Module 09: Social engineering

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Identity Theft

1) A crime in which an imposter steals your personally identifiable information such as name, credit card number, social security or driver's license numbers, etc. to commit fraud or other crimes 2) Attackers can use identity theft to impersonate employees of a target organization and physically access facilities

Insider Threats/ Insider Attacks

1) An insider is any employee who have access to critical assets of an organization 2) An insider attack involves using privileged access to intentionally violate rules or cause threat to the organization's information or information systems in any form 3) Such attacks are generally performed by a privileged user, disgruntled employee, terminated employee, accident-prone employee, third-party, undertrained staff, etc.

Behaviors Vulnerable to social engineering

1) Authority 2) Intimidation 3) Consensus 4) Scarcity 5) Urgency 6) Familiarity 7) Trust

Social Networking Threats to corporate networks

1) Data Theft 2) Involuntary data leakage 3) Targeted attacks 4) Network vulnerability 5) Spam and Phishing 6) Modification of content 7) Malware propagation 8) Damage to business reputation 9) Infrastructure and maintenance cost 10) Loss of productivity

Reason why insider attacks are effective

1) Easy to launch 2) Prevention is difficult 3) Succeed easily 4) Employees can easily cover their tracks 5) Differentiating harmful actions from the employee's regular work is very difficult 6) Can go undetected for years and remediation is very expensive

Impact of Social Engineering on an Organization

1) Economic losses 2) Damage of goodwill 3) Loss of privacy 4) Dangers of terrorism 5) Lawsuits and arbitration

Reasons for Insider Attacks

1) Financial gain 2) Steal confidential data 3) Revenge 4) Become future competitor 5) Perform competitor's bidding 6) Public announcement

Social Engineering Countermeasures

1) Good policies and procedures are ineffective if they are not taught and reinforced by employees 2) After receiving training, employees should sign a statement acknowledging that they understand the policies 3) The main objectives of social engineering defensive strategies are to create user awareness, robust internal network controls, and secure policies, plans and processes

Physical Security Policies

1) Identification of employees by issuing ID cards, uniforms, etc. 2) Escorting visitors 3) Restricting access to work areas 4) Proper shredding of useless documents 5) Employing security personnel

Factors that make companies vulnerable to social engineering attacks

1) Insufficient security training 2) Unregulated access to information 3) Several organizational units 4) Lack of security policies

Social Engineering through Impersonation on Social Networking sites

1) Malicious users gather confidential information from social networking sites and create accounts using another person's name 2) Attackers use these fraudulent profiles to create large networks of friends and extract information using social engineering techniques 3) Attackers attempt to join the target organization's employee groups where personal and company information is shared 4) Attackers may can also use collected information to carry out other forms of social engineering attacks

Password Policies

1) Periodic password changes 2) Avoiding guessable passwords 3) Account blocking after failed attempts 4) Increasing length and complexity of passwords 5) Improving secrecy of passwords

Phases of a social engineering attack

1) Research the target company 2) Select a target 3) Develop a relationship 4) Exploit the relationship

Reason for the effectiveness of social engineering

1) Security policies are as strong as their weakest link, and human behavior is the most susceptible factor 2) It is difficult to detect social engineering attempts 3) There is no method that can be applied to ensure complete security from social engineering attacks 4) There is no specific software or hardware to defend against a social engineering attack

Detection Controls

1) Security professional must use a variety of security controls and tools to analyze and detect insider threats 2) Tools such as IDS/IPS, Log Management, and SIEM may be used

Defense Strategy

1) Social engineering campaign 2) Gap analysis 3) Remediation strategies

Social Engineering

1) The art of convincing people to reveal confidential information 2) Common targets of social engineering include help desk personnel, technical support executives, system administrators, etc. 3) Social engineers depend on the fact that people are unaware of the valuable information to which they have access and are careless about protecting it

Impersonation on Facebook

1) The attacker creates a fake user group on Facebook labeled as for "Employees of" the target company 2) Using a false identity, the attacker then proceeds to "friend" or invite employees to the fake group 3) Uses join the group and provide their credentials such as date of birth, educational and employment backgrounds, spouses' names, etc. 4) Using the details of any of these employees, the attacker can compromise a secured facility to gain access to the building

Deterrence Controls

1) The security framework must contain safeguards, recommended actions by the employee and IT professionals, separation of duties, assigning privileges, etc. 2) Security professional can use tools such as DLP and IAM to deter insider threat

Indications of identity theft

1) Unfamiliar charges to your credit card that you do not recognize 2) No longer receiving a credit card, bank, or utility statements 3) Getting calls from the debit or credit fraud control department 4) Charges for medical treatment or services you never received 5) No longer receiving electricity, gas, water, etc. service bills

Malicious Insider

A disgruntled or terminated employee who steals data or destroys the company's networks intentionally by introducing malware into the corporate network

Compromised Insider

An insider with access to critical assets of an organization who is compromised by an outside threat actor

Professional Insider

Harmful insiders who use their technical knowledge to identify weakness and vulnerabilities in the company's network and sell confidential information to competitors or black market bidders

Insider Risk Controls

Insider data risk presents another layer of complexity for security professionals, which requires designing security infrastructure that can efficiently monitor user permissions, access controls, and user actions

Negligent Insider

Insiders who are uneducated on potential security threats or who simply bypass general security procedures to meet workplace efficiency

Human-Based social engineering

Sensitive information is gathered by interaction

Computer-based social engineering

Sensitive information is gathered with the help of computers

Mobile-based social engineering

Sensitive information is gathered with the help of mobile apps


Ensembles d'études connexes

C.2.2 CompTIA A+ 220-1102 (Core 2) Domain 2: Security

View Set

Life Insurance - Chapter 7: Annuities

View Set

Chapter 10: Conjugate acids and bases

View Set

Practice (NCLEX) Multiple Choice Questions

View Set

17. Income Tax Aspects of Real Estate

View Set