Social Engineering: 13 Social Engineering attacks explained!

Three resources:

1) The paper that explains most of the social engineering attacks. In order to provide you with the most value possible, I've also included another paper that introduces a taxonomy of social engineering.

2) The persuasion and security awareness experiment: reducing the success of social engineering attacks.pdf. I've also included another paper to explain the impact of authority with example. Conclusions Awareness-raising about the dangers, characteristics, and countermeasures associated with social engineering proved to have a significant positive effect on neutralising the attacker.

3) Reflections_on_the_Stanford_Prison_Experiment_Gene.pdf. A short synopsis of the Zimbardo research is described starts on page 5.

Keep learning about Cyber Security to prevent Ransomware from the perspective of a CISO!

Two resources:
1) Social phishing document in the attachment gives you an example of how easy a hacker can collect information about you in order to start an effective deceptive relationship. Check out page 1 and 2 (the rest of the paper you may skip). Again, "people can become less vulnerable by a heightened awareness of the dangers of phishing (page 8)".
Your are on the right path. Keep on watching these videos.

2) Social Engineering Attack Examples, Templates and Scenarios. The paper presents a template for social engineering and forming a deceptive relationship (page 9). 

Keep learning about Cyber Security to prevent Ransomware from the perspective of a CISO!

This attack is very common in digital realm. For instance, a hacker typically distracts your organisation's security operation centre (SOC) by overloading the SOC with a bunch of fake attacks. The capacity of the SOC will be drained to try to understand all these different attacks. However, somewhere in between the hacker will launch his/her real attack.

Remediation: You need to continuously improve your organisation's ability to reduce noise from a real signal. Regularly execute red teaming exercises (i.e. hire external or train internal hackers that attack your organisation in order to learn and improve your security posture). Practice different real life scenarios and continuously improve your organisational processes as a result of these exercises.   

Keep learning about Cyber Security to prevent Ransomware from the perspective of a CISO!

To understand how scarcity works for the social engineer, let’s first look at the concept in social psychology. It is described as people’s tendency to place a higher value on resources that are not in great supply. Marketing often tries to exploit this phenomenon by promoting the idea of scarcity in their sales and specials and a good example of this is the frenzy that is called: Black Friday.

Since scarcity can be applied to anything that people value, it is an effective influencing tool. Even if there is not actually any shortage or limit to a certain resource, if you can make someone believe that there is, you can create a situation favorable to your aims. The anxiety and hope created by the impending acquisition can cloud the reason and behavior of individuals that want what you have.

How to remediate:

– Slow down and Research the facts > don't quickly, take a step back and try to understand the request in context (Why does this requests comes to you? Why now? etc.)
– Reject email requests for help or offers of help > call or send text message to verify request for help.
– Don’t let a link in control of where you land > type the URL yourself!
– Do not reveal sensitive data (e.g. passwords) > Nobody should be asking you for your password.
– Do not avoid policies and procedures > Typically there are policy and (incident) procedures that can handle different types of requests
– Report any suspicious activity > Inform your security department

Source: see presentation in attachments slide 25.

Keep learning about Cyber Security to prevent Ransomware from the perspective of a CISO!

The attached 'BlackHat USA ... v1.0.pdf' document is a must read to gain more understanding of people’s haphazard and unquestioned trust. Thank me later ;-)

Remediate this attack:
– Slow down and Research the facts > don't quickly, take a step back and try to understand the request in context (Why does this requests comes to you? Why now? etc.)
– Reject email requests for help or offers of help > call or send text message to verify request for help.
– Don’t let a link in control of where you land > type the URL yourself!
– Do not reveal sensitive data (e.g. passwords) > Nobody should be asking you for your password.
– Do not avoid policies and procedures > Typically there are policy and (incident) procedures that can handle different types of requests
– Report any suspicious activity > Inform your security department 

For more on remediation see presentation on Social Engineering.pdf > slide: 25
The latter source that follows this video is related to the quiz:  'A room with a viewpoint: Using social norms to motivate environmental conservation in hotels.'

Keep learning about Cyber Security to prevent Ransomware from the perspective of a CISO!

2020 was a year of seismic shifts for organisations everywhere. A global pandemic and accelerated digital transformation paved the way for more remote workforces and a “new normal” that’s anything but. Those shifts also led to an overall increase in information security risk levels as cyber criminals worldwide took advantage of this widespread volatility with targeted phishing attacks. [Source: Phishing Benchmark Global Report.]

Several resources that help you with spotting and remediate phishing:

1) In the attachment you can find more background and examples of phishing (e.g. page 25, 27-28).
The document also provides best practices (search on "best practices" through the document), but is biased toward Symantec products.

2) US-CERT - Technical Trends in Phishing Attacks.pdf. Recommendations and remediation can be found on page 13.

3) Phishing Benchmark Global Report.

Keep learning about Cyber Security to prevent Ransomware from the perspective of a CISO!

Baiting can come in many forms. Baiting is a form of social engineering that relies on the greed or curiosity of the victim. It’s similar to phishing attacks in many ways. However, what makes it different from other forms of social engineering is the promise of a good or service by hackers to entice the victim. For instance, a baiter often offers free movie or music download, in exchange of login credentials of a particular site. Moreover, unlike many other online threats, baiting is not only restricted to online schemes. Rather, an attacker may use physical media for exploiting a victim.

