Social engineering attacks: An explainer
- Attack library
- Social Engineering
- What is social engineering?
- How is social engineering done?
- Types of social engineering attacks
- How can you protect yourself from social engineering?
- How can Log360, a SIEM, help with social engineering attacks?
What is social engineering?
Social engineering is a form of cyberattack with techniques that manipulate users into making security mistakes or giving away sensitive information. This technique leverages and manipulates human psychology, emotions, and trust to carry out malicious activities.
Social engineering attack vectors can be lethal enough to cause IT compromises, leading to a large scale business disruption with huge financial losses. Some notable social engineering events include Google and Facebook's $100 million email scam in 2019, Microsoft 365's phishing scam in 2021 and Russia's infamous spear phishing attempts on Ukranian government bodies in 2022.
The threat modeling framework, MITRE ATT&CK, provides a broad category of tactics and techniques that are widely employed by adversaries to launch cyberattacks.
Phishing is one attack technique that exploits the natural tendencies of human behavior, relying on human instincts to perform cyber hacking, and belongs to the broader bracket of social engineering tactics.
How is social engineering done?
An organization could be targeted by over 700 social engineering attacks each year. However, finding the weak links in targets might require research to achieve a successful conduct.
Normally, any social engineering attack aims to follow a basic four-phase execution cycle.
Phase 1
The reconnaissance stage
- Identify victims
- Target profiling
- Decide on the type of act
- Planning the attack
Phase 2
Initial access
- Fabricate a narrative
- Engage with the victim
- Obtain necessary data from the victim
Phase 3
Execution of the attack
- Initiate the attack
- Execute the plan
- Obtain data from the organization
- Achieve the target/create an impact
Phase 4
After the impact cycle
- Remove the traces
- Close the incident
- Leave the picture
Types of social engineering attacks
Here are some common types of social engineering attacks:
- Phishing
- Scareware
- Pretexting
- Shoulder surfing
Phishing is a prevalent social engineering attack where users are tricked into giving out sensitive information, such as login credentials, credit card numbers, or other personal data by introducing a sense of fear or urgency. The attacker generally produces a phony email or website that mimics a real one to gain the victim's trust.
An example of an email phishing is given below. Once the user clicks the link below, a malware might be introduced in the system that will work as per the requirement.
Scareware:
Scareware is a type of malicious software designed to intimidate or scare the user into completing specific actions. Often masquerading as legitimate antivirus software, it falsely alerts users to non-existent threats on their computers, such as viruses or malware. These alerts often appear as pop-ups or notifications that scare the victim into believing that their computer is under attack by a virus, spyware, or other type of malware.
Once they perform the intended action, the scareware gets installed in the victim's system, which can cause various issues, including computer slowdown, data theft, or continuous pop-up of deceptive messages and alerts, thereby compromising system security and user privacy.
Pretexting:
In this technique, the attacker impersonates a credible authority with a believable pretext in the organization to trick the victim to provide sensitive information.
It can be carried out over phone, text, or in person where the attacker manipulates the victim by using a credible story for the victim to believe.
Shoulder surfing:
In this type of social engineering act, the attacker simply surfs over the victim's shoulder to gain sensitive information like passwords, date of birth, and an ATM pin.
Shoulder surfing attacks are usually carried out in crowded public spaces where the attackers can easily blend in with the crowd to surf through your system without drawing attention.
How can you protect yourself from social engineering?
Since social engineering attacks leverage basic human qualities, it can be difficult to predict or detect them beforehand. But there are some necessary proactive steps you can take to best avoid these attacks that contribute to almost 95% of all the successful enterprise network attacks.
- 1 Beware of unsolicited emails and mail attachments It's always best practice not to open emails, email attachments, or messages without verifying the credibility of the sender as it is the main source of phishing social engineering attacks.
- 2 Avoid tempting offers and rewards Rewards and gifts can be very enticing and tempting, which is all the more reason we should stay away from them. While some companies might provide legitimate offers, most of these are entirely malicious.
- 3 Be vigilant about sharing sensitive personal or company data Never reply to an email or message with personal information such your account number, password, credit card number, or social security number. Additionally, it's always advised to follow a company's policy while sharing any company data.
- 4 Always follow password hygiene tips Strong passwords should be created without using any personal information in it. Enabling MFA, using a password manager and changing the password regularly are some of the other best practices to secure our passwords.
- 5 Install security software and ensure it is updated regularly. Security software like antimalware and firewalls are imperative deployments in your systems. However, they would still be vulnerable to insider threats that could potentially compromise sensitive customer data or intellectual property. Traditional security measures focus on external threats, but they lack the visibility and context to detect effectively and respond to internal risks.
How can Log360, a SIEM, help with social engineering attacks?
- User Entity Behavior Analysis (UEBA): Log360's UEBA module uses ML to analyze user behavior patterns and identify anomalies. This can flag activities like sudden changes in access patterns or attempts to access unusual resources, which could be potential IOCs of a socially engineered attack.
- Threat intelligence and correlation
Log360 is integrated with open source threat intelligence feeds like STIX/TAXI, providing context about known phishing domains, malicious IP addresses, and stolen credentials. It can also correlate this information with user activity to detect suspicious attempts, if the attacker uses novel social engineering techniques.
- Alerting and notification Log360 can send real-time alerts and notifications for suspicious activities, enabling you to respond quickly to potential attacks. You can also set up custom alerts based on specific criteria to focus on social engineering tactics.
