SlideShare ist ein Scribd-Unternehmen logo

The Art of Human Hacking : Social Engineering

Als PPTX, PDF herunterladen
OWASP Foundation
OWASP Foundation

Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers. Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people. 

Technologie
1 von 27
The Art of Human Hacking : Social Engineering A new modern threat for the IT industry? By:
Introduction  Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers.  Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people.
Present day danger displaying is a protective reaction to understanding a risk to set yourself up, your system, and your benefits.This syndicated programs how risk displaying can be utilized as a hostile weapon.While customary risk demonstrating takes a gander at the assailant, the benefit and the framework – hostile risk displaying glances back at the protector to comprehend his strategies and uncover shortcomings. By receiving the P4S's - People, Points, Posture, Pwnage, Survey – an attacker can comprehend where best to strike to inflict the most ideal result.
P4S’s Make a HPTL (High PayoffTarget List) – resources that give the greatest value for the money when bargained / compromised – illustration: security work force, senior administrators • auxiliary targets – targets which can be utilized as a backhanded assault vector – deals faculty, bolster staff, and merchants • make a rundown of focuses of chance – the "low hanging natural product" of the venture First “ P” Stands For “PinPoint”
deteriorate target resources into purposes of assault • separate every benefit into base segments – distinguish what parts can be promptly compromised • Physical versus Human Resources – family affiliations, pastimes – behavioral examination, psych profiling – assessment investigation – target fingerprinting, mapping – port outputs, powerlessness inventories – framework maps, application examination Second “P” Stands For “Points Of Attack”
distinguish resource's guarded stance • survey the state or stance of every part – is it prepared to be traded off? • bunches of basic time-based parts – specialized timetables – are firewalls rebooted, patches connected at altered interims? – change administration windows and discharge plans –when are workers most drastically averse to be locked in (off-hours, voyaging, meetings, and so on) • does the undertaking comprehend security? – is there a proactive security stance, or basically receptive? – is occurrence reaction actualized, tried? Third “P” Stands For “Posture”
execute the assault (Hax0r those benefits) – compromise numerous advantages utilizing differed assaults – sensible assaults – assault rationale of procedures or applications – social engineering – assault the general population component – physical assaults – draw in on location (high hazard) – influence known shortcomings to trade off resources – concentrate on resources whose stance abandons them uncovered • human shortcomings are frequently the most straightforward to misuse – pay off, extortion, straightforward motivating forces Fourth “P” Stands For “Pwnage”
“S” Stands For “Survey” constantly monitor, keep up traded off resources • assailant should constantly monitor, redesign resource list – distinguish if target reaction has been initiated – examine assault and guarded adequacy – perform a money saving advantage examination on failing to meet expectations resources • perform harm evaluation on lost resources – guarantee no assault spillage has happened – recognize possible substitutions.
Social Engineering has proven to be the fastest and most successful way to hack into an organization.The SE technique works every time and more often than not it works the first time. Social Engineering remains one of the largest cyber security threat to IT infrastructures.
Methods of Social Engineering The methods are different and hard to count. I studied a bit and found that I can categorize these methods into different headings as written below. • Quid Pro Quo - Something for something • Phishing - Fraudulently obtaining private information • Baiting - Real worldTrojan Horse • Pretexting - Invented Scenario • DiversionTheft - A con • Employment For Social Engineering •HoneyTrapping
Quid Pro Quo • Something for Something Call random numbers at a company, claiming to be from technical support. Eventually, you will reach someone with a legitimate problem Grateful you called them back, they will follow your instructions The attacker will "help" the user, but will really have the victim type commands that will allow the attacker to install malware
Phishing • Fraudulently obtaining private information o Send an email that looks like it came from a legitimate business o Request verification of information and warn of some consequence if not provided o Usually contains link to a fraudulent web page that looks legitimate o User gives information to the social engineer  Ex: Ebay Scam , Bank Scam Etc
Phishing Continued... • Spear Fishing o Specific phishing Ex: email that makes claims using your name • Vishing o Phone phishing o Rogue interactive voice system Ex:call bank to verify information
Baiting • Real worldTrojan horse o Uses physical media o Relies on greed/curiosity of victim o Attacker leaves a malware infected cd or usb drive in a location sure to be found o Attacker puts a legitimate or curious lable to gain interest o Ex: "Company Earnings 2009" left at company elevator Curious employee/Good samaritan uses User inserts media and unknowingly installs malware
