SlideShare a Scribd company logo

Social Engineering | #ARMSec2015

Hovhannes Aghajanyan
Hovhannes Aghajanyan

Social Engineering as the Art of "Human OS" hacking Main points of the presentation (1) Overall introduction on social engineering (2) Case studies (3) Defending against Social Engineering. for: http://armsec.org/

Internet
1 of 22
Social Engineering Art of "Human OS" hacking Hovhannes Aghajanyan hovhannesagh
Topics covered  What is Social Engineering?  Techniques and Case studies of Social Engineering  Defending against Social Engineering
Objectives  Understand the principles of social engineering  Define the goals of social engineering  Recognize the signs of social engineering  Increase awareness conserving social engineering  Identify ways to protect yourself from social engineering 3
What is Social Engineering At its core it is manipulating a person into knowingly or unknowingly giving up information; essentially 'hacking' into a person to steal valuable information.  Psychological manipulation  Trickery or Deception for the purpose of information gathering. One of the most effective routes to stealing confidential data from organizations 85% of office workers were duped by engineering 4
What is Social Engineering The purpose of social engineering is secretly install spyware, other malicious software or to trick persons into handing over passwords and/or other sensitive financial or personal information 5
48% of enterprises have been victims of social engineering attacks, experiencing 25% or more such attacks in the past two years at a average cost of over $ 18,000 per incident Source: Check Point (http://www.net-security.org/secworld.php?id=11665) 6
 Phishing emails were ranked the most common source of social engineering threats (47%), followed by social networking sites that can expose personal and professional information (39%) and insecure mobile devices (12%).  New employees are at high risk to social engineering risks, followed by contractors (44%), executive assistants (38%), human resources (33%), business leaders (32%) and IT personnel (23%). Source: Check Point (http://www.net-security.org/secworld.php?id=11665) 7
Who are Social Engineers ?  Lone hackers and or organized cybercriminals  Script kiddies o Unskilled hackers who use simple techniques.  Hacktivists o Adding the online activity of hacking to political activism gives us hacktivism.  Nation-state hackers: o These actors pose the highest, consistent cyberthreat to state and territorial governments, and an unknown level of risk to local and tribal governments.  Media, Commercial Organizations, Private investigators
What motivates social engineers?  Obtaining personal information.  Gaining unauthorized access.  Circumventing established procedures.  Because they can.
Kevin Mitnick Famous Social Engineer Hacker • Went to prison for hacking • Became computer security consultant "The weakest link in the security chain is the human element."
Social Engineering can take on many forms. It can be malicious and it can be friendly.
Phases in a Social Engineering Attack • Research on a target o Websites, Employees, Search Engine, News ..etc. • Select a victim o Identify the frustrated person. • Develop a Relationship o Develop Relationship with the selected person. • Exploit the Relationship o Manipulate, Collect Sensitive information, financial information, and.
Why Social Engineering is effective and very dangerous?  Security Polices are strong, but as their, and humans factor is the weakest link.  It is difficult to detect social engineering attempts.  There is no method to ensure complete security from social engineering attacks.  There is no specific software or hardware for defending against a social engineering attack.
Types of Social Engineering • Quid Pro Quo o Something for something • Phishing o Fraudulently obtaining private information o Send out bait to fool victims into giving away their information • Baiting o Real world trojan horse • Pretexting o Invented Scenario • Diversion Theft, Tailgating o delivery is requested elsewhere
Human-based Social Engineering • Posing as a legitimate end user o Give identity and ask for sensitive-information. Example “Hi This is Hovhannes, From Marketing Department, I have forgotten my password, Can I get it ?“ • Posing as an Important user o Posing as a VIP of a Target company, valuable customer, etc. Example " Hi! This is Lilit, CEO Secretary. I'm working on an urgent project and lost my system password, Can you help me out? “ • Posing as Technical Support o Call as technical support staff and request IDs and passwords. Example "Sir, this is Gurgen, Technical Support, our company, last night we had a system crash, and we are checking for the lost data, Can you give me your ID and password? "
Computer-based Social Engineering  Pop-Ups trick users into clicking a hyperlink that redirects them to fake web pages asking for personal information, or downloads malicious programs such Key-loggers, Trojans, or Spyware.  An illegitimate email falsely claiming to be from legitimate company attempts to acquire the user’s personal or account information's.
Mobile-based social engineering  Tracy Received SMS, notifications  Tracy calls, Recordings, IVR
CASE STUDIES RSA SecurID Breach - $66 million  "The attacker in this case sent two different phishing emails over a two-day period. The email subject line read '2011 Recruitment Plan.'  "The email was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached excel file. It was a spreadsheet titled '2011 Recruitment plan.xls.'  "The spreadsheet contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability (CVE-2011-0609)."
CASE STUDIES ABN Amro bank- $27.9 million  Posing as a successful businessman, the thief visited the bank frequently, befriending staff and gradually winning their confidence.  Use charm and brought them chocolates,  Got the original of keys to make copies and got information on where the diamonds were.
CASE STUDIES CIA Director John Brennan - email  Call Verizon  Take Brennan’s account number, his four-digit PIN, the backup mobile number on the account, Brennan’s AOL email address and the last four digits on his bank card.  Call AOL
Ways to Prevent Social Engineering  For Individuals o Do not provide personal information o Always be suspicious, Read mails and don’t click o Take ownership for corporate security o Password management/Two factor authentication o Understand what information you are putting on the Web/Social networks  For Companies o 3rd Party tests o Policies o Trainings/User Awareness o Email/Web fliting and Strong authentication o Customer notification 34% of businesses do not have any employee training or security policies.
THANKS AND PROTECT YOURSELF ! Hovhannes Aghajanyan hovhannesagh

