> at Uber, we got an “URGENT” email from IT security
> saying to stop using Slack. Now anytime I request a
How does an employee know if that message is legitimate or not? If you break into a secure system, mass-emailing all employees saying "URGENT: WE HAVE BEEN HACKED. PLEASE EMAIL YOUR PASSWORD AND SSN TO THIS ADDRESS IMMEDIATELY." is sure to get some percentage of success.
It does make me wonder whether we’re headed towards some kind of “breach via chaos” scenario. Clearly the attackers have the cell phone numbers of employees. Suppose they started mass texting conflicting information? It’d be noisy as hell, but take 1000s of employees getting a never ending stream of texts, purporting to be from their employer, saying “don’t use Slack,” “don’t use email,” “here’s a Zoom bridge for incident response,” “oh and here’s an MFA notification you should accept.”
This could lead to a scenario where no one knows what to believe, internal systems are down, attackers are setting up fake IR channels to get even more info, etc. There’s no way most companies could weather an onslaught like that.
If you wait for an emergency to set up a continuity of operations plan and train your employees for it, then you won't get great results for that particular emergency.
In general you can trust a “stop doing the thing” email blast that appears legitimate but should be highly suspicious of the same asking you to do the thing.
> at Uber, we got an “URGENT” email from IT security
> saying to stop using Slack. Now anytime I request a
> website, I am taken to a REDACTED page with a
> pornographic image and the message “F** you wankers.”
From: https://twitter.com/samwcyo/status/1570583182726266883