🟠 High | Source: The Register — Security
A red team exercise demonstrated how physical social engineering — in this case, helping a company by shovelling snow — led to attackers being granted network administrator access as a goodwill gesture. The engagement highlighted how human trust and informal helpfulness can completely bypass technical security controls. While this was a controlled test, the scenario reflects realistic attack vectors used by malicious actors.
Security Architect’s Take: Review your organisation’s policies around physical access and the granting of credentials or system privileges to individuals not formally onboarded through identity governance processes. Ensure that network admin rights can only be provisioned through a verified, auditable workflow — never informally — and include physical social engineering scenarios in your red team briefs and security awareness training.
Original advisory: Hackers shoveled snow for company, were rewarded with network admin access