Keep yourself informed about the recent developments in social engineering techniques
In the ever-evolving world of cybersecurity, one method that has been consistently employed since the inception of IT is social engineering. This approach, which exploits human behaviour to achieve malicious goals, has become a primary weapon for attackers seeking to penetrate systems and steal data.
Social engineering attacks do not focus on exploiting vulnerabilities in code or network architecture, but rather on exploiting human behaviour, which is often the weakest link in the security chain. One common tactic involves attackers posing as internal IT staff and tricking victims into using the Windows app "Quick Assist." Once the app is activated, attackers can generate a code that allows them to access the victim's computer.
The use of AI has also elevated the sophistication of social engineering attacks. For instance, attackers can clone the voice of a high-ranking executive to manipulate a group leader in a social engineering attack. This technique, known as vishing, has been used to trick victims into transferring sensitive information or large sums of money.
Pretexting is another technique that has developed in the field of social engineering. This involves the victim following the attacker's instructions based on false assumptions. Cybercriminals might pose as partners, customers, or high-ranking executives to trick victims into divulging sensitive information or transferring funds. In some cases, a fake non-disclosure agreement (NDA) that looks like it comes from DocuSign can be used as part of a social engineering attack.
Attackers are increasingly targeting individuals within a company who have extensive privileges. These attacks have become more strategic and precise in recent years, with attackers often starting with a small, seemingly innocuous request that escalates over time. In one reported case, several terabytes of data were stolen from an entire environment within a few days.
To strengthen access control within a company, implementing conditional access policies can be beneficial. These policies ensure that only authorised users can access sensitive data, and they can be customised to fit the specific needs of each organisation.
In cases of social engineering attacks, the victim is often contacted by someone posing as a help desk manager. Attackers may use legitimate Microsoft Teams logins to gain the victim's trust via a Teams call. Once the victim is convinced, the attackers attempt to extend their privileges and move laterally within the systems.
Despite the growing threats posed by social engineering attacks, there is no specific information available about large asset management companies being defrauded of over one million euros through false identification by AI and vishing. However, it underscores the importance of ongoing vigilance and education in the face of these ever-evolving threats.
Social engineering lies at the intersection of cybersecurity and psychology, making it a complex and dynamic field. As technology continues to advance, so too will the methods used by attackers. However, by staying informed and implementing robust security measures, it is possible to protect against these threats and maintain the security of our digital environments.