Pretexting • Invented Scenario o Prior Research/Setup used to establish legitimacy  Give information that a user would normally not divulge o This technique is used to impersonate Authority act Using prepared answers to victims questions Other gathered information o Ex: Law Enforcement Threat of alleged infraction to detain suspect and hold for questioning
Pretexting Real Example: • Signed up for Free Credit Report • Saw Unauthorized charge from another credit company o Called to dispute charged and was asked for Credit Card Number They insisted it was useless without the security code o Asked for Social Security number • Talked to Fraud Department at my bank
Diversion Theft • A Con o Persuade deliver person that delivery is requested elsewhere - "Round the Corner" o When deliver is redirected, attacker pursuades delivery driver to unload delivery near address o Ex: Attacker parks security van outside a bank.Victims going to deposit money into a night safe are told that the night safe is out of order.Victims then give money to attacker to put in the fake security van o Most companies do not prepare employees for this type of attack
Weakest Link? • No matter how strong your: o Firewalls o Intrusion Detection Systems o Cryptography o Anti-virus software • You are the weakest link in computer security! o People are more vulnerable than computers • "The weakest link in the security chain is the human element" -Kevin Mitnick
HoneyTrapping:Techniques For Social Engineering This is among the popular methods of social engineering when the stakes are high. Usually, men are more prone to honey traps compared to women. This dangerous method can be described in following steps: •Identify the person in the target company who has good insider information •Have a high class hooker to seduce the person •Film it when they’re in the act •Use the film to blackmail the trapped person
The same method was used in recent PathankotAir Base (2016) Terrorist attack in India.As the film/video is with the social engineer, the person can get whatever he or she wants.They can even make the trapped person do things he or she won’t ever think of doing. In some cases, the stress and guilt is so high that the trapped person may commit suicide. There is not much you can do in cases of honey traps except to educate the people who work for you. But that is not a guaranteed solution as it plays with the basic human tendencies. Likewise, there is no 100% firewall against any of the above methods of social engineering. People err and that’s where the social engineers make profits.All you can do is to educate and if the employees understand, it is good or else not only they, but their companies are also at risk of social engineering.
To Understand How aTypical HoneyTrap Assignment Works Read Below: Prior to the Assignment: •A HoneyTrap Case Manager will get in touch with you.They will help you on arranging and executing your HoneyTrap trap task. •Pick your specialist from a combination of male or female operators of various identities, foundations, and/or ways of life. •You will have an interview with the operator and the case specialist to arrange the points of interest of your HoneyTrap .
What aTypical Assignment Consists of: • The Agent will endeavor to chat with the subject. • Specialist will ask the subject any foreordained inquiries settled upon for the situation meeting. • Trade telephone numbers under the guise of a future meeting. • Contact and correspondence will be kept up for a pre-concurred time allotment. Illustrations: Phone, Email,Text or Social Networking • An discretionary second meeting can be orchestrated lunch, supper, or at an inn.
After the HoneyTrap: • Agent will submit reports and photos • The SIM card utilized by the honeytrap operator amid the task • Duplicates of all roads of interchanges, for example, email, content or voice messages.
Ways to Prevent Social Engineering Training • User Awareness o User knows that giving out certain information is bad • Military requires CyberTransportation to hold o Top Secret Security Clearance o Security Plus Certification • Policies o Employees are not allowed to divulge private information o Prevents employees from being socially pressured or tricked
Ways to Prevent Social Engineering Cont.. • 3rd Party test - Ethical Hacker Have a third party come to your company and attempted to hack into your network 3rd party will attempt to glean information from employees using social engineering Helps detect problems people have with security • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information • Do not provide personal information, information about the company(such as internal network) unless authority of person is verified
General Safety Before transmitting individual data over the web, check the association is secure and check the url is right In the event that uncertain if an email message is true blue, contact the individual or organization by another methods to verify Be paranoid and aware when interfacing with anything that necessities ensured The lsmallest data could trade off what you're ensuring
The Art of Human Hacking : Social Engineering

