What is Social Engineering? Can it Bypass Great Security

Social engineering scams revolve around the hacker’s use of manipulation and confidence. These techniques tend to make victims act in ways that they otherwise wouldn’t. Usually, victims act the way they do because of heightened emotions, a sense of urgency, and trust.

Today’s cyber attackers are smart. They know that companies invest millions of dollars in corporate security features. They also know that every organization has the weakest link – human error. That’s why they keep devising clever ways to manipulate people to give up confidential information. Social engineering is one technique that hackers use to fool unsuspecting users into handing over sensitive information, like passwords, banking information and personal information.

What is social engineering?

It is a form of cyber-attack that exploits people through deception and trickery. It taps into human vulnerabilities like trust, emotions, or habits to gain access to networks, systems, and physical locations. Usually, the attackers intend to trick users into providing details like bank account details, social security numbers, or login credentials. But they may also want to access a computer and secretly install malicious software that gives them control over the computer.

social-engineering-cybersecurity-hacker-phishing-scam-data-breach

Attackers use social engineering techniques to hide their real identities and motives. They pose as trusted individuals or experts, but their only intention is to influence, manipulate, or trick users into giving up access or confidential data. A majority of social engineering attacks are based on the way people act and think. As such, these scams are particularly useful in exploiting a user’s actions. Once the hacker understands the reasons behind a target’s actions, he or she can effectively manipulate and deceive them.

How social engineering works

Social engineering attacks happen in one or more steps. First, the hackers run background checks to gather as much information about the target as possible. Then they’ll try to win over the target’s trust and persuade them to reveal confidential information. As opposed to violent methods, fraudsters use persuasion and confidence to prompt the victims into taking actions.

In a nutshell, social engineers:

Gather background data on the target and his or her organization
Infiltrate by starting conversation or building relationships – which often starts on the basis of trust
Establishes weakness and exploits victim
Disengage once they achieve their goal

data-breach-cybersecurity-spear-phishing-scam-email-data-industry-solutions

What social engineering attacks look like?

Social engineering attacks appear as an ordinary text message, email, phone call, or voice call from a seemingly safe source. Ultimately, it ends with the victim’s action, like exposing themselves to malware or sharing sensitive data.

Many people assume that they can tell scams right off the bat, but today’s attackers are much more advanced. They know how to disguise themselves. And, with a couple of details here and there, they can easily gain access to your organization’s various accounts and networks.

As Kevin Mitnick, a former hacker and social engineering expert, once said, “There isn’t a technology today that can’t be overcome through social engineering.”

Attackers are using social engineering to attack even the most sophisticated systems. In 2016, for instance, the United States Department of Justice fell for social engineering bait that saw a leak of personal information of 9,000 DHS and 20,000 FBI employees. In the same year, the Democratic National Convention lost over 150,000 emails, thanks to a spear-phishing email that appeared to be a legitimate email from Google. Other famous attacks include Ubiquiti Networks BEC, in 2015, Yahoo hack in 2014, Sony Pictures Hack in 2014, and US Department of Labor Watering Hole in 2013.

Types of social engineering attacks

1. Email from a trusted source (phishing emails)

Hackers use psychological manipulation to get victims to take different actions. For instance, they may send out an urgent message like this one:

phishing-email-example-social-engineering-scam-data-security-healthcare-industry-solutions

Most employees will jump into action when they receive such an urgent email from their “boss.” They will even prioritize it over anything else. What’s more, some will proceed with the instructions without asking any questions. Emails may also come from another trusted source – like a friend, industry expert, and so on.

Phishing scams deliberately take advantage of the trust that individuals have in legitimate email owners. Attackers use different phishing methods and platforms, including:

Spam phishing: non-personalized and aims at several users
Spear phishing: personalized and aims at high-profiled people
Voice phishing: phone calls with automated messages or sometimes a real person to boost trust
SMS phishing: mobile app texts which may include a link or prompt to take action
Angler phishing: happens on social platforms, where hackers imitate a legitimate company’s customer care team

2. Baiting

In baiting, an attacker leaves malware-infected device where a target can find it. Sometimes, they label it in an appealing way to make it even more luring. When a person picks and plugs it into their machine, they unknowingly infect their computer with malware.

baiting-cyber-attack-malware-cybersecurity-data-breach-security-scam-hack

3. Tailgating

Also known as piggybacking, tailgating is where a disguised attacker follows an authenticated staff into a restricted area. He or she then asks the employee to hold the door for them, thereby gaining access to the building.

