SOCIAL ENGINEERING: Understanding the Human Element in Cybersecurity.

Date published: 5th August, 2024.

Publisher: IPRO-MINISTRY, EDUSA

By: Ismaila Jassey, Final Year Biology and Computer Science Student, School of Education, University of The Gambia.

#Junior Cybersecurity Analyst
#Cisco Certified Support Technician Cybersecurity Candidate

Traditional Hacking VS Human Hacking

Reflecting on the olden days, Traditional Hacking has been the order of the day: the act of compromising digital devices and networks through unauthorized access to an account or computer system. However, hacking is not always a malicious act, but it is most commonly associated with illegal activity and data theft by cyber criminals.

But what is traditional hacking in a cyber security context?

Traditional Hacking in cyber security refers to exploiting vulnerabilities in devices like computer systems, smartphones, tablets, networks, etc. to cause damage to or corrupt systems, gather information on users, steal data and documents, or disrupt data-related activity.

Thus, a traditional view of hackers is a lone rogue programmer who is highly skilled in coding and modifying computer software and hardware systems. But this narrow view does not cover the true technical nature of hacking.

Hackers are increasingly growing in sophistication, using stealthy attack methods designed to go completely unnoticed by cybersecurity software and IT teams. They are also highly skilled in creating attack vectors that trick users into opening malicious attachments or links and freely giving up their sensitive personal data.

As a result, modern-day hacking involves far more than just an angry kid in their bedroom. It is a multibillion-dollar industry with extremely sophisticated and successful techniques. Again, let’s brace up to read more into

Social Engineering: an In-Dept Analysis.

What most tech gurus regarded as the Science of Human Hacking – Social Engineering.

Social Engineering is a term that encompasses various techniques used by cybercriminals to manipulate individuals into divulging confidential information. Unlike traditional hacking methods that exploit software vulnerabilities, social engineering targets human psychology. The goal is to deceive individuals into providing sensitive data such as passwords, credit card numbers, or personal identification details. This manipulation often occurs through impersonation of trusted entities, creating a false sense of security for the victim.

Did you ever ask yourself this question? How Does Social Engineering Work? Well, worry no more!

The process of social engineering typically follows several key steps:

Researching the Target:

Attackers gather information about their victims from public sources, including social media profiles and company websites. This research helps them craft convincing narratives that can disarm potential victims.

Making Contact:

Once sufficient information has been gathered, the attacker initiates contact with the target via phone calls, emails, or text messages. They often pose as representatives from legitimate organizations (e.g., tech support or banks) to gain trust.

Executing the Attack:

After establishing credibility, attackers request sensitive information under various pretexts—such as verifying account details or resolving technical issues. Victims may unknowingly comply due to the perceived legitimacy of the request.

Exploiting Acquired Information:

With the obtained data, attackers can access systems, commit identity theft, or engage in further fraudulent activities.

Then, are there any types of Social Engineering Attacks?

Yes, several common types of social engineering attacks include:

Phishing:

This involves sending fraudulent emails that appear to be from reputable sources to trick users into clicking malicious links or providing personal information.

Pretexting:

In this method, an attacker creates a fabricated scenario (pretext) to obtain private information from the target.

Quid Pro Quo:

(Something for Something). Here, attackers offer a service in exchange for sensitive information—often posing as IT personnel offering upgrades or assistance.

Tailgating:

A physical form of social engineering where an unauthorized person follows an authorized individual into a restricted area.

Are you puzzled about some of these types of social engineering attacks?

Well, here are some famous examples of social engineering attacks:

Target Data Breach (2013):

Over 110 million customers were affected when hackers used social engineering tactics on an HVAC vendor with access to Target’s network. The breach resulted in significant financial loss and compromised customer data.

(Yahoo Security Breaches (2013-2014):

Hackers executed spear-phishing campaigns targeting Yahoo employees, leading to massive leaks of user data, including email addresses and passwords.

(CIA Email Hack (2015):

A teenager managed to gain access to CIA Director John Brennan’s email by manipulating Verizon into revealing personal details through social engineering techniques.

Is Social Engineering unpreventable? Of course, there are various ways of preventing Social Engineering Attacks, which can be done by both individuals and organizations.

To mitigate risks associated with social engineering attacks, both organizations and individuals should implement comprehensive training programs for employees focusing on:

✅ Keeping software and firmware regularly updated, particularly security patches. Don’t run your phone rooted, or your network or PC in administrator mode. Even if a social engineering attack gets your user password for your ‘user’ account, it won’t let them reconfigure your system or install software on it.

✅ Recognizing suspicious communications.
Verifying requests for sensitive information through independent channels.
✅ Encouraging skepticism towards unsolicited offers or urgent requests – social engineers are too manipulative.

✅ Utilizing spam filters and antivirus software effectively. Avoid using cracked versions of software.

To sum it up, fostering a culture of security awareness can significantly reduce vulnerability to the various types of social engineering attacks.

Conclusively, Social Engineering attacks represent a significant threat in the realm of cybersecurity, primarily because they exploit human psychology rather than relying solely on technical vulnerabilities. These attacks manipulate individuals into divulging sensitive information or performing actions that compromise security, often leading to severe consequences for both individuals and organizations. Thus, beware of Social Engineering: the Science of Human Hacking. Spread the message to help prevent individuals and organizations from the consequences of Social Engineering.

REFERENCES:

✅ Hadnagy, C. (2018). Social Engineering: The Science of Human Hacking. Wiley.

✅ Krebs, B. (2014). Spam Nation: The Inside Story of Organized Cybercrime – From Global Epidemic to Your Front Door. Sourcebooks.

✅ Mitnick, K., & Simon, W.L. (2002). The Art of Deception: Controlling the Human Element of Security.

Article By: Ismaila Jassey
#Final Year Biology and Computer Science Student, School of Education, University of The Gambia.
#Junior Cybersecurity Analyst
#Cisco Certified Support Technician Cybersecurity Candidate

CONTACT US TODAY

Leave a Comment

Your email address will not be published. Required fields are marked *