cyber risk we are all becoming more sensitive to the potential malicious approaches by strangers and how these may in fact be malicious.   The cyber criminals have therefore pivoted to trying to use one person or one organisations accounts to gain access to others.  As such they will look at the contacts of a compromised email account and then approach these contacts using the compromised account to send the emails hoping that the fact the sender is someone we are familiar with and therefore trust that we will be less suspicious and more likely to click the links or open the attachments.

Given the fact the number of breached accounts now outnumber the number of people on the planet it is no surprise that the lateral attack is becoming more common.

The fact an email comes from someone we don’t know is no longer the key indicator of a malicious email as increasing the emails may come from those we know.   More than ever there is a need for healthy paranoia in how we deal with all communications we receive.

We also need to be more vigilant of unusual activity on our own accounts which might signal an account compromise and a malicious outsider trying to quietly use our accounts for lateral attacks on our friends, colleagues and other associates.


Author: garyhenderson2014

Gary Henderson is currently the Director of IT in an Independent school in the UK. Prior to this he worked as the Head of Learning Technologies working with public and private schools across the Middle East. This includes leading the planning and development of IT within a number of new schools opening in the UAE. As a trained teacher with over 15 years working in education his experience includes UK state secondary schools, further education and higher education, as well as experience of various international schools teaching various curricula. This has led him to present at a number of educational conferences in the UK and Middle East.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: