Introducing
Your new presentation assistant.
Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.
Trending searches
Not just online ...
The telephone system is still a very successful platform for malicious social engineering efforts
Ears and Eyeballs... that is, actually watching someone type in, tap in, or speak a password. This is known as "shoulder surfing."
Digging through the trash, "dumpster diving" is an oft overlooked form of social engineering, relying on human nature to de-prioritize our waste.
And when the "specific social problem" is that a malicious agent doesn't have your bank account password ?
... each sending and/or (mostly) receiving nearly 90 emails per day ...
... add in social engineering, and it's like tricking some of the ants into standing still to look up into the barrel...
... and ask questions
... like, right now would be good
Back in the day, Social Engineering techniques caused some fairly unsophisticated code to spread across the world in a firestorm of infamy
Joshua Klingbeil
it.director@wvls.org
- https://nakedsecurity.sophos.com/2015/05/04/memories-of-the-love-bug-15-years-ago-today/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed
In 2000, a Filipino student created an email propagating virus that downloaded a password stealing program... as part of an official study project
Some Other Famous Cases
This worm was so prolific because it tricked people into thinking they'd see a picture of Anna Kournikova.
If you don't remember them... Look them up
Thank You !!!
The message was concise. The bait was Anna's name. The payload was a simple VBScript that ran when a user tried to view the "picture"
It wreaked havoc on the world wide email server infrastructure
In 2001, a young dutch developer used a virus construction kit to generate what might have been a completely nondescript worm
It was a social engineering tactic which enabled the worm to spread like wild fire
- http://www.keepcalm-o-matic.co.uk/p/keep-calm-and-social-engineering/
Malicious Social Engineering is leveraging everything one knows about people interacting with people, to trick others into divulging sensitive information.
So basically ...
- http://www.simplilearn.com/social-engineering-article
- Wikipedia
- http://www.durofy.com/facebook-graph-search-and-privacy-concerns/
"Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick ..."
- http://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/0470639539
- http://www.slideshare.net/ferumxxl/social-engineering
"the application of sociological principles to specific social problems"
Social Engineering
- Google definition
Phishing
Before you click that link, take some time to think
- Google definition
"the activity of defrauding an online account holder of financial [or other secret] information by posing as a legitimate company"
- http://www.financialfraudaction.org.uk/Retailer-Vishing.asp
- http://money.howstuffworks.com/money-scam-pictures.htm#page=18
- http://www.bcliving.ca/travel/protect-yourself-from-identity-theft
- http://www.av-test.org/en/statistics/malware/
According to Stu Sjouwerman, CEO of KnowBe4, the average window of exposure is 17.5 hours before an antivirus signature that blocks a phishing attack becomes available
Virus
- https://s3.amazonaws.com/knowbe4.cdn/SocialEngineeringRedFlags.pdf
Attack Vector
"an infective agent that typically consists of a nucleic acid molecule in a protein coat, is too small to be seen by light microscopy, and is able to multiply only within the living cells of a host"
- http://securityaffairs.co/wordpress/4241/cyber-crime/botnets-and-cyber-warfare-a-dangerous-combination.html
Virus
"The approach used to assault a computer system or network."
2014 saw 4.5 new malware signatures created every second.
"a segment of self-replicating code planted illegally in a computer program, often to damage or shut down a system or network"
on a computer ...
- Dictionary.com
Malware
- PC Mag Encyclopedia
- http://cs.stanford.edu/people/eroberts/cs201/projects/ethics-of-surveillance/tech_keystrokelogging.html
- Google definition
- http://www.geeks2you.net/blog/5-steps-for-removing-a-trojan-virus/
- http://www.nyc-software.com/index.php/2011/02/21/new-york-network-security/
A term largely unique to the Cyber Security context.
"Malware ... is short for malicious software. It is code or software that is specifically designed to damage, disrupt, steal, or in general inflict some other “bad” or illegitimate action on data, hosts, or networks."
- Cisco
... besides quit the Internet
http://en.wikipedia.org/wiki/Computer_worm
-http://www.internetlivestats.com/
- http://www.cncllc.com/network_security/#.VVuV3_lVhBc
My wife says my analogies are like trying to smell the color tree... they don't make sense
There are now over 3.1 Billion Users to Attack
-http://www.internetlivestats.com/
... which makes delivering malware via email seem kind of like shooting at an ant colony with a fully automatic shotgun, unlimited ammo, and a twisty-tie on the trigger...
- http://goblin182.rssing.com/chan-22742656/all_p12.html
... you're going to hit some
That's about it
Malware Development Has Become:
Since 2004, the amount of malware out there has quadrupled every 2-3 years
- http://www.av-test.org/en/statistics/malware/