SOCIAL ENGINEERING AS THE MAIN VECTOR USED FOR RANSOMWARE
The most important vector used by the hackers to penetrate an IT system is the social engineering one. Following the Verizon’s annual Data Breach Investigations Report 2020 (page 24), social engineering attacks including phishing and pretexting are responsible for 93% of successful data breaches:
“Social actions arrived via email 96% of the time, while 3% arrived through a website. A little over 1% were associated with Phone or SMS, which is similar to the amount found in Documents.
Phishing has been (and still remains) a fruitful method for attackers”.
It is also said that credentials are by far the most common attribute compromised in phishing breaches.
So the first question that we have to ask is: What is Social Engineering?
Usually, SOCIAL ENGINEERING is said to be the Art of manipulating, persuading people into:
- Performing actionssuch as clicking on a link or downloading a file (in order to Access user’s computer to secretly install malicious software) or,
- Divulging confidential information(Trick user into giving them his passwords or other sensitive information)
SOCIAL ENGINEERING is different from the classic hacker in that the typical hacker looks for a software vulnerability when a social engineer tricks an employee into disclosing his login information: It is indeed easier to exploit the natural human inclination to trust and human emotional responses than to try to crack passwords.
Professor Robert CIALDINI, in 1984, enumerated six principles that constitute influence, the ones on which social engineering is based and which can explain the human reaction of those who are confronted with such an action:
- Reciprocity: Obligation to repay.
- Consistency and Commitment: Need for personal alignment.
- Social Proof: The power of what others do.
- Liking: The obligations of friendship.
- Authority: We obey those in charge.
- Scarcity: We want what may not be available.
A social engineering attack can take any form. But the best-known vectors of social engineering and the most used by hackers to breach network security are phishing and spear phishing.
PHISHING is the technique of fraudulently obtaining sensitive information using electronic communication such as email spoofing. We speak about SMISHING when SMS messages are used or VISHING when phone or voice messages are used to trick users.
SPEAR PHISHING is the technique used to harvest sensitive information by sending emails that take the form of personal communication to specific end users.
They can take the form of pretexting (your friend is asking for emergency help), baiting (which can be found on p2p or social networking sites), answering to a question that has never been asked, water holing (targeted social engineering that bids on user trust in the websites they regularly visit), Quid pro quo (Claiming to be calling back from technical support when such call was not made)… and many more, as the imagination of pirates knows no bounds.
Knowing all this, one can only note that the private or professional messaging of the members of the staff of an establishment is the Achilles heel of its computer network.
Of course, the literature emphasizes behavior, education, training of staff members, paying attention to details but a mistake is always possible and it is better not to tempt the devil.
We must therefore consider another approach, that of securing the computer network while keeping in mind the possibility of a phishing attack against a member of this network.
For this we will focus our attention on the table edited by Proofpoint which can already give an idea of the departments that concentrate the most phishing attacks within an establishment.
Knowing the goals sought by hackers in a defined establishment, the departments that will be most likely to be targeted by them allows to identify the people (endpoint) that will be most likely to be used as a key player in the attack and to prepare them not to perform the fatal gesture.
It also allows to choose the most appropriate mode of protection to resist this kind of attacks.
We have divided the departments concerned into 3 categories according to the severity of the consequences of a successful attack.
In the first category (I) we place the departments against which an attack would cause the most damage to the establishment and would therefore bring the greatest gains for the attacker, namely:
- A) Production / Operations (Production losses)
- B) Marketing / PR (Company image)
- C) Management (Disorganization)
- D) Sales (loss of incomes)
In the second category (II) we place the departments targeted by espionage, the theft of information:
- A) R & D / Engineering
- B) Legal
And finally in the third category (III) we place financial services. You can also integrate the other departments of the establishment.
We will see in our next newsletter how the IT architecture of the different departments must be adapted to counter such attacks.
But of course, you already know that PT SYDECO can help you thanks to its ARCHANGEL© system which can autonomously block code execution from Phishing, Spear Phishing or Vishing attacks – whether that is a malicious attachment or fileless malware executing in memory – and that can inspect encrypted traffic and enforce firewall control to block known phishing domains.
We hope, by this information letter, to have helped you to protect your installations against cyberattacks.
Do not hesitate to visit our website (syde.co) or SydeCloud page to find out what we have created for your cyber security: https://apps.sydecloud.com/folders/28