Social engineering can be difficult to deal with. People inherently want to give out information, especially to Human Resources or the executives. Ira Winkler and Brian Dealy have written an excellent paper, available here. In this article, I want to unpack some of the security implications, and reiterate the “lessons learned” for my readers.
Last Friday, 3/31/2017, we had an issue with a client who was reporting that antivirus had picked up a particular kind of virus, called a worm, which was called Bluber.A. The problem had arisen after a routine software update, so we told the client our tech would roll back that last update and try to figure out where the worm had come from. After that was a success, we pushed the update out again, and the worm did not return. What happened?