Advanced social engineering attacks
نویسندگان
چکیده
Social engineering has emerged as a serious threat in virtual communities and is an effective means to attack information systems. The services used by today’s knowledge workers prepare the ground for sophisticated social engineering attacks. The growing trend towards BYOD (bring your own device) policies and the use of online communication and collaboration tools in private and business environments aggravate the problem. In globally acting companies, teams are no longer geographically co-located, but staffed just-in-time. The decrease in personal interaction combined with a plethora of tools used for communication (e-mail, IM, Skype, Dropbox, LinkedIn, Lync, etc.) create new attack vectors for social engineering attacks. Recent attacks on companies such as the New York Times and RSA have shown that targeted spear-phishing attacks are an effective, evolutionary step of social engineering attacks. Combined with zero-day-exploits, they become a dangerous weapon that is often used by advanced persistent threats. This paper provides a taxonomy of well-known social engineering attacks as well as a comprehensive overview of advanced social engineering attacks on the knowledge worker.
منابع مشابه
A Systematic Gap Analysis of Social Engineering Defence Mechanisms Considering Social Psychology
Social engineering is the acquisition of information about computer systems by methods that deeply include non-technical means. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Social engineering is a technique that: (i) does not require any (advanced) technical tools, (ii) can be used by anyone, (iii) is cheap. Tradition...
متن کاملAnalysis of Social Engineering Threats with Attack Graphs
Social engineering is the acquisition of information about computer systems by methods that deeply include non-technical means. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Social engineering is a technique that: (i) does not require any (advanced) technical tools, (ii) can be used by anyone, (iii) is cheap. While som...
متن کاملSocial Engineering in Social Networking sites: How Good becomes evil
Social Engineering (ES) is now considered the great security threat to people and organizations. Ever since the existence of human beings, fraudulent and deceptive people have used social engineering tricks and tactics to trick victims into obeying them. There are a number of social engineering techniques that are used in information technology to compromise security defences and attack people ...
متن کامل(Poster) Sonar Phishing: Pinpointing Highly Vulnerable Victims for Social Engineering Attacks
Targeted social engineering attacks use personal information about an individual to create compelling behavioural hooks which draw the target to interact with a malicious payload or give out valuable information, more successfully than unsophisticated generic attacks [1]. Such attacks can hijack trust by pretending to be friends or trusted authorities [2], or can leverage a user’s personal inte...
متن کاملA Novel Trust Management Model in the Social Internet of Things
The Internet of Things (IoT) and social networking integration, create a new concept named Social Internet of Things (SIoT) according to which the things are able to autonomously establish social relationships with regard to the owners. Things in SIoT operate according to a service-oriented architecture. There may be misbehaving owners and consequently misbehaving devices that can perform harmf...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- J. Inf. Sec. Appl.
دوره 22 شماره
صفحات -
تاریخ انتشار 2015