One type of social engineering attack is the personalized-message, which often ends up in the hands of the CEO or another executive who would have access to sensitive files and information. Until recently, email was the dominant medium by a wide margin. However, recently, attackers have started to move to social media and text messages. What can you do about it?
Attacks within digital communications channels (like Slack, TEAMS, Twitter, Facebook, LinkedIn) have grown more targeted, more social engineering-focused, and the payloads have become "softer,” and the risks are not in files and links/IP's alone anymore. Instead, recent attacks are laser-targeted and evade traditional detection by focusing on human connections. To find out more about these “soft attacks,” we talk to Otavio Freire, CTO, President & Co-Founder SafeGuard Cyber.
Purdue University is offering new cybersecurity short courses in social engineering and digital forensics as part of a growing suite of offerings through the Purdue Polytechnic Institute’s Cyber Education Network Training Resources (CENTR).
Two men will appear in federal court to face charges that they were involved in the unauthorized takeover of social media and other personal online accounts belonging to professional and semi-professional athletes, U.S. Attorney Craig Carpenito announced.
Recently, two teens and a young adult infiltrated one of Silicon Valley’s biggest companies in a high-profile hack – and the biggest ever for Twitter. Authorities say the 17-year-old “mastermind” used social engineering tactics to convince a Twitter employee that he also worked in the IT department and gained access to Twitter’s Customer Service Portal. The 130-account takeover proved unique, as it was fundamentally a dramatic manipulation of trust and could have had far more world-changing consequences if the attackers had the aspirations of say, a dangerous fringe group versus that of a teenager. There are a few takeaways to learn here, especially when it comes to considering redefining what we classify as “critical infrastructure” and what must be protected at all costs.
Organizations need to enhance current technical security controls to mitigate against the threat of deepfakes to the business. Training and awareness will also need revamping with special attention paid to this highly believable threat.
As digital security through online portals continually improves and people become more wary of phishing emails, hackers have turned to old fashioned telephone calls to elicit key pieces of personal information they can use for profit. It takes little technical skill—just the ability to sound convincing to vulnerable people over the phone.