4. Pretexting

Pretexting involves hackers creating an excellent ploy to try and steal their target’s data. In pretexting, the fraudsters may say that they need some information from their victims to confirm their identity – but they use the information to stage secondary attacks or identity theft. In some cases, the attackers manipulate their victims into doing something that abuses the company’s physical and digital weaknesses.

Unlike in phishing where scammers capitalize on the victim’s urgency and fear, pretexting depends on creating a false sense of trust with the victim. Meaning, the hacker has to build a good story that victims believe.

Social engineering prevention

Security awareness training is the best way to prevent social engineering. Companies should sensitize their teams about social engineering as well as the tactics that attackers use. Employees should know well to delete any requests for passwords or secure financial data. They should also reject requests or offers of help. It’s equally important for companies to update their operating systems and also install firewalls, anti-virus software and email filters.

Frank Gomez

Frank is a technology visionary and strategic hands-on executive with over 20+ year track record of helping companies revitalize, restructure, and implement complete Unified Communications systems in national and global markets.

wytcote.com

Is Blockchain Just for Cryptocurrencies?

Blockchain technology is an online database that offers information to organizations and enables them to record their transactions easily. The database is encrypted, so all communications are done between the organization and the peer-to-peer network only when it’s veritable.

The technology offers an excellent way to transfer data from point X to Y without worrying about false data being stored in the database because that would falsify the whole chain of millions of instances. Blockchain provides accountability since the transactions recorded pass through multiple-party verification and no transaction in the database can be changed by the parties later on.

What is blockchain technology?

As the name implies, blockchain is essentially blocks of encrypted data stored in a database (or ledger). Many would like to think of it as a robust spreadsheet. A single block of data links to a previous block, thus forming a chain. What makes blockchain unique is the fact that it’s a network of interconnected computers that don’t depend on a centralized entity to execute interactions.

blockchain-data-privacy-security-cloud-computing-internet-of-things-secured-devices

A central authority manages most databases that keep financial information. But with the blockchain database, the ledger is amended and updated communally by all the computers that are connected in the network. Since the records are held communally, no financial institution or computer is in charge. So, if a single computer in the system gets knocked offline or is hacked, the others can still function without it.

Advantages and disadvantages of blockchain

Pros

Decentralization makes it harder to alter data
Cost reduction by removing third-party verification
Enhanced accuracy by eliminating human involvement in verification
Secure, private and efficient transactions
Transparent technology

Cons

Susceptibility of being hacked
Low transactions per second
Significant costs associated with mining Bitcoin
History of illicit activities

Blockchain and cryptocurrencies

cryptocurrency-bitcoin-data-mining-security-WytCote-Tech-industry-solutions

In the context of cryptocurrencies, blockchain features a stable chain of blocks, each with a list of previously approved transactions. The blockchain network works as a decentralized ledger because its run by a network of computers spread worldwide. So, each participant (node) holds a copy of the blockchain data and communicates with the others to make sure they are all on the same page.

Blockchain transaction happens within a peer-to-peer network and is what makes Bitcoin and other cryptocurrencies decentralized digital currencies that are borderless and censorship-resistant. The whole point of using this technology is to allow people – especially those who don’t trust each other – to share critical data in a secure and tamper-proof manner. This is because blockchain technology holds data using innovative software and sophisticated math functions that are extremely difficult for hackers to manipulate.

Is blockchain just for cryptocurrencies?

One of the first real-world uses of blockchain technology was in Bitcoin, a virtual currency that was announced in 2008 by Satoshi Nakamoto (pseudonym). But these types of projects are not tied to the Bitcoin network alone. In fact, most blockchains have nothing to do with Bitcoin. Once the Bitcoin blockchain had been around for a while – successfully recording all Bitcoin transactions and surviving vast attacks – many entrepreneurs and programmers wondered if the Bitcoin data security design might be applied to create other types of secure databases, unrelated to Bitcoin.

