Social Engineering Attacks

Social Engineering is at the core of an increasing number of cyber-attacks in 2020. Remote working has contributed significantly to the vulnerability of staff and cyber-criminals are happy to play the increased odds of catching an unsuspecting member of staff off-guard. The aim of the hacker here is to manipulate a computer user into divulging valuable information or into carrying out a seemingly normal task that eventually financially benefits the hacker. Can we use artificial intelligence and machine learning to examine our every-day working habits and identify anything that appears suspicious to beat the hackers at their own game?

Social Engineering Attacks

Social engineering (or people hacking) is a form of cyber-attack which relies on the understanding of human communication habits, working relationships, staff interaction and ultimately trust. Cyber criminals will familiarise themselves with their target and their digital habits then contact them posing as a colleague or other known individual.  Once communication is established they will trick their targets into breaking standard security practices by duping them into divulging sensitive information, other common approaches are to ask the user to “confirm” access credentials or even request they carry out a specific task such as a money transfer.

Social Engineering is now recognised as probably the greatest security threat facing organisations where IT services and critical data play a key role in every-day operations. As businesses and organisations continue to strengthen their defences against technology issues and vulnerabilities attackers have realised that it is often easier to trick an employee rather than find a vulnerability in an organisation’s network or software

Security Incident at Twitter Inc.

The recent and very high-profile hack at Twitter proved that no organisation or person is immune from cyber-crime. The compromised accounts belonged to some of the most high-profile people on the planet and the message within the seemingly genuine twitter posts was entirely believable for high net worth individuals.

The perpetrators (3 young men aged between 17 and 22 years old) had targeted twitter employees and gained their credentials via a phishing attack. Once primary access was obtained the hackers gained enough information to credibly communicate with additional twitter staff, these employees were then asked them to provide access details to twitters internal administration systems which ultimately led to the  posting of 45 tweets from the high profile twitter accounts.

Technology vulnerabilities and inadequacies aside, the key to the attack was the “social engineering” element where twitter employees were sufficiently convinced they were genuinely communicating with their own colleagues when they divulged access to the twitter administration tools.

Working Relationships & Trust

Social Engineering is all about trust, if a hacker has already gained access to your systems they will spend days or sometimes weeks researching your communication and interactions with managers, colleagues, suppliers and customers in order to understand how you normally work and who you trust. In simple terms; attackers rely on our natural inclination to trust and our desire to perform our duties correctly and efficiently. In our normal daily activities we often take a person we work with at their word, exploiting this very basic human behaviour is so much easier for the hackers than trying to hack a system to gain access to a password.

Artificial Intelligence Real Time Protection

The fairly obvious problem for IT security teams is that many of the in-place threat detection technologies cannot keep up with the hackers tendency to shift tactics quickly, the move to cloud/remote working combined with a change in hacking techniques means many organisations need to re-evaluate their security measures with consideration to their new attack surface and emerging threats.

There are some next generation security solutions that address these more complex forms of hacking that involve social engineering. In much the same way that a hacker will examine email communication habits and their content (including the workplace relationships they often illustrate) to identify a socially engineered exploit method, we can use artificial intelligence to quickly discover and build a virtual map of communication patterns and use this data analytically to spot anomalies in “normal” user behaviour and even identify context that appears to be outside of regular parameters. This can be done constantly and at machine speed to block any socially engineered attacks in real time. This use of next generation AI technology is proving to be far more successful in intercepting this type of user exploit than traditional policy-based methods within email and DLP security solutions.

As remote working intensifies the use of our communication systems, businesses and their staff need increased protection from advanced technologies to maintain adequate levels of information and cyber security. In a dispersed work environment, cyber criminals will seek to use our behavioural qualities against us in the pursuit of data exploits and financial gain, it seems appropriate therefore to use the same behavioural data and metadata to combat their criminal efforts.

Blog written by Howard Johnson, Cyber Practice Lead – https://www.linkedin.com/in/johnsonhoward/

Further reading about Social Engineering Attacks:

Twitter Hack; https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html

Social Engineering Explained; https://www.csoonline.com/article/2124681/what-is-social-engineering.html

NCSC Weekly Threat Report 7/08/2020; https://www.ncsc.gov.uk/report/weekly-threat-report-7th-august-2020

NG IT Cybersecurity page.