Understanding the current social engineering threat landscape

We’re excited to bring Transform 2022 live back on July 19 and virtually from July 20 – 28. Join AI and data leaders for insightful talks and Interesting networking opportunities. Sign up today!

The weakest link in the security chain is not our process or technology: it’s us. On the one hand, there is human error. A large number of security incidents (40%, according to a conservative estimate) is caused by human behavior, such as clicking on a phishing link. On the other hand, there is the role of social engineering in activated this man’s fault.

Social engineering is a term used for a variety of malicious activities carried out through human interactions. It uses psychological manipulation to exploit our emotional vulnerabilities and trick users into making security mistakes or providing sensitive information. Often these involve time-sensitive opportunities and urgent requests to convey feelings of panic in the victim.

Most popular social engineering tactic: Phishing

The most dominant form of social engineering attack is cheat attacks. Phishing is a form of fraud in which an attacker pretends to be a person or company known to the target and sends them a message requesting access to a secure system in the hope of exploiting their access rights. access it for financial gain. The most famous example of this type of attack is the “419” scam, also known as the “Nigerian Prince” scam, which purports to be a message from a Nigerian prince, asking for your help to receive a large sum of money from them. nation. This is one of the oldest scams, dating back to the 1800s when it was called the “Spanish Prisoner”.

While the modern version – the “419” scam – first hit email accounts in the 1990s, the world of phishing has expanded over the decades to include methods like spam scams, a Synthetic attack against multiple users. This type of “spray and pray” attack relies on quantity over quality, as it only needs to fool a small fraction of users who receive the message.

Phishing Spear

In contrast, phishing messages online are targeted, personalized attacks aimed at a specific individual. These attacks are often designed to appear to come from someone the user already trusts, with the goal of tricking the target into clicking a malicious link in the message. When that happens, the target will unknowingly reveal sensitive information, install malicious programs (malware) on their network, or perform the first stage of the attack. The threat is continuously elevating (APT), to name a few possible consequences.

Whale scam or whaling

Whaling is a form of online scam that targets high-profile, high-value targets such as celebrities, company executives, board members, and government officials.

Angler scam

Angler phishing is a newer term for attacks usually instigated by the target. The attack begins with a customer complaining on social media about the services of a company or financial institution. Cybercriminals troll accounts of large companies, looking for these types of messages. When they find an account, they send that customer a phishing message using the company’s bogus social media accounts.


Vishing – also known as voice phishing – uses phone technology or VoIP (voice over internet protocol). This type of attack is growing in popularity with an amazing increase in cases 550% only in the last 12 months. In March 2022, the number of visual attacks experienced by organizations reached the highest level ever reported, surpassing the previous record set in September 2021.

Visual tactics are most commonly used by the elderly. For example, attackers could claim to be a family member in need of immediate funds to get out of trouble, or a charity looking for donations in the wake of a natural disaster.

Baiting and scareware

In addition to the multitude of categories and subcategories of scams, there are other forms of social engineering such as ad-based and physical. Take, for example, solicitation – where a false promise such as an online advertisement for a free game or deeply discounted software is used to trick victims into revealing sensitive personal and financial information. or infect their system with malware or ransomware.

Meanwhile, scareware attacks use pop-up ads to scare the user into thinking that their system is infected with a computer virus and that they need to purchase anti-virus software. provided to protect themselves. Instead, the software itself is malicious, infecting users’ systems with the very virus they are trying to prevent.

The rear of the car and gliding across the shoulder

Forms of physical social engineering attack include throttling – an attempt to gain unauthorized physical access to secure spaces on company premises through coercion or deception. Organizations should be particularly sensitive to the possibility of recently fired employees returning to the office with a still-active keycard, for example.

Similarly, eavesdropping or “over-the-shoulder surfing” in public spaces is a very simple way to access sensitive information.

Finally, as technology evolves, so do the methods used by cybercriminals to steal money, corrupt data, and damage reputations. Companies can use all the tools in the world, but if the root cause is unprotected or uncontrolled human actions, they are still vulnerable. Therefore, it is extremely important for businesses to take a layered approach to their cybersecurity strategy, incorporating employee training, a positive company culture, and penetration testing. frequently use social techniques.

Ian McShane is the Vice President of Strategy at Arctic Wolf.


Welcome to the VentureBeat community!

DataDecisionMakers is a place where professionals, including technical people who work with data, can share data-related insights and innovations.

If you want to read about cutting-edge ideas and updates, best practices, and the future of data and data technology, join us at DataDecisionMakers.

You can even consider contribute an article your own!

Read more from DataDecisionMakers

Source link


Kig News: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button