Hackers, hacktivists, scam artists and general bad guys are moving away from the traditional methods of writing software to infect and obtain information.
Instead, there is a growing trend of social engineering attacks being used to steal employee credentials. These stolen credentials are then used to obtain desired sensitive information.
I believe there are three reasons for this change in behavior. First, social engineering attacks avoid the need for costly malware development. Second, some advanced tools can detect malware, no matter how well written and obfuscated the malware is—thus, rendering all that time, effort and money useless. Last, the resources required to execute a social engineering attack are significantly less than a software-based attack.
It is much easier to research a target, execute a series of emails or calls and obtain the credentials of the target. Then, once inside the compromised system, a actor can run a PowerShell script to gather sensitive information and communicate data externally.
In order for a social engineering attack to be successful, an attacker needs to collect as much information about their target as possible. They need to eliminate all doubt that they are not who they say they are.
All the following information can be found by knowing a target’s first name, last name and either their place of work or city. All data is freely available, either on free of charge or free trial basis.
Armed with all this information, it can be easy for an attacker to convince an unsuspecting member of support or network admin that they are the mark they simply need their password reset.
Be careful about how much data you publish about yourself and be extra careful about who you share that information with.
Businesses need to stay proactive to protect their infrastructure from emerging attack vectors. LogRhythm provides a cybersecurity…
The combined company will bring together two cybersecurity SIEM and UEBA innovation leaders with renowned…
Security teams face the challenge of staying ahead of new and advanced threats. By harnessing…