We all know that cybersecurity is a hot topic right now, but what exactly does dumpster diving have to do with it? Dumpster diving is the act of looking through unsecured trash to find information that might be useful. In the context of cybersecurity, this can mean stealing sensitive data or accessing proprietary information.
What is Dumpster Diving?
Dumpster diving is a term used in the cybersecurity industry to describe the practice of searching through the trash for useful information. Dumpster diving is a hacking technique where someone goes through your trash looking for sensitive information like passwords or credit card numbers. Although this may sound silly, it’s actually a very common method of attack!
How does Dumpster Diving work?
It’s not as gross as it sounds—the term comes from the practice of looking in actual dumpsters (or trash cans) for valuable documents. It’s just that nowadays, most people don’t have their paperwork on paper anymore.
Instead, they store their sensitive information in digital form on their computers or other devices. And as you can imagine, most people aren’t very careful with their data—they tend to throw it away when they’re done with it, even if there are still private details or passwords on there.
That’s where dumpster diving comes in: If you know how to look for it, you can often find sensitive information that was thrown away by others—and use it against them!
Benefits of Dumpster Diving in IT
When you’re in the cyber security business, you have to be on your toes at all times. The threat landscape is constantly evolving and changing, and it’s important to be able to adapt quickly.
For example, what if we told you that dumpster diving could be a part of your security arsenal?
Dumpster diving is the act of searching through the trash—usually looking for information that people might have discarded by mistake or malice. It’s been used by hackers, law enforcement officers, and even journalists who want to get the scoop on a story. And now it’s being used by cyber security professionals!
If you find yourself in a situation where someone has dropped malicious code into your network without authorization, dumpster diving can help you figure out where it came from. By searching through the trash bins (or recycling bins) outside the building where an employee might have worked before leaving for another job or company, you can find evidence of what files were deleted from their computer. If there happens to be something suspicious lurking among those files (like a filename that looks like a “password” with no extension), then chances are that it’s malicious!
Dumpster Divers using Social Engineering Tactics
Diving into IT recycle bins can enable dumpster divers to gain personal information about employees of the organization. This can aid in launching social engineering attacks. These are social conditioning and manipulative tactics that can help attackers gain the trust of company workers and eventually persuade them into disclosing sensitive information that can be beneficial to them.
The Dark Side of Dumpster Diving in Cybersecurity
When it comes to dumpster diving in cybersecurity, there are some serious concerns about what this means for organizations and businesses as a whole. For example dumpster divers launching phishing campaigns.
A phishing campaign involves sending out emails to people who work at an organization (or even just customers) to trick them into giving up their passwords or other sensitive information. Dumpster divers could find employee lists and then target them with phishing campaigns. They could also find customer lists and use this information to launch phishing or social engineering attacks against them.
The fact that dumpsters are often left unlocked or unsecured makes them an easy target for thieves looking for valuable data.
Learn about the common indicators of a phishing attempt.
How to stop Dumpster Diving Cyber Attacks?
- Make sure you delete all sensitive data after use even from your system’s recycle bin.
- Make sure you’re password-protecting your computer system and any external storage unit like a hard drive, disk, Pendrive, etc.
- Use a password that’s hard to guess. Don’t use the same password for all of your accounts, and don’t use something like “12345.” Make sure it’s something that would be hard to guess but easy for you to remember.
- Enable a screen locker that goes off automatically when you are away from your system.
- Don’t leave your laptop unsecured where anyone can see it or steal it. If someone breaks into your laptop, they can steal all of your data—and even worse, they can use it as a way to access other computers and networks through the internet.
- Don’t open attachments from people you don’t know or trust! This is especially true for email attachments coming from suspicious sources.
- Create an information security policy for disposing of old equipment and data safely, so that it cannot be accessed or tracked down in the future by any third party.
- Make sure employees understand what they’re supposed to do with sensitive data (like passwords) when they leave the company or move on to another role within it—and don’t assume that everyone will remember!
- Ensure that your credentials are not stored in plain text on any of your servers.
- Disable all unnecessary services and protocols on your servers, especially if you don’t use them anymore or don’t need them anymore, because they could be used by hackers to gain access to your network by trying different password combinations (brute force).
Protecting Your Information
Along with protecting information on your system, you also need to protect your email information.
When you’re sending important information over email, it’s important to know that your messages are going to reach their intended recipients. You don’t want your emails getting blocked or marked as spam—especially if those emails contain sensitive information like credit card numbers or social security numbers. DMARC helps companies protect themselves from phishing attacks, reduce spam, and improve deliverability by allowing you to control how your emails are handled when they don’t pass authentication checks.