It’s raining (phishing) emails: Unlike other attacks in the cybersecurity landscape, social engineering does not focus on exploiting vulnerabilities in code or network architecture. Instead, it exploits human behavior, which is often the weakest link in the security chain. And stress on an already busy day is an extremely effective trigger.The following examples show how strategic social engineering attacks have become:
Step 1: Create a problem
Attackers can create technical problems to make their stories more convincing. A common method is email bombardment or graymail flooding. The attacker registers the victim’s email address with numerous services, resulting in an enormous number of legitimate emails. For example, one victim received 3,000 emails in less than two hours.
Step 2: Present yourself as the savior
In the cases investigated, the victim was always called by someone posing as a help desk manager. The caller promised to solve the problem so that the workday could continue as planned. The attacker attempted to get the victim to reveal their login details or grant access to their desktop via phone call, which was often successful in the supposed emergency.
False team play: In connection with social engineering, a sharp increase in complex vishing (voice phishing) attacks has also been observed. For example, the hacker group Black Basta uses legitimate Microsoft Teams logins to gain the victim’s trust via a Teams call from a user named “Helpdesk,” “Support Team,” or “Helpdesk Manager.”The attackers pose as internal IT staff and trick victims into using the Windows app “Quick Assist.” The use of this tool lends more credibility to the fraudsters’ actions, as it is a legitimate Windows tool that does not trigger any security warnings. Victims are then tricked into using the key combination “Ctrl + Windows key + Q,” which opens a window and generates a code.This allows the attackers to access the victim’s computer. The cybercriminals then attempt to extend their privileges and move laterally within the systems. In one of the cases investigated, several terabytes of data were stolen from the entire environment within a few days.
What security managers can do: Protecting employees from sophisticated social engineering traps is difficult and complex. However, several technical and human strategies can help reduce the likelihood of successful attacks:
Both Teams and Zoom offer options to restrict communication to trusted domains and organizations only. Although implementing and listing all trusted partners takes some time, this can be a very effective step.Some attackers exploit the built-in remote capabilities of video chat applications. Both Zoom and Teams allow you to set whether external participants can remotely access the screens of other participants during a call. Although there are slight differences between the platforms, it is advisable to review the features of each platform and configure them according to your organization’s requirements.Implementing conditional access is a key factor in strengthening access control within the company. Conditional access policies are, in the simplest case, if-then statements: if a user wants to access a resource, they must perform an action. Or, if a user wants to access an application or service such as Microsoft 365, they must perform multi-factor authentication to gain access. Security managers can implement conditional access policies to restrict access based on geographic locations, user types, applications, and even a token protection policy.Basically, all security efforts are about limiting the blast radius, i.e., the potential damage that a compromised account can cause. This reduces cyber risks in the long term, regardless of how attackers want to achieve their goal. And in the vast majority of cases, that goal is a company’s sensitive data. That’s why employee protection and awareness must start at this very point.This article is published as part of the Foundry Expert Contributor Network.Want to join?
Both Teams and Zoom offer options to restrict communication to trusted domains and organizations only. Although implementing and listing all trusted partners takes some time, this can be a very effective step.Some attackers exploit the built-in remote capabilities of video chat applications. Both Zoom and Teams allow you to set whether external participants can remotely access the screens of other participants during a call. Although there are slight differences between the platforms, it is advisable to review the features of each platform and configure them according to your organization’s requirements.Implementing conditional access is a key factor in strengthening access control within the company. Conditional access policies are, in the simplest case, if-then statements: if a user wants to access a resource, they must perform an action. Or, if a user wants to access an application or service such as Microsoft 365, they must perform multi-factor authentication to gain access. Security managers can implement conditional access policies to restrict access based on geographic locations, user types, applications, and even a token protection policy.Basically, all security efforts are about limiting the blast radius, i.e., the potential damage that a compromised account can cause. This reduces cyber risks in the long term, regardless of how attackers want to achieve their goal. And in the vast majority of cases, that goal is a company’s sensitive data. That’s why employee protection and awareness must start at this very point.This article is published as part of the Foundry Expert Contributor Network.Want to join?
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4051570/you-should-be-aware-of-these-latest-social-engineering-trends.html
