Cyber Security – Social Engineering

What is the concept of Cybersecurity?

“ Cyberattacks – deliberate attempts by unauthorized persons to access ICT systems, usually with the goal of theft, discruption, damage or other unlawful actions”  ( Eric, 2016)

What is Social Engineering? (nabie,2016)
Art of “ Human OS” hacking

“ Social engineering is defined as the process of deceiving people into giving away access or confidential information.” (digital, 2016)

Social Engineering Attack Framework

“ The two classes of a social engineering attack are direct communication and indirect communication” (Francois, 2014) It is direct or indirect attack. “The direct communication class is further divided into two subclasses: bidirectional communication and unidirectional communication” or 3rd party mediums communications, normally via social media, email, internet link or telephone calls. (Francois, 2014)

Human-based Social Engineering (adebowale,2016)

  • Posing as a legitimate end user
  • Give identity and ask for sensitive-information
  • Posing as an important user
  • Posing as Technical support
  • Posing as customer, supplier and top management

Mobile-based Social Engineering

  • Cyber criminals are now taking over mobile devices

by using many of the psychological tricks used to con people online

  • “social engineering is an attack method of choice to gain access to a person’s smartphone or tablet”. (Joan, 2011)
  • Malicious apps that look like legitimate apps (Joan, 2011)
  • Malicious mobile apps that come from ads (Joan, 2011)
  • Apps that claim to be for “security“(Joan, 2011)
  • SMS, notifications
  • calls, recordings, IVR

Interactive voice response (IVR) is a technology that allows a computer to interact with humans through the use of voice and DTMF tones input via keypad.

“From a users perspective it is very hard to distinguish between an app that is legitimate with an app that turns out to be malicious,” said Zeltser. (Joan, 2011)

Reference:

  • Research, 2016, 3(3): 64-66 ISSN:2394-2630 CODEN(USA): JSERBR – ResearchGate – 19 Sept 2016
  • DOJ, 2015 – Best Practices for Victim Response and Reporting of Cyber Incidents –Version 1.0 – Computer Crime & Intellectual Property section, Criminal Division, U.S. A Department of Justice , Cybersecurity Unit – (202) 514-1026 – April 2015
  • DIgital, 2016 – Digital Defense Incorporated USA – Social Engineering prevention- be prepared. It could happen to you! – WWW.DDIFRONTLINE.COM – 2016
  • Eric, 2016 – Eric A. Fischer – Cybersecurity Issues and Challenges: In Brief – Senior Specialist in Science and Technology – Congressional Research Service 7-5700, R43831– www.crs.gov – 12 Aug 2016
  • Frank, 2014 – Frank L. Greitzer & members, PsyberAnalytix – Analysis of Unintentional Insider Threats, Deriving from Social engineering exploits – 2014 IEEE Security and Privacy workshops – 2014
  • Francois, 2014 – Francois Mouton , Mercia M. Malan and members – Social Engineering Attack framework – University of Pretoria, South Africa – IEEE 978-1-4799-3384-6/14 -2014
  • Ibrahim, 2016 – Ibrahim Ghafir, FI and members – Social Engineering Attack Strategies and defence Approaches – Metropolitan University & Masaryk University – 2016 IEEE 4TH International Conference on Future Internet of Things and Cloud , Austria- August 22, 2016
  • Joan, 2011 – Joan Goodchildand Senior Editor – Social engineering: 3 mobile malware techniques – CSO USA
  • Kathleen, 2016 – Kathleen Crowe & members – Beyond Hacking: Coverage For Social Engineering Scams and Schemes – AON Risk solutions Inc. – American Bar Association Section of Litigation, Insurance Coverage Litigation Committee, Women in Insurance Conference, Washington DC, USA – 20 Oct 2016
  • Malcolm, 2007 – Malcolm Allen – Social Engineering, A means to violate a computer system – SANS Institute 2007 – 2007
  • Michael, 2015 – Michael Alexander, Rick Wanner – Methods for Understanding and Reducing Social Engneering Attacks – GIAC (GCCC) Gold Certification – 30 April 2016
  • Mitnick, 2016 – Kevin D. Mitnick & William L. Simon – The Art of Deception, Controlling the human element of security – foreword by Steve Wozniak – 2016
  • nabie,2016 – Nabie Y. Conteh and nabie J. Schmick – Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks – Southern University USA , International Journal of Advanced Computer Research, Vol 6(23), ISSN: 2249-7277 – 10 Feb 2016
  • rob, 2015 – Rob Wainwright, – Director of Europol – The Internet Organised Crime Threat Assessment (IOCTA) 2015 – The annual presentation of the cybercrime threat landscape by Europol’s European Cybercrime Centre (EC3) –ISBN: 978-92-95200-65-4, ISSN: 2363-1627 – DOI: 10.2813/03524 – 2015
  • Sectf, 2016 – The DEF CON 24, Social Engineering Capture the Flag Report – Social-Engineer, LLC USA– social-engineer.org –  11 Aug 2016
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s