by Kalpana Sudharsan, Senior Director – Quality, Zuci Systems
Social engineering attacks are on the rise and they are becoming more sophisticated. With the constantly evolving IT landscape, organizations need to be aware of the latest trends in order to adequately protect their IT infrastructure.
One of the latest trends is the use of AI and machine learning to automate attacks. This is a major concern for organizations because it allows attackers to bypass traditional security measures. Another trend is the use of phishing attacks to target specific individuals within an organization. Attackers are using more personalized messages and threats in order to trick people into giving up sensitive information.
Organizations need to be aware of these trends and implement proper cybersecurity measures to protect their data and systems. Unlike other cyberattacks that are tech-based penetration, social engineering mainly relies on psychological manipulation to get victims to commit security mistakes. For example, an attacker can befriend one of the employees and trick them into clicking on fishy links or resetting their password. This is still a super traditional way of social engineering. Over time, these attacks are getting smarter and trickier to anticipate.
According to Purplesec’s 2021 report, 98% of cyberattacks rely on social engineering. These attacks can be in all forms, including SMS, emails, direct messages on social media, and even phone calls. In today’s world, social engineering attacks have taken a whole new avatar, or avatars if I may. Here are a few of them:
Permitted phishing or consented phishing is on the rise. As organisations are racing towards cloud adoption, hackers are coming up with newer ideas to penetrate their security systems to enter the cloud and steal sensitive information. One of their ways is to plan fishy mobile apps and seek permissions from users that give them legal access to cloud services and applications. However, these forms can be stopped in advance by strengthening the cloud system and ensuring endpoint security.
Business Email Compromise (BEC) on the rise
This is a highly damaging attack that has even grappled tech giants like Facebook and Google. Here, cyber attackers impersonate a trusted business contact. They could disguise themselves as vendors, employees, or third-party officials and target organisations to pay
invoices, transfer funds and even give access to data or intellectual property. A Gartner study stated that BEC attacks will continue to double every year through 2023 at a staggering total cost of USD 5 billion to its victims.
While the advent of social media grew its user base with game-changing features, we also saw social media influencers using deepfake videos as a form of entertainment. However, this AI-driven feature could turn extremely harmful as cybercriminals leverage these features to threaten victims with their fake videos and destroy their credibility or compel them to commit fraudulent acts that can benefit the attacker. To give context, attackers can use Deepfakes as an imposter in digital identity verification. There have been instances where hackers used Deepfakes to steal cryptocurrencies since the system requires several digital photographs of currency owners in their account recovery process.
Targeted advertising has become an everyday part of life where brands are using customer data to find potential customers and directly reach out to them with lucrative offers or deals. Data of credentials are dumped on dark
web in enormous numbers and can be leveraged to personalise attacks on individuals. The credential could involve health records, government records, criminal records, and also educational records among others. This kind of data dump is a goldmine for criminal-minded attackers to design campaigns that specifically target individuals and appear to be authentic and realistic. Such planned attacks could prove highly detrimental resulting in financial, career, or even credibility loss.
The fact that such extreme attacks are on the rise, does not mean that organisations cannot fight them. With rising tech adoption, it is crucial for companies to realise the threats that such agile and ease-giving technologies possess. Companies have to keep up with evolving attacks to survive them and make it out alive. The adage ‘prevention better than cure’ can never be truer for companies that seek to leverage the best of the technologies while also laying the grounds for an impregnable security system.