+1 862 207 3288 Social Engineering Attacks
Social Engineering Attacks. Social Engineering Attacks refers to schemes that are devised to manipulate people psychologically into undertaking actions that result in them revealing sensitive or confidential information to the attacker (Krombholz, 2015). These attacks work by establishing a sense of trust or confidence on the part of the victim where the attacker poses to be harmless or genuine convincing the victim to undertake actions that they judge to be harmless not knowing that they are giving up their personal or confidential information (Krombholz, 2015). The attackers then use the gathered information to perform malicious acts.
Social Engineering Attacks
With the advancement in technology that has been witnessed over the years, security measures against system attacks have seen systems become almost impenetrable for attackers such as hackers. Attackers have now resolved to social engineering attacks which make users of the target system of attack give them access into the system without their knowledge and consent (Krombholz, 2015).
Social Engineering Attacks
Social Engineering Attacks. Social engineering attacks have been a common phenomenon, especially in most developed countries. Hundreds of cases have been documented to help prevent their reoccurrence. The most memorable of them all is, however, the RSA SecurID social engineering attack of 2011. The RSA SecurID security infrastructure is an authentication mechanism that ensures only authorized users have access to the system using the mechanism. The authentication mechanism of the RSA SecurID works by protecting user information through the provision of two-factor authentication that makes systems inaccessible to attackers unless they gain access to the users’ passwords.
Social Engineering Attacks. In 2011, the impenetrable RSA SecurID security feature fell victim to a famed phishing attack that led to the company incurring costs to the tune of over 60 million USD (Heartfield and Loukas, 2015). The attack was disguised through two separate phishing emails which claimed to describe the recruitment process of another company. The emails contained attachments of Microsoft Excel documents that when opened by employees would execute a background command that exploits a zero-day flash weakness and installs a backdoor software into the system for the attackers to use to gain access (Heartfield and Loukas, 2015). To date, it is still unknown the amount of information that the attack exposed to the attackers. The attack, however, left a significant impact on the company that was forced to pump millions of dollars into fixing the problem to prevent future attacks.
Social Engineering Attacks
The attack, however, would have been prevented in many ways. For example, the employees should have enabled filters that separate severe emails from spam and phishing emails. This way, they would not have fallen victim to the emails. The employees should also have protected their emails from being accessed by hiding them from online profiles. This way, the attackers would not have gotten the avenue to send the phishing emails to them. The employees should have been educated on the importance of avoiding opening or downloading content from unknown emails. This would have prevented the whole attack on its tracks.
Social Engineering Attacks. References
Heartfield, R. & Loukas, G., 2015. A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks. ACM Computing Surveys, 48(3), pp.1–39. Available at: http://dx.doi.org/10.1145/2835375.
Krombholz, K., Hobel, H., Huber, M. and Weippl, E., 2015. Advanced social engineering attacks. Journal of Information Security and Applications, 22, pp.113-122.
