Computer crime is on the rise and cybercriminals are developing clever ways to get sensitive information. Social engineering attacks are the most elaborate types of attacks.
They are a specific hacking method where attackers present themselves as trusted sources or individuals. Their goal is getting the victims to break security procedures and share sensitive information – either personally identifiable information (PII), or usernames, passwords, government-issued IDs, and more.
The attackers can then either impersonate the victim or gain access to a computer and network systems, and even physical locations.
Social engineering hacks are complex and involve several steps.
- The attackers will investigate its target and gather the information that will help them succeed; they are looking for the best attack method.
- Then they work on gaining the trust of the target. They engage them, present a story, control interactions, and try to get the victim to break security protocol.
- Once they get the information they need, they can execute the attack and then remove all traces and cover tracks.
The most successful social engineering hacks will end without the victim ever being aware of it or becoming suspicious about it.
Types of Social Engineering Hacks
The most well-known social engineering hack was probably the email scam from the Nigerian Prince that offered the recipients of the email monetary gain (in millions) if they help transfer money through their account, but to be eligible, they had to pay $10,000.
While it’s known by everyone nowadays, these types of scams are still raking in a lot of money.
Social engineering is a common method used in cyberwarfare. It’s a gray area of many corporate giants and even spans across countries, with hackers being used for corporate espionage or working for the government in covert missions to swing the public opinion.
The most common types of attacks include:
Phishing – The attackers send emails or other types of messages digitally and present themselves as reputable individuals or companies. The objective is to get the victim to go to an infected site or to install malicious software on their device. The ultimate goal is to get personal information, financial info, passwords, and accounts. Whaling is a specific form of phishing that targets high ranking officials within the company to get access to the most sensitive information.
Pretexting – The attacker impersonates co-workers or authority figures like police officers or bank officials, and asks the victim questions that make it easy to confirm the victim’s identity.
Waterhole attacks – Attackers will carefully study their victims and pick websites that will be most beneficial for the attack. They will search for exploits in the sites, and inject malicious code to the site. When the victim visits the site, the code will install malware on the victim’s device.
These attacks are not limited to computers; mobile devices such as phones and tablets can easily be hacked too (often easier than computers), and mobile security should be addressed too since more than 30% of all attacks are targeting mobile.
Social Engineering Malicious Software Types
Hackers will use malware to successfully execute their attacks. Any type of software – program or file – that causes harm to the user or device is considered malware.
- Malware can do numerous things, depending on how it was programmed. It can hijack a device, encrypt data, delete data, or monitor activity.
- It’s most commonly delivered via phishing that takes users to infected sites or delivers infected email attachments.
- Infected sites typically execute a drive-by download. This method doesn’t require a specific action from the user; the success relies on vulnerabilities of the operating system, browser, or app.
- Viruses, trojans, worms, spyware are all part of malware.
Viruses are the most widely known type of malware. They are a piece of code with a goal to spread to as many systems as possible. The threat level of a virus is determined by how fast it spreads, but also by its payload.
A payload is that part of malicious attack that causes damage. Common payloads include data corruption or destruction. The highest threat comes from viruses that spread quickly and have a powerful payload. To ensure the payload is not detected by antivirus and antimalware software, attackers will often encrypt the malicious code.
A payload is executed by a logic bomb. Logic bombs, also called slag code, are written so that they cause harm in case certain conditions are met (or not met, depending on the programming). The conditions are often dates, times, data deletion, or executing an infected app.
Logic bombs can corrupt or delete data, or completely clear whole hard drives.
They are an integral part of ransomware. If the user doesn’t comply with the demands, they will remain locked out of their devices and usually lose everything they had on hard drives. Most often they are part of viruses, trojans, or worms.
If malware is downloaded without the user’s knowledge, it’s considered spyware. Any type of software downloaded and installed in that fashion falls into this category. Not all spyware is malicious, but it’s often abused for malicious goals: to get access to databases and steal sensitive information.
While it can be difficult to detect spyware, some indications that the device is infected are negative changes in computing power, speed, and in the case of mobile devices, battery drain.
Social Engineering Tools
Remote Access Tools
Rootkits form a collection of software tools that enable remote access to a device. These can be used for legitimate reasons like providing remote support and assistance, but more often they are used maliciously by hackers. Malicious rootkits are often masked within what appears to be legitimate software.
Once the user gives permission to install, the attackers get admin privileges on the device. A rootkit will contain malicious tools, including banking credential stealers, password stealers, keyloggers that record every keystroke in order to steal passwords, usernames and bank account data, antivirus disablers, and bots for distributed denial-of-service attacks.
A full disk encryption is usually enough to keep the system safe, unless attackers use bootkits. This specific type of rootkit infects the master boot record, subverts the boot process, and can successfully control the system after booting.
Web shells are used for remote access of web servers, its files, and system via a web browser. Attackers take full command and can use, change, delete, or upload files as they please. They are used to steal data or infect website visitors. They are often used in waterhole attacks.
Data Collection Tools
Screen scrapers can collect screen display data and display it on another. With this software, attackers can quickly collect everything someone has posted on social media and use that information to break into their accounts by posing as them.
A backdoor is a way to get access to a system or device that circumvents the usual security measures. Developers often leave backdoors in apps or operating systems in case they need to troubleshoot systems later. If attackers manage to locate such a backdoor, they will use it to bypass security and deliver malware. Some attackers might even install a backdoor themselves to deliver a virus.
Service Disruption Tools
Denial of service is a very common type of attack that’s used to prevent users from accessing services, devices or other resources. It can be used to attack networks, servers, or systems. The mechanism is to overload the focus of attack so it’s not possible to use it.
While many of these methods rely on getting access to devices, network security should not be forgotten. Some software tools are designed specifically to target vulnerabilities in networks.
Eavesdropping, also referred to as sniffing or snooping, is a type of attack that tries to steal information that’s being transferred over a network:
- The attacker uses sniffing software on their own device to intercept communications and steal data.
- Unsecured networks, such as public Wi-Fi, are perfect targets since so many devices connect to them.
- Any device – computer, tablet, or smartphone – that is connected to the same network is vulnerable.
Why Are Social Engineering Attacks So Successful?
The basis of social engineering is psychological manipulation. Instead of relying solely on software vulnerabilities, social engineering relies on human error – that the victim will make a mistake and play right into the trap.
With so much information in the digital realm, internet security has become a crucial consideration not only for all businesses but for individuals too.
Since social engineering exploits rely on human error, it’s much harder for businesses to be completely secure from the threat.
Investing in computer security like antivirus software is not enough – one click from a single employee might be enough for attackers to gain access to all your systems.
The best thing businesses can do for their information security is to educate everyone about the latest security threats, the most common vectors of attack, and how to detect possible phishing attempts or infections.
With the right education, you will keep your emails and other sensitive business communications and data secure.
If you want training on how to prevent phishing and protect your email, check out our ANTI PHISHING AND EMAIL SECURITY COURSE HERE! *Currently on sale!
Visit the TowerWatch Academy too for more courses!