How to remediate?
Cybercriminals know well how to play with our emotions and fears. If you receive that email that is too tempting to be true, don’t act hastily. Stay calm and think of the possibilities and consequences. The strongest defense is to educate yourself and strive to create a strong security culture within your surroundings, whether it’s office or home. As an organisation, conduct regular social engineering awareness and training sessions, and likewise carry out social engineering assessments either with specialised staff or by getting help of information security department.

In the video I discussed research related to baiting, that research can be found in the attachment.

Keep learning about Cyber Security to prevent Ransomware from the perspective of a CISO!

Pharming often operates in conjunction with phishing to steal victims’ personal information. Pharming involves redirecting the victim’s web traffic from a legitimate web site to a fake destination designed to spoof the intended destination. Victims caught unaware by the fake web site risk getting infected by malware or giving their sensitive information to the attacker.

Here’s what you can do if you’ve become a victim of pharming. Obviously, you can also use these mitigations preemptively by running your antivirus software and clearing your cache.

• Run your antivirus software. Make sure there’s no more malware on your computer.

• Clear your DNS cache. Simply deleting malicious programs won’t stop your traffic being redirected. But clearing your DNS cache will.

• Contact your ISP. If you suspect you’re a victim of DNS poisoning you should let whoever is responsible for your DNS server know. In most cases, that’s your ISP.

• Contact your financial institution. Explain the situation and request they protect your accounts from further intrusion. And if you have become a victim of identity theft, then report the crime to the police.
  

  Note: the attached a paper is technical and offers a technical remediation to pharming. Name of the paper: A dual approach to detect pharming attacks at the client-side.pdf

Keep learning about Cyber Security to prevent Ransomware from the perspective of a CISO!

The attached paper is technical and not meant for a manager, but intended for the network engineer that may remediate this issue. The name of the paper is: Voice Pharming Attack and the Trust of VoIP.pdf

Keep learning about Cyber Security to prevent Ransomware from the perspective of a CISO!

Quid pro quo, in the context of social engineering and cyber security, this attack is commonly presented to the target as a fake technical service that conveniently requires sensitive information to be successful. The attacker, impersonating as an IT support technician, aims to infect a targeted system by offering assistance to a victim experiencing technical difficulties.

Source: See attachment - Breda, F., Barbosa, H., & Morais, T. (2017, March). Social engineering and cyber security. In International Technology, Education and Development Conference (Vol. 3, No. 3, pp. 106-108).

Keep learning about Cyber Security to prevent Ransomware from the perspective of a CISO!

Tailgating (also known as piggybacking) refers to when a person tags along with another person who is authorised to gain entry into a restricted area, or pass a certain checkpoint.

Remediations use a combination of the following:

1. Smart cards house multiple credentials on one card.

2. Security guards can visually confirm a badge matches the holder.

3. Turnstiles serve as a physical barrier and are good for high-volume traffic.

4. Laser sensors can detect multiple people.

5. Biometrics deter employees from sharing credentials.

6. Long-range readers can be used in parking lots and garages.

7. PIN numbers can be added to card readers.

8. Camera analytics enable remote facial recognition.

9. Visitor badges ensure temporary guests are documented.

10. Man traps or air locks require a double set of identification.

Keep learning about Cyber Security to prevent Ransomware from the perspective of a CISO!

Shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder.

Remediation: Always be aware of your surroundings when working with sensitive data. Look for camera's or people that can view your screen or printed paper.

Keep learning about Cyber Security to prevent Ransomware from the perspective of a CISO!

A clean desk policy ensures that all important documents, confidential letters, binders, books, etc are removed from a desk and locked away when the items are not in use or an employee leaves his/her workstation. It is one of the top strategies to utilize when trying to reduce the risk of security breaches.

Keep learning about Cyber Security to prevent Ransomware from the perspective of a CISO!

1) Social Engineering Attacks.pdf. Page 5 describes the detecting / stopping social engineering attacks.

2) Online Social Networks - Threats and solution.pdf. Page 8 and 9 depict solutions to protecting social network users. Note: solutions on page 9 are commercial packages.

3) US-CERT - Recognising and Avoiding Email Scams.pdf. Page 1 already provides an overview of remediation steps for recognising email scams.

4) A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks.pdf. This document presents organisational as well as technical remediations on page 19.

5) Advanced Social Engineering Attacks.pdf. Overview of Social Engineering taxonomy (page 5) and nice real-world examples that will increase urgency to mitigate risks (page 7).

6) Social Engineering in the Context of Cialdini’s Psychology of Persuasion and Personality Traits. A bachelor thesis that nice describes the link between psychology of persuasion and social engineering (page 11-19) and prevention (page 29-36).

7) Free awareness training resources.

8) Advanced Social Engineering Attacks.pdf. This paper provides a taxonomy of well-known social engineering attacks as well as a comprehensive overview of advanced social engineering attacks on the knowledge worker. It presents another taxonomy of social engineering (page 5, figure 1). It describes State-of-the-Art Attacks (page 5), real-world examples with remediation (page 7).

Keep learning about Cyber Security to prevent Ransomware from the perspective of a CISO!