Introducing 

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Loading…
Transcript

Malicious Social Engineering

First: Some Lingo

Not just online ...

The telephone system is still a very successful platform for malicious social engineering efforts

Ears and Eyeballs... that is, actually watching someone type in, tap in, or speak a password. This is known as "shoulder surfing."

Digging through the trash, "dumpster diving" is an oft overlooked form of social engineering, relying on human nature to de-prioritize our waste.

And when the "specific social problem" is that a malicious agent doesn't have your bank account password ?

... each sending and/or (mostly) receiving nearly 90 emails per day ...

... add in social engineering, and it's like tricking some of the ants into standing still to look up into the barrel...

So What Can We Do?

Again... believe

... and ask questions

... like, right now would be good

Let's Reminisce

Back in the day, Social Engineering techniques caused some fairly unsophisticated code to spread across the world in a firestorm of infamy

Joshua Klingbeil

it.director@wvls.org

- https://nakedsecurity.sophos.com/2015/05/04/memories-of-the-love-bug-15-years-ago-today/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed

In 2000, a Filipino student created an email propagating virus that downloaded a password stealing program... as part of an official study project

Some Other Famous Cases

  • CHRISTMA EXEC
  • Happy99
  • Melissa
  • Slammer
  • Blaster
  • Sasser

This worm was so prolific because it tricked people into thinking they'd see a picture of Anna Kournikova.

If you don't remember them... Look them up

Thank You !!!

The message was concise. The bait was Anna's name. The payload was a simple VBScript that ran when a user tried to view the "picture"

It wreaked havoc on the world wide email server infrastructure

Love Bug Virus

Anna Kournikova Worm

In 2001, a young dutch developer used a virus construction kit to generate what might have been a completely nondescript worm

It was a social engineering tactic which enabled the worm to spread like wild fire

  • Virus -
  • Malware -
  • Attack Vector -
  • Phishing -
  • Social Engineering -

- http://www.keepcalm-o-matic.co.uk/p/keep-calm-and-social-engineering/

Malicious Social Engineering is leveraging everything one knows about people interacting with people, to trick others into divulging sensitive information.

So basically ...

- http://www.simplilearn.com/social-engineering-article

- Wikipedia

- http://www.durofy.com/facebook-graph-search-and-privacy-concerns/

"Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick ..."

- http://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/0470639539

- http://www.slideshare.net/ferumxxl/social-engineering

"the application of sociological principles to specific social problems"

Social Engineering

- Google definition

Phishing

  • Believe that it can happen to you
  • Think before you click
  • Learn the signs of phishing
  • Ask if you're not sure
  • Help others learn

Before you click that link, take some time to think

- Google definition

"the activity of defrauding an online account holder of financial [or other secret] information by posing as a legitimate company"

Wise Up

- http://www.financialfraudaction.org.uk/Retailer-Vishing.asp

- http://money.howstuffworks.com/money-scam-pictures.htm#page=18

- http://www.bcliving.ca/travel/protect-yourself-from-identity-theft

- http://www.av-test.org/en/statistics/malware/

According to Stu Sjouwerman, CEO of KnowBe4, the average window of exposure is 17.5 hours before an antivirus signature that blocks a phishing attack becomes available

Virus

- https://s3.amazonaws.com/knowbe4.cdn/SocialEngineeringRedFlags.pdf

Attack Vector

"an infective agent that typically consists of a nucleic acid molecule in a protein coat, is too small to be seen by light microscopy, and is able to multiply only within the living cells of a host"

- http://securityaffairs.co/wordpress/4241/cyber-crime/botnets-and-cyber-warfare-a-dangerous-combination.html

Virus

"The approach used to assault a computer system or network."

2014 saw 4.5 new malware signatures created every second.

"a segment of self-replicating code planted illegally in a computer program, often to damage or shut down a system or network"

on a computer ...

- Dictionary.com

Malware

- PC Mag Encyclopedia

  • Highly Profitable
  • Well funded
  • On the rise

- http://cs.stanford.edu/people/eroberts/cs201/projects/ethics-of-surveillance/tech_keystrokelogging.html

- Google definition

- http://www.geeks2you.net/blog/5-steps-for-removing-a-trojan-virus/

- http://www.nyc-software.com/index.php/2011/02/21/new-york-network-security/

A term largely unique to the Cyber Security context.

"Malware ... is short for malicious software. It is code or software that is specifically designed to damage, disrupt, steal, or in general inflict some other “bad” or illegitimate action on data, hosts, or networks."

- Cisco

... besides quit the Internet

http://en.wikipedia.org/wiki/Computer_worm

-http://www.internetlivestats.com/

- http://www.cncllc.com/network_security/#.VVuV3_lVhBc

My wife says my analogies are like trying to smell the color tree... they don't make sense

There are now over 3.1 Billion Users to Attack

-http://www.internetlivestats.com/

... which makes delivering malware via email seem kind of like shooting at an ant colony with a fully automatic shotgun, unlimited ammo, and a twisty-tie on the trigger...

- http://goblin182.rssing.com/chan-22742656/all_p12.html

... you're going to hit some

Some Evolution

That's about it

Malware Development Has Become:

Since 2004, the amount of malware out there has quadrupled every 2-3 years

- http://www.av-test.org/en/statistics/malware/

Learn more about creating dynamic, engaging presentations with Prezi