Cybersecurity is an increasingly serious issue for the complete world with intruders attacking large corporate organizations with the motive of getting access to restricted content. CSI Computer Crime and Security Survey report for the year 2017-2018 stated that almost half of the respondents had experienced a security incident, with 45.6% of them reporting that they had been subjecting to at least one targeted attack.
Merely trying to prevent infiltration on a technical level and ignoring the physical-social level, cent percent security can never be achieved. A couple of examples can be the scenes from Hackers which shows Dumpster diving in the target company's trash in order to obtain financial data from printouts and the scene from War Games where Matthew Broderick's character studied his target before attempting to crack the password of the military computer system. 'Social Engineering' is a threat that is overlooked in most of the organizations but can easily be exploited as it takes advantage of human psychology rather than the technical barricades that surround the complete system. Below is a classic example of this:
A person receives an e-mail on his official mailbox saying that his computer has been infected with a virus. The message provides a link and suggests that he downloads and installs the tool from the link to eliminate the virus from his computer. The person in a state of confusion clicks on the link to remove the virus from his computer but unwittingly giving a hacker an easy entrance into his corporate network.
To ensure complete security of an organization from all kinds of internal and external factors, the security consultant must have complete knowledge of the Social Engineering cycle, the techniques that can be used by an attacker and the counter-measures to reduce the likelihood of success of the attack.
In this paper we are going to take you through the various phases so as to understand what is Social Engineering, Social Engineering Lifecycle, the various Techniques used in Social Engineering attack with detailed examples, and then finally conclude with the counter-measures to protect against each of the Social Engineering attack techniques.
Definition(s) of Social Engineering
The term "Social Engineering" can be defined in various ways, relating to both physical and cyber aspects of that activity. Wikipedia defines social engineering as: “...the art of manipulating people into performing actions or divulging confidential information”.
Other authors have provided the following definitions: “An outside hacker’s use of psychological tricks on legitimate users of a computer system, in order to obtain the information he needs to gain access to the system”.
“The practice of deceiving someone, either in person, over the phone, or using a computer, with the express intent of breaching some level of security either personal or professional”.
“Social Engineering is a non-technical kind of intrusion relying heavily on human interaction which often involves tricking other people into breaking normal security procedures” the attacker uses social skills and human interaction to obtain information about an organization or their computer systems.
In reality, Social Engineering can be any of these definitions depending on the circumstances that surround the attack. Social Engineering is actually a hacker‟s manipulation of the natural human tendency to trust so as to get sensitive information needed to gain access to a system. Social Engineering does not require a high level of technical expertise but requires the individual to have decent social skills.
Many people, for several decades, have used social engineering as a method to research and collect data. These early social engineers would use the gathered information as a form of blackmail against the other organizations. Social engineering has been used to gain unauthorized access to several huge organizations. A hacker who spends several hours trying to break passwords could save a great deal of time by calling up an employee of the organization, posing as a helpdesk or IT employee, and can just asking for it.
#cybersecurity #hacking #security #technology #hacker #infosec #tech #ethicalhacking #programming #linux #hackers #cyber #kalilinux #cybercrime #malware #python #privacy #it #iot #cyberattack #coding #dataprotection #hack #ethicalhacker #networking #informationsecurity #cybersecurityawareness #programmer #datasecurity #bhfyp #cyber #nasvera #blog
Comments
Post a Comment