5. SOCIAL ENGINEERING FLOW
Attacker sends
weaponized e-mail
Spam Filter
failed
Inbox
Download
invoice
Web Filter
failed
Web browser
Webpage shows
password
Password
protected ZIP
Open ZIP archive
Web Filter
failed
Enter password
Run binary
Negotiate
encryption (C&C)
Binary jumps into
trusted process
Web Filter
failed
Encryption of files
Sender IP, reputation,
content not blocked
Web address not
blocked
User clicks on
malicious link
Automatically
downloaded
User opens
malicious archive
User enters
password
Web address not
blocked
User runs malicious
binary in archive
Communication is
not blocked
Anti-Virus
failed
Binary is unknown
and obfuscated
Explorer.exe
Anti-Virus
failed
Archive is new and
password protected
7. The Precautions that can be made are as follows:
○ Be aware of offers that seem "Too good to be true".
○ Use multifactor authentication.
○ Avoid clicking on attachments from unknown sources.
○ Not giving out personal information to anyone via email, phone, or text messages.
○ Use of spam filter software.
○ Avoid befriending people that you do not know in real life.
○ Teach kids to contact a trusted adult in case they are being bullied over the internet (cyberbullying) or feel
threatened by anything online.
What is social engineering?
It’s where someone will hack the human. Where we will get you, through interacting with you, grant us access or information or do what we ask you to do.
Social engineering is the art of convincing people to reveal confidential information.
Social engineers depend on the fact that people are unaware of the valuable information and are careless about protecting it.
On-site social engineering, people always assume that someone else is taking care of security, walking around knowing where you are, if you look like your meant to be there people generally tend to not question you.
Factors that make companies vulnerable attacks – people often think its just up to IT to enforce security and so lack appropriate security training and often have easy access of information.
It’s where someone will hack the human. Where we will get you, through interacting with you, grant us access or information or do what we ask you to do.
When trying to understand the reasons for this divergence, we must try to understand the relative merits of each main infection vector.
SPAM
Social Engineering
Malicious e-mail attachment:
Executable in archive (e.g. invoice.zip)
Executable in password protected archive
Executable with double extension (e.g. invoice.pdf.exe in invoice.zip)
Microsoft Office document with malicious VBA macro (.doc, .docm, .xls, .pub) dropping .EXE
Windows Script in archive (e.g. invoice.JS) dropping .EXE, .DLL
Malicious link to download, or imitated (fake copy) of trusted website