Empfohlen

What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
Pratum
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Social engineering
Social engineeringSocial engineering
Social engineering
Alexander Zhuravlev
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 

Empfohlen

What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
Pratum
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Social engineering
Social engineeringSocial engineering
Social engineering
Alexander Zhuravlev
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
Jahangirnagar University
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
n|u - The Open Security Community
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
William Gregorian
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
Marin Ivezic
 
social engineering
social engineering social engineering
social engineering
Ravi Patel
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Cyber Agency
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me"
Simon Salter
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekar
Raghunath G
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
Introduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringIntroduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineering
Prem Lamsal
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
2010년 상반기 보안 위협 동향과 주요 보안 위협
2010년 상반기 보안 위협 동향과 주요 보안 위협2010년 상반기 보안 위협 동향과 주요 보안 위협
2010년 상반기 보안 위협 동향과 주요 보안 위협
Youngjun Chang
 
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp
 

Weitere ähnliche Inhalte

Was ist angesagt?

Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekar
Raghunath G
 

Was ist angesagt? (20)

Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
social engineering
social engineering social engineering
social engineering
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me"
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekar
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Introduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringIntroduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineering
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 

Andere mochten auch

DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
Praetorian
 

Andere mochten auch (7)

2010년 상반기 보안 위협 동향과 주요 보안 위협
2010년 상반기 보안 위협 동향과 주요 보안 위협2010년 상반기 보안 위협 동향과 주요 보안 위협
2010년 상반기 보안 위협 동향과 주요 보안 위협
 
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
 
IT보안과 사회공학(Social Engineering)
IT보안과 사회공학(Social Engineering)IT보안과 사회공학(Social Engineering)
IT보안과 사회공학(Social Engineering)
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering Risks
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking people
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 

Ähnlich wie The Art of Human Hacking : Social Engineering

Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
Russell Publishing
 

Ähnlich wie The Art of Human Hacking : Social Engineering (20)

PACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering AttacksPACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
Unlocking the Hidden Potential
Unlocking the Hidden PotentialUnlocking the Hidden Potential
Unlocking the Hidden Potential
 
What is social engineering & why it is important
What is social engineering & why it is importantWhat is social engineering & why it is important
What is social engineering & why it is important
 
Insider Threat Mitigation
Insider Threat Mitigation Insider Threat Mitigation
Insider Threat Mitigation
 
2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference 2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference
 
SECURITY AND SOCIAL ENGINEERING.ppt
SECURITY AND SOCIAL ENGINEERING.pptSECURITY AND SOCIAL ENGINEERING.ppt
SECURITY AND SOCIAL ENGINEERING.ppt
 
SECURITY AND SOCIAL ENGINEERING.ppt
SECURITY AND SOCIAL ENGINEERING.pptSECURITY AND SOCIAL ENGINEERING.ppt
SECURITY AND SOCIAL ENGINEERING.ppt
 
Social Engineering - By Chris Hills
Social Engineering - By Chris HillsSocial Engineering - By Chris Hills
Social Engineering - By Chris Hills
 
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightKeeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
 
Insider threats
Insider threatsInsider threats
Insider threats
 
02 presentation-christianprobst
02 presentation-christianprobst02 presentation-christianprobst
02 presentation-christianprobst
 

Kürzlich hochgeladen

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Kürzlich hochgeladen (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