Today, startups, SMEs, and large scale companies across different types of fields are increasingly integrating blockchain into their daily operations. It is now widely used in banking and finance to facilitate payments, improve capital markets, trade finance, deter money laundering, and in insurance. It also has applications in business, especially in areas like healthcare, supply chain management, real estate, media, and energy. The government, too, can use the technology for record management, identity management, taxes, voting, regulatory/compliance oversight and a virtually infinite amount of other types of real-world applications.

Blockchain’s best features for corporations

The distributed ledger technology ensures that transactions are validated by all parties involved. The data is managed through a computer network that’s not individually owned, so the data submitted is incorruptible.
The technology has broker-free characteristics, so there aren’t any unnecessary charges that are incurred by those involved in the transactions.
It accounts for the security and trust issues in a range of ways: first, the blocks are stored chronologically and linearly, which makes it difficult to alter.
Ability to store all kinds of data about any registered intellectual property along with designs, trademarks, and patents with lawsuits or in registry stage. Since this data can’t be altered, the benefits of using blockchain for verifiable transactions and smart contracts can also be applied toward making business accounting more transparent.
Although personal data like credit cards or names are kept private, blockchain is almost always open source. Meaning, users can adjust the code; however, they please as long as they have support from other network users.
Last but not least, is that blockchain offers a secure transaction. Once a transaction is recorded, the network verified its authenticity. Thousands, or sometimes millions of computers on the network rush to confirm that the information is correct. Only then can the transaction be added to the blockchain as a block.

data-mining-management-industry-solutions-privacy-technology

The growing applications and use cases of blockchain technology

Healthcare industry

One of the main challenges that healthcare professionals face is to share information across platforms securely. A seamless flow of data between providers could increase the chances of accurate diagnoses and effective treatment. It’ll also lower the cost of healthcare. Blockchain technology allows healthcare institutions and other related parties to share network access without affecting the integrity or security of data.

Critical infrastructure security

The internet infrastructure has proven vulnerable to attacks, particularly when it comes to the Internet of Things (IoT) devices. Since critical infrastructures like transportation and power plants have connected sensors, there’s a heightened risk to the civil society. Luckily, some companies are using the tamper-proof database to share critical information across their networks. Others are using blockchain to offer massive scale data authentication. A good example is using blockchain powered Keyless Signature Infrastructure (KSI) to tag and verify data transactions.

Supply chain management

The supply chain involves a series of transaction nodes that connect to move goods from one point to another. The technology allows businesses to document transactions in a decentralized record, thus limiting delays, human errors, and added costs. Different companies are coming up with blockchain-based products that enable enterprises to engage clients at the point-of-sale with data collected collaboratively from suppliers along the supply chain.

Blockchain and Internet of Things (IoT)

Blockchain technology decentralizes cloud services, therefore increasing security, connectivity, and computational power. This solves the inefficiency problems – especially those surrounding data storage and computational resources – that are associated with launching IoT products.

Blockchain and cloud storage

Companies that provide cloud storage usually keep clients’ data in one secure server, which makes it vulnerable to attacks. Blockchain cloud storage services decentralize data storage, making it less prone to hacks that can lead to systemic damage and colossal data loss. Companies are now providing blockchain-enabled cloud storage to enhance security and also reduce the cost of storing data in the cloud.

Blockchain ensures the security of data. The information stored in blockchain is fully decentralized since it’s kept in multiple nodes across the globe rather than in a single place. This addresses the concern of data protection in case there’s an error or breach. Records that are uploaded in blockchain aren’t accessible to or controlled by an individual. But each party holding the data has a private key that they can use to access the encrypted files. So, even if a hacker gets to access a folder, he/she will only see a partial file –which won’t be useful. That’s why industries, other than cryptocurrencies, are taking advantage of blockchain to enhance their operations.

Sheri Bruemmer

Sheri Bruemmer is a seasoned industry expert with expertise in growing and managing operations that support assisted living, adult foster care, and homes for the aged communities. Sheri is a certified Gerontologist, licensed Assisted Living Director, and licensed nurse as well.

wytcote.com