Case Project 2-3: Social Engineering Attack The opening Today’s Attacks and Defe
ID: 3793176 • Letter: C
Question
Case Project 2-3: Social Engineering Attack
The opening Today’s Attacks and Defenses illustrated how attackers used a
fictitious attractive and intelligent young female to trick males into
compromising security. If you were to create your own social engineering
attack, what would it be? Using your place of employment or school, first
determine exactly what your goal would be in the attack, and then craft a
detailed description of how you would carry out the attack using only social
engineering to achieve your goal. You may want to search the Internet for
examples of previously successful attacks that used social engineering. Why do
you think your attack would be successful? Who would be involved? What
would be the problems in achieving your goal? Why? Write a one-page paper
on your research.
Explanation / Answer
Social Engineering - refers to a psychological manipulation of individuals (here workers of the company) to perform actions that doubtless cause leak of company's proprietary or counsel or otherwise will cause harm to company resources, personnel or company image. Social engineers use varied ways to trick users into revealing counsel, knowledge or each. one among the quite common technique employed by social engineers is to faux to be some other person - IT skilled, member of the management team, co-worker, insurance investigator or maybe member of governmental authorities. The mere incontrovertible fact that the self-addressed party is somebody from the mentioned ought to win over the victim that the person has right to grasp of any confidential or in the other method secure info. the aim of social engineering remains identical as purpose of hacking - unauthorized access gain to counsel, data theft, industrial spying or environment/service disruption
Social engineering is that the art of manipulating folks in order that they surrender counsel. the categories of knowledge these criminals area unit seeking will vary, however once people area unit targeted the criminals area unit typically making an attempt to trick you into giving them your passwords or bank info, or access your laptop to on the Q.T. install malicious software–that can provide them access to your passwords and bank info also as giving them management over your laptop.
Criminals use social engineering techniques as a result of it's typically easier to take advantage of your natural inclination to trust than it's to get ways in which to hack your code. as an example, it's abundant easier to fool somebody into providing you with their secret than it's for you to undertake hacking their secret (unless the secret is basically weak).
Security is all regarding knowing UN agency and what to trust. Knowing once, and once to not, to require an individual at their word; once to trust that the person you're human action with is so the person you think that you're human action with; once to trust that a web site is or isn’t legitimate; once to trust that the person on the phone is or isn’t legitimate; once providing your info is or isn’t an honest plan.
Ask any security skilled and that they can tell you that the weakest link within the security chain is that the human UN agency accepts an individual or situation at face worth. It doesn’t matter what number locks and deadbolts area unit on your doors and windows, or if have guard dogs, alarm systems, floodlights, fences with wire, and armed security personnel; if you trust the person at the gate UN agency says he's the pizza pie delivery guy and you let him in while not initial checking to ascertain if he's legitimate you're utterly exposed to no matter risk he represents.
If a criminal manages to hack or socially engineer one person’s email secret they need access thereto person’s contact list–and as a result of the general public use one secret everyplace, they most likely have access thereto person’s social networking contacts also.
Once the criminal has that email account underneath their management, they send emails to any or all the person’s contacts or leave messages on all their friend’s social pages, and presumably on the pages of the person’s friend’s friends.
Criminals might faux to be responding to your ’request for facilitate’ from a corporation whereas conjointly giving a lot of help. They choose firms that several folks use sort of a code company or bank. If you don’t use the merchandise or service, you'll ignore the e-mail, phone call, or message, however if you are doing happen to use the service, there's an honest likelihood you'll respond as a result of you almost certainly do wish facilitate with a retardant.
For example, even supposing you recognize you didn’t originally raise an issue you almost certainly a retardant along with your computer’s software and you hook on this chance to induce it mounted. For free! the instant you respond you've got bought the crook’s story, given them your trust and opened yourself up for exploitation.
The representative, UN agency is really a criminal, can got to ’authenticate you’, have you ever log into ’their system’ or, have you ever log into your laptop and either provide them remote access to your laptop in order that they will ’fix’ it for you, or tell you the commands therefore you'll be able to fix it yourself with their help–where a number of the commands they tell you to enter can open the simplest way for the criminal to induce back to your laptop later. Some social engineering, is all regarding making distrust, or beginning conflicts; these area unit typically disbursed by folks you recognize and UN agency area unit angry with you, however it's conjointly done by nasty folks simply making an attempt to work mayhem, folks that wish to initial produce distrust in your mind regarding others in order that they will then step in as a hero and gain your trust, or by extortionists UN agency wish to govern info and so threaten you with revelation.
This form of social engineering typically begins by gaining access to AN email account or alternative communication account on AN IM shopper, social network, chat, forum, etc. They accomplish this either by hacking, social engineering, or just estimation extremely weak passwords.The malicious person might then alter sensitive or non-public communications (including pictures and audio) exploitation basic redaction techniques and forwards these to people to form drama, distrust, embarrassment, etc. they'll create it seem like it had been accidentally sent, or appear as if they're property you recognize what's ’really’ occurring.Alternatively, they'll use the altered material to extort cash either from the person they hacked, or from the supposed recipient.
There are actually thousands of variations to social engineering attacks. the sole limit to the quantity of how they'll socially engineer users through this type of exploit is that the criminal’s imagination. And you'll expertise multiple styles of exploits in an exceedingly single attack. Then the criminal is probably going to sell your info to others in order that they can also run their exploits against you, your friends, your friends’ friends, then on as criminals leverage people’s misplaced trust.
I decided to see how many defenses I could win this season and I came across a bug. When I go up a league from defenses, the season attacks won and defenses won disappears then resets to 0 if I immediately attack after and fail. It will go to 1 attack won and 0 defenses won if I win that attack. It fixes itself after I go offline then win another defense and not go up a league but it is still pretty annoying.