The coin of evolution has two sides. When one face evolves, the other evolves as well. Same can be said for technology. As technology evolves at a break-neck speed, hackers also evolve their techniques to hack these technologies at the same time.
An ever evolving threat
Trojans, Worms, Ransomware etc are just some of the weapons they have stocked up in their ever expanding arsenal. Their most effective and if not the most ingenious method is ‘Social Engineering’. Social Engineering is the art of tricking or outright manipulating people into giving precious information. The information can range from anything to bank account details to medical records, depending on what the hacker will want.
Hackers employing social engineering tactics take advantage of their potential victim’s natural affinity towards trust. After all it is far easier to fool someone into divulging the password instead of hacking it.
Security is all about who to trust, when to trust and most importantly, who not to trust and when no to trust. Ask any IT security expert and they will say that the weakest link in the security is the person who accepts situation at face value. It does not matter how many guard dogs, armed guards or the length of the barbed wire your fortress may have in the real world. If the guard in charge lets the visitor at the gate waltz right in without checking the credentials, then the entire fortress will be at risk.
Common forms of social engineering tactics:
- Phishing: Phishing attacks are one of the most common forms of social engineering techniques used by hackers. Hackers use emails, social media, instant messaging to trick victims into giving sensitive information or luring potential victims into visiting websites that contain malicious URL which will compromise their systems.
- Watering Hole: This attack consists of injecting malicious code into the public web pages that are visited on a regular basis by potential victims. Once a victim visits the page on the compromised website, a Trojan is installed on the computer which ultimately leads to a system crash on the infected computer. Watering Hole method is very common for cyber espionage operation or large state-sponsored cyber attacks.
- Whaling: Whaling is another form of Phishing attack. The difference lies in the choice of targets. While Phishing targets anyone and everyone, Whaling on the other hand exclusively targets relevant executives of private business and government agencies. The word ‘Whaling’ is used to indicate that the target is a big fish to capture. Like Phishing, Whaling uses the same channels of communications to lure in victims. However, in this case the emails sent are designed in such a way that it looks like a critical business email sent from the legitimate authority. The content of the message sent is designed for upper managements and reports, thus lending a sense of legitimacy top the scam that is being implemented.
- Pretexting: With Pretexting, a hacker creates a fake identity in order to steal confidential information. Hackers using this technique create multiple identities during their hacking run. One careless step, however, could expose their operations to law enforcement agencies. The success of Pretexting depends on the hacker’s ability to gain trust. The most advanced form of Pretexting attacks involve in manipulating victims into revealing a weak link in their systems, which a hacker can readily exploit. A hacker can pretend to be an external IT services operator to ask internal staff information that could allow accessing system within the organization.
- Baiting and Quid Pro Quo attacks: One form of social engineering attack is the Baiting attack that exploits human curiosity. One example is an attack scenario in which attackers use a malicious file disguised as a software update. A Quid Pro Quo attack scenario is a variant of baiting and differs that instead of baiting a target with the promise of a good; a quid pro quo attack promises a service or a benefit based on the execution of a specific action.
Discover the latest intelligence, technologies and the best practices to renew and enhance your cyber alertness- at the upcoming Big Cyber Security Show taking place on 7-8 December 2017 in Mumbai.
It is connecting over 100 CISO’s, regional and international cyber security experts and technology providers under one roof. It provides a unique platform to share best practice solutions to achieve cyber resilience in a fast-moving digital world.
Organised by Trescon, Big Cyber Security Show is focused on taking a joint national response to secure technology, data and networks. The show will take place from 8 December 2017 in Mumbai.
To know more about the show, visit website here.