Module 09: Social engineering
Identity Theft
1) A crime in which an imposter steals your personally identifiable information such as name, credit card number, social security or driver's license numbers, etc. to commit fraud or other crimes 2) Attackers can use identity theft to impersonate employees of a target organization and physically access facilities
Insider Threats/ Insider Attacks
1) An insider is any employee who have access to critical assets of an organization 2) An insider attack involves using privileged access to intentionally violate rules or cause threat to the organization's information or information systems in any form 3) Such attacks are generally performed by a privileged user, disgruntled employee, terminated employee, accident-prone employee, third-party, undertrained staff, etc.
Behaviors Vulnerable to social engineering
1) Authority 2) Intimidation 3) Consensus 4) Scarcity 5) Urgency 6) Familiarity 7) Trust
Social Networking Threats to corporate networks
1) Data Theft 2) Involuntary data leakage 3) Targeted attacks 4) Network vulnerability 5) Spam and Phishing 6) Modification of content 7) Malware propagation 8) Damage to business reputation 9) Infrastructure and maintenance cost 10) Loss of productivity
Reason why insider attacks are effective
1) Easy to launch 2) Prevention is difficult 3) Succeed easily 4) Employees can easily cover their tracks 5) Differentiating harmful actions from the employee's regular work is very difficult 6) Can go undetected for years and remediation is very expensive
Impact of Social Engineering on an Organization
1) Economic losses 2) Damage of goodwill 3) Loss of privacy 4) Dangers of terrorism 5) Lawsuits and arbitration
Reasons for Insider Attacks
1) Financial gain 2) Steal confidential data 3) Revenge 4) Become future competitor 5) Perform competitor's bidding 6) Public announcement
Social Engineering Countermeasures
1) Good policies and procedures are ineffective if they are not taught and reinforced by employees 2) After receiving training, employees should sign a statement acknowledging that they understand the policies 3) The main objectives of social engineering defensive strategies are to create user awareness, robust internal network controls, and secure policies, plans and processes
Physical Security Policies
1) Identification of employees by issuing ID cards, uniforms, etc. 2) Escorting visitors 3) Restricting access to work areas 4) Proper shredding of useless documents 5) Employing security personnel
Factors that make companies vulnerable to social engineering attacks
1) Insufficient security training 2) Unregulated access to information 3) Several organizational units 4) Lack of security policies
Social Engineering through Impersonation on Social Networking sites
1) Malicious users gather confidential information from social networking sites and create accounts using another person's name 2) Attackers use these fraudulent profiles to create large networks of friends and extract information using social engineering techniques 3) Attackers attempt to join the target organization's employee groups where personal and company information is shared 4) Attackers may can also use collected information to carry out other forms of social engineering attacks
Password Policies
1) Periodic password changes 2) Avoiding guessable passwords 3) Account blocking after failed attempts 4) Increasing length and complexity of passwords 5) Improving secrecy of passwords
Phases of a social engineering attack
1) Research the target company 2) Select a target 3) Develop a relationship 4) Exploit the relationship
Reason for the effectiveness of social engineering
1) Security policies are as strong as their weakest link, and human behavior is the most susceptible factor 2) It is difficult to detect social engineering attempts 3) There is no method that can be applied to ensure complete security from social engineering attacks 4) There is no specific software or hardware to defend against a social engineering attack
Detection Controls
1) Security professional must use a variety of security controls and tools to analyze and detect insider threats 2) Tools such as IDS/IPS, Log Management, and SIEM may be used
Defense Strategy
1) Social engineering campaign 2) Gap analysis 3) Remediation strategies
Social Engineering
1) The art of convincing people to reveal confidential information 2) Common targets of social engineering include help desk personnel, technical support executives, system administrators, etc. 3) Social engineers depend on the fact that people are unaware of the valuable information to which they have access and are careless about protecting it
Impersonation on Facebook
1) The attacker creates a fake user group on Facebook labeled as for "Employees of" the target company 2) Using a false identity, the attacker then proceeds to "friend" or invite employees to the fake group 3) Uses join the group and provide their credentials such as date of birth, educational and employment backgrounds, spouses' names, etc. 4) Using the details of any of these employees, the attacker can compromise a secured facility to gain access to the building
Deterrence Controls
1) The security framework must contain safeguards, recommended actions by the employee and IT professionals, separation of duties, assigning privileges, etc. 2) Security professional can use tools such as DLP and IAM to deter insider threat
Indications of identity theft
1) Unfamiliar charges to your credit card that you do not recognize 2) No longer receiving a credit card, bank, or utility statements 3) Getting calls from the debit or credit fraud control department 4) Charges for medical treatment or services you never received 5) No longer receiving electricity, gas, water, etc. service bills
Malicious Insider
A disgruntled or terminated employee who steals data or destroys the company's networks intentionally by introducing malware into the corporate network
Compromised Insider
An insider with access to critical assets of an organization who is compromised by an outside threat actor
Professional Insider
Harmful insiders who use their technical knowledge to identify weakness and vulnerabilities in the company's network and sell confidential information to competitors or black market bidders
Insider Risk Controls
Insider data risk presents another layer of complexity for security professionals, which requires designing security infrastructure that can efficiently monitor user permissions, access controls, and user actions
Negligent Insider
Insiders who are uneducated on potential security threats or who simply bypass general security procedures to meet workplace efficiency
Human-Based social engineering
Sensitive information is gathered by interaction
Computer-based social engineering
Sensitive information is gathered with the help of computers
Mobile-based social engineering
Sensitive information is gathered with the help of mobile apps