The Art of Human Hacking : Social Engineering

  • 1. The Art of Human Hacking : Social Engineering A new modern threat for the IT industry? By:
  • 2. Introduction  Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers.  Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people.
  • 3. Present day danger displaying is a protective reaction to understanding a risk to set yourself up, your system, and your benefits.This syndicated programs how risk displaying can be utilized as a hostile weapon.While customary risk demonstrating takes a gander at the assailant, the benefit and the framework – hostile risk displaying glances back at the protector to comprehend his strategies and uncover shortcomings. By receiving the P4S's - People, Points, Posture, Pwnage, Survey – an attacker can comprehend where best to strike to inflict the most ideal result.
  • 4. P4S’s Make a HPTL (High PayoffTarget List) – resources that give the greatest value for the money when bargained / compromised – illustration: security work force, senior administrators • auxiliary targets – targets which can be utilized as a backhanded assault vector – deals faculty, bolster staff, and merchants • make a rundown of focuses of chance – the "low hanging natural product" of the venture First “ P” Stands For “PinPoint”
  • 5. deteriorate target resources into purposes of assault • separate every benefit into base segments – distinguish what parts can be promptly compromised • Physical versus Human Resources – family affiliations, pastimes – behavioral examination, psych profiling – assessment investigation – target fingerprinting, mapping – port outputs, powerlessness inventories – framework maps, application examination Second “P” Stands For “Points Of Attack”
  • 6. distinguish resource's guarded stance • survey the state or stance of every part – is it prepared to be traded off? • bunches of basic time-based parts – specialized timetables – are firewalls rebooted, patches connected at altered interims? – change administration windows and discharge plans –when are workers most drastically averse to be locked in (off-hours, voyaging, meetings, and so on) • does the undertaking comprehend security? – is there a proactive security stance, or basically receptive? – is occurrence reaction actualized, tried? Third “P” Stands For “Posture”
  • 7. execute the assault (Hax0r those benefits) – compromise numerous advantages utilizing differed assaults – sensible assaults – assault rationale of procedures or applications – social engineering – assault the general population component – physical assaults – draw in on location (high hazard) – influence known shortcomings to trade off resources – concentrate on resources whose stance abandons them uncovered • human shortcomings are frequently the most straightforward to misuse – pay off, extortion, straightforward motivating forces Fourth “P” Stands For “Pwnage”
  • 8. “S” Stands For “Survey” constantly monitor, keep up traded off resources • assailant should constantly monitor, redesign resource list – distinguish if target reaction has been initiated – examine assault and guarded adequacy – perform a money saving advantage examination on failing to meet expectations resources • perform harm evaluation on lost resources – guarantee no assault spillage has happened – recognize possible substitutions.
  • 9. Social Engineering has proven to be the fastest and most successful way to hack into an organization.The SE technique works every time and more often than not it works the first time. Social Engineering remains one of the largest cyber security threat to IT infrastructures.
  • 10. Methods of Social Engineering The methods are different and hard to count. I studied a bit and found that I can categorize these methods into different headings as written below. • Quid Pro Quo - Something for something • Phishing - Fraudulently obtaining private information • Baiting - Real worldTrojan Horse • Pretexting - Invented Scenario • DiversionTheft - A con • Employment For Social Engineering •HoneyTrapping
  • 11. Quid Pro Quo • Something for Something Call random numbers at a company, claiming to be from technical support. Eventually, you will reach someone with a legitimate problem Grateful you called them back, they will follow your instructions The attacker will "help" the user, but will really have the victim type commands that will allow the attacker to install malware
  • 12. Phishing • Fraudulently obtaining private information o Send an email that looks like it came from a legitimate business o Request verification of information and warn of some consequence if not provided o Usually contains link to a fraudulent web page that looks legitimate o User gives information to the social engineer  Ex: Ebay Scam , Bank Scam Etc
  • 13. Phishing Continued... • Spear Fishing o Specific phishing Ex: email that makes claims using your name • Vishing o Phone phishing o Rogue interactive voice system Ex:call bank to verify information
  • 14. Baiting • Real worldTrojan horse o Uses physical media o Relies on greed/curiosity of victim o Attacker leaves a malware infected cd or usb drive in a location sure to be found o Attacker puts a legitimate or curious lable to gain interest o Ex: "Company Earnings 2009" left at company elevator Curious employee/Good samaritan uses User inserts media and unknowingly installs malware
