Skip to main content

Featured post

7 online stores to buy groceries in discounted rates

By Admin
Online shopping has taken itself as a common medium for convenient shopping. It has turned itself into a necessity, being a popular medium of shopping for the internet community. It was a mere trend that provided ultimate convenience to its customers. However, today there are millions of online shopping websites being created and deployed every passing day in order to cater the demands of online customers.  In Pakistan, there are hundreds of reliable, trustworthy and hassle-free online websites that offer exceptional services to its customers. Big firms and well-known organizations have started their own online venture, trying to gain more benefits from the progressive approach from the e-commerce sector. Studies show that the increase of online consumers at an exponential rate is due to the reliable services that have increased good reviews regarding them. Hence, more people refer online shopping with the passage of time, increasing the consumer numbers.  pakistangrocery.com Pakistang
4 comments

Social Engineering: What are the Common Forms of Attacks or Strategies Social Engineers may Use?

Image
By Admin

What is social engineering? 

Social engineering is a technique by computer system users to transmit sensitive information which can be used to access a computer system unauthorized to the public. The word can also include behaviors like human friendliness, covetousness and curiosity in order to gain access to restricted buildings or to make the users install backdoors.
Social engineering is a non-technical interference, frequently contributing to the breakdown of usual safety procedures,' using social skills and human experiences to collect information on organizations or computer systems. This uses cognitive skills and communication with human beings.

How does social engineering work?

Social Engineering

Gather Information: 

This is the first step, he knows as well as he can the intended victim. The knowledge is obtained from corporate websites and other media and also in contact with target device users.

Plan Attack:

 The attackers explain how the attack will be carried out. 

⦁ Acquire Tools: 

Tools that an attacker uses when the attack is initiated.

⦁ Attack:

 Using the flaws of the target system.

⦁ Use acquired knowledge: 

Information gained through social media, such as pet names, the date of formation of company founders, etc. are used in attacks such as password guessing.

Explain social engineering techniques?

The most common forms of attacks or strategies social engineers may use, including: 

Phishing 

The most common kind of social engineering attack appears to be phishing. Fake emails and websites are linked. A malicious party submitted a fraudulent email phishing occurs. The email is intended to make the receiver exchange personal data including credit cards, passwords or social security numbers. You may also allow a victim to download or click on a hyperlink. People are also forced to reveal confidential or private information. Phishing has long been around, but it has become increasingly numerous and sophisticated.

Pretexting

Pretexting usually occurs when a party lies with another party to obtain access to privileged information. An impostor produces an atmosphere that causes the victim to reveal confidential information. While phishing emails benefit from fear and urgency, pretext attacks rely on a false sense of belief in the victim. In order to confirm the identity of the victim, for example, an intruder may claim to need personal information.

Baiting 

Baiting involves the hacker, which aims to attract victims with an item or nice. It's close to attacks by phishing. For example, if you send your personal information to a certain site Baiters will make free music for users.

Tailgating

This attack is often called "piggyback" and involves someone who does not have proper authentications in a restricted area following an employee. This attacker sweeps away the workers with legitimate access to the area.

Scareware 

This is a malicious program to warn the victim of an infection, to force the victim to purchase and download fake antivirus software. The security program provides daily infection alerts and allows payment for their removal.

Shoulder Surfing 

Shoulder Surfing is an attack on security in which the attacker uses surveillance techniques to obtain information, for instance, when taking action involving the deliberate use of important, identifiable information by looking over someone's shoulder. This can be done both in a very close range and in a wide range through binoculars or other devices that enhance vision.

Dumpster Diving 

Many times, major corporations have discarded things like company contact books, program manuals, business policy guides, meeting schedules, activities and holidays, confidential data printouts or login names and passwords, source code printouts, disk and cassette printouts and corporate letters and memo formats, and obsolete equipment into company dumpsters carefully. The intruder will use these things to obtain a lot of information on the organization and network structure of the business. This search process, via the dumpster, is known as Dumpster Diving to look up information that is potentially useful for a company's employees.

How to prevent social engineering attacks?

