Understanding the current threat landscape in social engineering

Date:

Share post:


Transform 2022 is coming back to life! We’re excited to have it in person on July 19th and virtually July 20th – 28th. Get connected with data and AI leaders to hear insightful talks and network. Register Today!


Our technology and processes are not the weakest links in the security chain. We are. There is human error on the one hand. Security incidents are very common (40%Conservative estimates suggest that around 80% of these are due to human behavior (e.g. clicking on a phishing URL). There is also the role of social engineering. TriggeringThis human error is unacceptable.

Social engineering refers to a wide range of malicious activities that are carried out through human interaction. Psychological manipulation is used to exploit emotional vulnerabilities, trick users into giving out sensitive information or making security errors. These involve urgent requests for panic and time-sensitive opportunities.

Phishing is the most popular social engineering tactic.

The most popular form of social engineering attacks is Phishing attacks. Phishing refers to fraud in which an attacker pretends that they are a target company or person and asks for access to a secure network to gain financial gain. The most famous example of this type of attack is the “419” scam, also known as the “Nigerian Prince” scam, which purports to be a message from a Nigerian prince, requesting your help to get a large sum of money out of their country. It’s one of the oldest scams around, dating back to the 1800s when it was known as “The Spanish Prisoner.”  

While the modern version — the “419” scam — first hit email accounts in the 1990s, the world of phishing has expanded over the decades to include methods such as spam phishing which is a generalized attack aimed at multiple users. This “spray-and-pray” type of attack leans on quantity over quality, as it only needs to trick a fraction of users who receive the message. 

Phishing is a serious problem

Spear phishing messages, on the other hand, are targeted attacks that target a specific person. These messages are usually disguised to look like they come from someone that the target already trusts. The goal is to trick the target into clicking on a malicious link in a message. Once this happens, the target may reveal sensitive information, install malicious software (malware), on their network, or execute the first stage. Advanced persistent Threat(APT) are just a few possible consequences.

Whale-phishing and whaling

Whaling can be described as spear phishing that targets high-profile, high value targets such celebrities, board members, and government officials. 

Angler phishing

Angler Phishing is a term that refers to attacks usually initiated by the target. A customer complains on social media about the company or financial institution’s services. Cybercriminals seek these messages by trolling major companies’ accounts. Once they have found one, they send phishing messages to the customer using fake corporate social media accounts.

Vishing

Vishing — also known as voice phishing — employs the telephone or VoIP (voice over internet protocol) technology. This type of attack is on the rise, with many cases increasing in alarming numbers. 550%The past twelve months have been the most difficult. The number of vishing attacks suffered by organizations in March 2022 was at its highest ever recorded level, surpassing the September 2021 record.

Most often, vishing tactics are used against the elderly. Attackers might claim to be elderly family members who need immediate cash transfer to get them out of trouble, or charities seeking donations after a disaster.

Baiting and scareware

There are many forms of social engineering, including ad-based and physically. Take, for example, baiting — whereby a false promise such as an online ad for a free game or deeply discounted software is used to trick the victim into revealing sensitive personal and financial information or infect their system with malware or ransomware.

Pop-up advertisements are used by scareware to trick users into believing that their computer is infected by a virus. They then urge them to buy the antivirus software. Instead, the software itself is malicious, infecting the user’s system with the very viruses they were trying to prevent.

Tailgating and shoulder surfing

Forms of physical social engineering attacks including tailgating — an attempt to gain unauthorized physical access to secure spaces on company premises through coercion or deception. For example, if a key card is still active and a terminated employee returns to work, organizations should be especially alert.

Similarly, eavesdropping or “shoulder surfing” in public spaces is a remarkably simple way to gain access to sensitive information.

Cybercriminals are constantly evolving their methods to steal money, harm data, and damage reputations. While companies may have all the technology in the world, the root cause of a breach can be caused by human actions. Businesses need to have a multilayered approach to cybersecurity. It should include staff training, positive company culture and regular penetration testing with social engineering techniques.

Arctic Wolf Vice President Strategy Ian McShane.

DataDecisionMakers

VentureBeat is a community for you!

DataDecisionMakers is a place where experts, including technical people, can share data-related insights, and even invent new ways to use them.

DataDecisionMakers offers cutting-edge information, the most up-to date information, best practices and the future data and technology.

You might even consider Contributing to an article of your own!

DataDecisionMakers: More Information

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

Related articles

The Benefits of a Creative Subscription with Envato Elements

If you’re looking to find and use royalty-free images and other creative resources, it can be tough to...

Get an Additional ₹100 Cashback When You Pay with Domino’s Digital Wallet Partners

How does ₹100 cashback sound? Find out more about the additional cashback you can get when you pay...

Get Unlimited Access to DataCamp’s Library of Online Courses

DataCamp subscriptions enable access to over 300 courses, as well as projects, assessments, and additional content. Whether you're...

Why You Should Buy from DaMENSCH: The Best in Quality, Service, and Value

Buying products online can be dangerous; you never know if you’re getting an authentic product, or one that’s...