  • 15. Pretexting • Invented Scenario o Prior Research/Setup used to establish legitimacy  Give information that a user would normally not divulge o This technique is used to impersonate Authority act Using prepared answers to victims questions Other gathered information o Ex: Law Enforcement Threat of alleged infraction to detain suspect and hold for questioning
  • 16. Pretexting Real Example: • Signed up for Free Credit Report • Saw Unauthorized charge from another credit company o Called to dispute charged and was asked for Credit Card Number They insisted it was useless without the security code o Asked for Social Security number • Talked to Fraud Department at my bank
  • 17. Diversion Theft • A Con o Persuade deliver person that delivery is requested elsewhere - "Round the Corner" o When deliver is redirected, attacker pursuades delivery driver to unload delivery near address o Ex: Attacker parks security van outside a bank.Victims going to deposit money into a night safe are told that the night safe is out of order.Victims then give money to attacker to put in the fake security van o Most companies do not prepare employees for this type of attack
  • 18. Weakest Link? • No matter how strong your: o Firewalls o Intrusion Detection Systems o Cryptography o Anti-virus software • You are the weakest link in computer security! o People are more vulnerable than computers • "The weakest link in the security chain is the human element" -Kevin Mitnick
  • 19. HoneyTrapping:Techniques For Social Engineering This is among the popular methods of social engineering when the stakes are high. Usually, men are more prone to honey traps compared to women. This dangerous method can be described in following steps: •Identify the person in the target company who has good insider information •Have a high class hooker to seduce the person •Film it when they’re in the act •Use the film to blackmail the trapped person
  • 20. The same method was used in recent PathankotAir Base (2016) Terrorist attack in India.As the film/video is with the social engineer, the person can get whatever he or she wants.They can even make the trapped person do things he or she won’t ever think of doing. In some cases, the stress and guilt is so high that the trapped person may commit suicide. There is not much you can do in cases of honey traps except to educate the people who work for you. But that is not a guaranteed solution as it plays with the basic human tendencies. Likewise, there is no 100% firewall against any of the above methods of social engineering. People err and that’s where the social engineers make profits.All you can do is to educate and if the employees understand, it is good or else not only they, but their companies are also at risk of social engineering.
  • 21. To Understand How aTypical HoneyTrap Assignment Works Read Below: Prior to the Assignment: •A HoneyTrap Case Manager will get in touch with you.They will help you on arranging and executing your HoneyTrap trap task. •Pick your specialist from a combination of male or female operators of various identities, foundations, and/or ways of life. •You will have an interview with the operator and the case specialist to arrange the points of interest of your HoneyTrap .
  • 22. What aTypical Assignment Consists of: • The Agent will endeavor to chat with the subject. • Specialist will ask the subject any foreordained inquiries settled upon for the situation meeting. • Trade telephone numbers under the guise of a future meeting. • Contact and correspondence will be kept up for a pre-concurred time allotment. Illustrations: Phone, Email,Text or Social Networking • An discretionary second meeting can be orchestrated lunch, supper, or at an inn.
  • 23. After the HoneyTrap: • Agent will submit reports and photos • The SIM card utilized by the honeytrap operator amid the task • Duplicates of all roads of interchanges, for example, email, content or voice messages.
  • 24. Ways to Prevent Social Engineering Training • User Awareness o User knows that giving out certain information is bad • Military requires CyberTransportation to hold o Top Secret Security Clearance o Security Plus Certification • Policies o Employees are not allowed to divulge private information o Prevents employees from being socially pressured or tricked
  • 25. Ways to Prevent Social Engineering Cont.. • 3rd Party test - Ethical Hacker Have a third party come to your company and attempted to hack into your network 3rd party will attempt to glean information from employees using social engineering Helps detect problems people have with security • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information • Do not provide personal information, information about the company(such as internal network) unless authority of person is verified
  • 26. General Safety Before transmitting individual data over the web, check the association is secure and check the url is right In the event that uncertain if an email message is true blue, contact the individual or organization by another methods to verify Be paranoid and aware when interfacing with anything that necessities ensured The lsmallest data could trade off what you're ensuring