Security experts are expected to make efforts to prevent social engineering. The impact of social engineering is unavoidable but can minimize their impact.Some best practices against social engineering are : 
⦁ Implement an education campaign about cyber security. 
⦁ For everyone who carries out a service, involve the appropriate identification.
⦁ Set a standard which does not offer passwords on the devices.
⦁ Mandating the security of passwords.
⦁ Build a security detection system.
⦁ Limit access to knowledge.
⦁ Implement caller ID technology and other support features for the help desk.
⦁ Please ensure that the consumer is aware of phishing emails – Cyber Streetwise (https:/www.cyberstreetwise.com/common-scams) and Staying safe online (https:/www.cyberstreetwise.com/common-scams) are available to give good advice.
⦁ You may receive guidance from other CiSP participants to improve your user experience if your company is a member of CiSP. For more information on CiSP membership see here: https://www.cert.gov.uk/cisp/ 
⦁ Consider setting up awareness sessions for members, possibly during training or induction periods, including a demonstrative penetration test that demonstrates that a (anonymous) "member of the company is effective in social engineering attack.
⦁ Encourage users to search for unusual requests or messages with a previously verified number calling the originator. Inform users of their online presence and warn them how much information they have in social media.
⦁ Consider how much information the company publicly provides and how it can be used in a social manipulation attack. Implement policies that minimize the risk of effective phishing (e.g., never to send confidential information to the network of your organization) and offer assurance to users that they are not disciplined for obedience to the rules.
⦁ Encourage users to speak to their colleagues and IT helps about suspicious emails or other social engineering events.
⦁ Make sure that you warn others as an organization of possible attempts in social engineering through the CiSP – you might not be the first one targeted at this attack, but you may be the first one to carry out it.
⦁ Make sure you are extremely likely to end up being compromised, and that you have the ability to respond and recover from disasters. In general, you will be able to avoid, respond and recover from cyber-related events, including social engineering, if your company adheres to the "10 Measures to Cyber Security"9 and the" 20 Basic Controls for Cyber Defence"10.
Policies, procedures and practices need to be communicated, taught and reinforced to employees in order to be effective. Employees should be educated in detecting an attack, mitigating the impacts and creating barriers to the attacker. All must understand and behave accordingly, from top to bottom.
The best response therefore is to inform users about the tactics employed by social engineering and raise knowledge about how both people and computer systems can be exploited to build a false degree of confidence. This should be supported by a safety mindset that encourages the exchange of feedback, enforces information security laws and protects users. However, an attacker should be able to obtain the information he is searching for with sufficient ability, resources and, eventually, luck. This is why organizations and people must take steps to respond to a successful attack and to recover from it.
Labels:

Comments

Post a Comment

Popular posts from this blog

Economic Effects of COVID-19 Around the World

By Admin
As the world grapples with the coronavirus, the economic impact is mounting - with the OECD warning the virus presents the biggest danger to the global economy since the 2008 financial crisis. UNCTAD, the UN trade agency, warned of a slowdown of global growth to under 2% this year, effectively wiping $1 trillion off the value of the world economy. A poll of economists by the London School of Economics found 51% believed the world faces a major recession, even if COVID-19 kills no more people than seasonal flu. Only 5% said they did not think it would. There are now some 170,000 confirmed cases of COVID-19 globally, the new coronavirus that emerged in Wuhan, China, in December and is spreading around the world. Businesses are dealing with lost revenue and disrupted supply chains due to China’s factory shutdowns. Weeks after China imposed travel restrictions on million of its people, Italy placed quarantine measures on its entire population, with France and Spain imposing si
49 comments
Read more

Forgiveness

By Admin
Forgiveness has three aspects:  To forgive anyone for having wronged  To ask for forgiveness from the one whom we have  To forgive yourself Of the three, I believe that the last one is the hardest. Forgiving those who seemed to have wronged us is better than asking for forgiveness. With the passage of time when the initial pain they caused us starts to become dull and distant and because we see they do not repeat their old habits, because we see that there is a genuine change in them, and that they apologise and seek us for forgiveness enthusiastically, excited and genuinely we find it more convenient to forgive them. It's better to give them a second chance. We replay all the memories of the good times with them in our heads and use this positivity to cancel out one or two actions of negativity they have done. With the passage of time, and with changing circumstances, and with them and ourselves changing, this is the simplest and perhaps the easiest kind of forgiveness. Fu
27 comments
Read more

High Street Fashion

By Admin
A high-mode mark is recognized as rapid mode retail, an increasing fashion industry phenomenon. The goal of fast fashion is to place clothing in distributors as quickly as feasible. Some highway distributors buy and buy fresh fashionable products every week and refill stocks. Fashion companies use time more and more as a factor to increase competitiveness. Regarding the rapid fashion business model, they were accomplished a competitive advantage through rapidly reacting to trends. The purchase and dressing of new garments are an increasingly successful way to enhance the mood of some individuals. It seems that increasing numbers of individuals are dependent upon their emotions when they decide to wear something fresh. These feelings can improve or strengthen their uniqueness or their enjoyment in introducing a distinct aspect to the globe. It indicates a range of circumstances of use or the number of products an individual has bought or eaten over a period of time. The frequency of u
35 comments
Read more