Social Engineering is a process of psychological manipulation, more commonly known in our world as human hacking. The sad reality behind Social Engineering is it is very easy to do. In fact, it’s so easy that even a teenager can do it and destroy your company, all on a Friday night. The goal is to have the targeted victim divulge confidential information or give you unauthorized access because you have played off their natural human emotion of wanting to help. Being nice is a human trait and everyone wants to be kind and helpful. If you give someone the opportunity to save the day or to feel helpful, they will most likely divulge the information required. Most of the time the attacker’s motives are to either gather information for a future attack, to commit fraud or to gain system access for malicious activity.
Pling Pling! You all know the tone when a new message arrives to your private mail inbox.
Recently, when this happened to me, I checked the message subject and was shocked right away. “Urgent: Please call me back!” In our business world this kind of e-mail happens, but in this case the sender was my personal bank manager. In the last 10 years, I have never received a message like this from him. I gave him a call and my manager told me that my wife’s credit card was compromised. An unknown person had used it for shopping at a sporting goods store in the US and to set up a VPN account to hide his criminal activities.
Anyone who works in the cyber-security field knows that phishing attacks – especially those against large enterprises – are on the rise. The odd of success are in the attacker’s favor because these attacks rely on uniquely human factors that are notoriously exploitable.
Phishing attacks have evolved throughout the years and in the past, they were simple attacks. Attackers would send a message with a link to a bogus site to trick a user into running malicious code on their computer. Today, however, phishing attacks are highly complex and the damage to the victim can be extremely severe and even irreversible.
The headline-making cyber-attack on the German Bundestag lower house of Parliament was recently solved. Reports state that attackers stole unknown amounts of data and government officials are now being forced to spend millions of euros on the cleanup to fix their entire computer system.
The attack (one of the biggest known against the German Government’s IT systems) first became public in May 2015 and while more background information has recently become available, understandably, even this available information is being handled with care.
Nearly every one of us has had some sort of social engineering or "Phishing" scam attempted on us and some of us, unfortunately, have even learned the lessons from the scam the hard way. I know how excited I was the first time somebody wanted to share $8M dollars with me from my long lost Uncle Frederick Hobbs IV, heir to the estate of the late Frederick the Great or some other nonsense. I immediately daydreamed about what color the new cool car I would buy with cash would be.
Here’s a roundup of our most-read posts of 2013. We thought it’d be interesting to look back on a year’s worth of blogs and see what garnered the most attention. So here are the top five posts — Thanks to our readers, partners, customers, and team members for another great year.
We look forward to a smart, success-filled and secure 2014. Cheers!
Knowledge Test Overview
Wow! The Attack Mitigation Black Belt Challenge is only two weeks old and already we have dueling leaders and intense competition.
People from all over the world are participating in Radware’s first Attack Mitigation Black Belt Challenge and only seven seconds separates the current leader, “dh”, from the fifth place position. It is apparent that some questions were stumbling blocks as we had two questions in the Yellow Belt round that only 10% of the participants could answer properly.