Inside the state-sponsored university breach

The Iranian attacks used social engineering techniques to trick professors into revealing their passwords. In this video, Mike Chapple explores the way these attacks worked.

(ominous music)…- [Instructor] Now, let's go inside the breach.…(ominous music)…The Iranian attack against American university professors…demonstrated a strong understanding of…the nature of academic work…and the psychology of faculty members.…The academic culture promotes the publication…of research and rewards work that is respected by…a professor's peers at other institutions.…

Recognizing this, the Mabna Institute attackers…carefully researched their targets.…They studied the work of individual professors,…learning about their research interests and publications.…The attackers then used this information…to design email messages that specifically…targeted individual professors.…We don't have the text of those emails,…but here's an example of the types of information…that they included.…The email addressed a specific professor…and used flattery when referring to…a paper the professor had published.…

They then included an offer of collaboration,…and a link to an interesting resource.…This was a spear-phishing attack designed…

Resume Transcript Auto-Scroll

Author

Mike Chapple

Skill Level Intermediate

3h 5m

Duration

38,339

Views

Show More Show Less

Related Courses

Introduction
- Inside the breach
  58s
The 2017 Equifax Breach
- The Equifax breach
  2m 41s
- Inside the Equifax breach
  3m 22s
- Lesson 1: Patch and vulnerability management
  4m 33s
- Lesson 2: Move quickly!
  2m 36s
- Lesson 3: Implement an incident response plan
  5m 15s
- Aftermath of the Equifax breach
  2m 26s
The 2013 Target Breach
- The Target breach
  2m 43s
- Inside the Target breach
  4m 55s
- Lesson 1: Vendor management
  4m 21s
- Lesson 2: Network segmentation
  3m 19s
- Lesson 3: Log monitoring
  5m 6s
- Aftermath of the Target breach
  1m 46s
The 2006 VA Laptop Theft
- The Veterans Affairs (VA) breach
  3m 8s
- Inside the VA breach
  5m 42s
- Lesson 1: Standardize incident escalation and notification
  3m 13s
- Lesson 2: Encryption is essential
  4m 51s
- Lesson 3: Security policy
  4m 42s
- Aftermath of the VA breach
  2m 45s
The 2018 Atlanta Ransomware Breach
- The Atlanta ransomware breach
  2m 19s
- Inside the Atlanta ransomware breach
  3m 6s
- Lesson 1: Perform regular backups
  2m 51s
- Lesson 2: Consider ransom demands
  2m 53s
- Lesson 3: Maintain malware prevention
  4m 8s
- Aftermath of the Atlanta ransomware breach
  2m 31s
The 2005 TJX Breach
- The TJX breach
  2m 8s
- Inside the TJX breach
  4m 3s
- Lesson 1: Control physical access
  3m 24s
- Lesson 2: Secure wireless networks
  2m 46s
- Lesson 3: Limit data retention
  5m 51s
- Aftermath of the TJX breach
  2m 27s
The 2013 Bowman Dam Breach
- The Bowman Dam breach
  3m 12s
- Inside the Bowman Dam breach
  5m 51s
- Lesson 1: Secure the Internet of Things
  2m 44s
- Lesson 2: Segment SCADA networks
  2m 36s
- Lesson 3: Control removable media
  4m 23s
- Aftermath of the Bowman Dam breach
  2m 9s
The State-Sponsored University Breach
- The state-sponsored university breach
  4m 22s
- Inside the state-sponsored university breach
  2m 35s
- Lesson 1: Multifactor authentication
  3m 51s
- Lesson 2: Understand advanced persistent threats
  1m 32s
- Lesson 3: Social engineering
  6m 19s
- After the state-sponsored university breach
  2m 4s
The Maersk Breach
- The Maersk breach
  2m 43s
- Inside the Maersk breach
  3m 37s
- Lesson 1: Protect admin accounts
  3m 32s
- Lesson 2: Apply patches promptly
  3m 40s
- Lesson 3: Test backups
  4m 8s
- After the Maersk breach
  2m 38s
The Sony Breach
- The Sony breach
  3m 24s
- Inside the Sony breach
  2m 42s
- Lesson 1: Defense in depth
  2m 11s
- Lesson 2: Offense is risky
  2m 23s
- Lesson 3: Authentication
  2m 13s
- After the Sony breach
  3m 24s

Show MoreShow Less

Take notes with your new membership!

Type in the entry box, then click Enter to save your note.

1:30Press on any video thumbnail to jump immediately to the timecode shown.

Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.

Start My Free Month

Skills covered in this course

Security IT

Lynda.com is now LinkedIn Learning!

To access Lynda.com courses again, please join LinkedIn Learning

Categories

3D + Animation Topics

3D + Animation Software

3D + Animation Learning Paths

Audio + Music Topics

Audio + Music Software

Audio + Music Learning Paths

Business Topics

Business Software

Business Learning Paths

Business Guides

CAD Topics

CAD Software

CAD Learning Paths

Design Topics

Design Software

Design Learning Paths

Developer Topics

Developer Software

Developer Learning Paths

Education + Elearning Topics

Education + Elearning Software

Education + Elearning Learning Paths

IT Topics

IT Software

IT Learning Paths

Marketing Topics

Marketing Software

Marketing Learning Paths

Photography Topics

Photography Software

Photography Learning Paths

Video Topics

Video Software

Video Learning Paths

Web Topics

Web Software

Web Learning Paths

Web Guides

Inside the state-sponsored university breach

Author

Skill Level Intermediate

Duration

Views

Related Courses

IT Security Careers and Certifications: First Steps

Insights from a Cybersecurity Professional

IT Security: Key Policies and Resources

Introduction

The 2017 Equifax Breach

The 2013 Target Breach

The 2006 VA Laptop Theft

The 2018 Atlanta Ransomware Breach

The 2005 TJX Breach

The 2013 Bowman Dam Breach

The State-Sponsored University Breach

The Maersk Breach

The Sony Breach

Take notes with your new membership!

Skills covered in this course

Continue Assessment

Start My Free Month