E-Book: Top 50 Cybersecurity Threats
Get a complete look at the top most critical security threats of the year.
When it comes to high profile cybercrime incidents, it’s the major tech vulnerabilities and sophisticated state-sponsored threat vectors that make the headlines.
In reality, however, most of the cybercrime incidents exploit the human element as the weakest link in the cyberattack kill chain. These attacks use a mechanism of social engineering; statistics on this practice are alarming:
In this post, we will explore how cybercriminals use a variety of social engineering tactics and understand how to defend against a social engineering attack.
A social engineering attack refers to cybercrime techniques that exploit the human element and use human interactions to gain unauthorized network and data access. We can categorize the human element in two ways:
The goal of a psychological manipulation is to lead an unsuspecting user into performing an action that would facilitate a cyberattack. For instance, a phishing attack could trick an employee into downloading and installing a keylogger system onto his work machine. The keylogger would act as a spyware tool that collects login credentials to the corporate network and leaks this information to malicious parties without the knowledge of the victim.
Other forms of human weaknesses may involve the knowledge and consent of the victim — albeit manipulated psychologically by malicious parties. A victim could be tricked or incentivized to leak sensitive business information.
How does this work? The social engineering attack lifecycle works in four clear stages:
How do cybercriminals convince unsuspecting employees to jeopardize information security — despite multiple layers of security defense in place?
The following techniques are common ways that social engineering attacks manipulate the human element.
Cybercriminals trick users with relevant access privileges to contact perceivably seeking support and assistance. Malicious actors impersonate support agents and trick the victims into…
Baiting and phishing victims into sharing sensitive details and login credentials on websites that impersonate legitimate websites such as online banking services. Another common approach is impersonating communications from a trusted party (a friend or colleague) that encourages the victim to download malicious files or click links.
Using data mining tools or a combination of social engineering activities that trick users into installing malware and keyloggers on their systems. This allows attackers to extract login credentials, user behavior and personal data stored on the machines and web browsers.
Various communication channels offer plenty of opportunity. For example: vulnerabilities in the network and internal communication tools allow hackers to impersonate a colleague. Or, using email domains that appear similar to their organization or other trusted source can trick victims into trusting the communications source.
Giving the target a false sense of fear about the security of their machines and forcing them to install malware or allow remote access to implement a security patch. This often plays out in ransomware.
(How much time do you have before ransomware encrypts your system? Find out here.)
Using data mining tools to extract relevant personally identifiable information shared on public forums online. By accessing this information, cybercriminals can narrow down their attack to the most vulnerable and valuable targets.
When tailgating, cybercriminals gain physical access to a location by compromising digital access codes or using personally identifiable information available online.
Compromising a trusted online source, injecting malware or compromising websites with expired security certificates. Trusting visitors are then tricked into sharing personal information with the compromised website or downloading malware on their local machines.
So how do you protect against social engineering attacks? Most of the attacks are easily recognizable: look out for expired security certificates and fake domain names on the website. Read the email and communications text for language style, typos and grammatical errors.
If the communications from an apparently legitimate source is unexpectedly asking you to download file attachments, click on links or share login details, then it probably is a social engineering attack.
This posting does not necessarily represent Splunk's position, strategies or opinion.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.