Recommended

Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 

Recommended

Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Cyber Agency
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
n|u - The Open Security Community
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Phishing
PhishingPhishing
Phishing
HHSome
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
Pratum
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
William Gregorian
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
VipinYadav257
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
primeteacher32
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Ahmed Musaad
 

More Related Content

What's hot

Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Cyber Agency
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
n|u - The Open Security Community
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Phishing
PhishingPhishing
Phishing
HHSome
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
Pratum
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
William Gregorian
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
VipinYadav257
 

What's hot (20)

Social engineering
Social engineeringSocial engineering
Social engineering
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
Phishing
PhishingPhishing
Phishing
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Viewers also liked

Social Engineering
Social EngineeringSocial Engineering
Social Engineering
primeteacher32
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Ahmed Musaad
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering Risks
Craig Clark ITIL, CIS LI,EU GDPR P
 
Social engineering-Sandy Suhling
Social engineering-Sandy SuhlingSocial engineering-Sandy Suhling
Social engineering-Sandy Suhling
suhlingse
 
Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacks
masoud khademi
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
Vi Tính Hoàng Nam
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
Sushil Kumar
 
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking people
Tudor Damian
 
Phishing & Pharming
Phishing & PharmingPhishing & Pharming
Phishing & Pharming
Devendra Yadav
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 

Viewers also liked (12)

Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering Risks
 
Social engineering-Sandy Suhling
Social engineering-Sandy SuhlingSocial engineering-Sandy Suhling
Social engineering-Sandy Suhling
 
Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacks
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking people
 
Phishing & Pharming
Phishing & PharmingPhishing & Pharming
Phishing & Pharming
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
 

Similar to Social Engineering | #ARMSec2015

Social Engineering.pdf
Social Engineering.pdfSocial Engineering.pdf
Social Engineering.pdf
MeshalALshammari12
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"
abercius24
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
Lokender Yadav
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
Tzar Umang
 
What is social engineering & why it is important
What is social engineering & why it is importantWhat is social engineering & why it is important
What is social engineering & why it is important
Vikram Khanna
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 
Data security concepts chapter 2
Data security concepts chapter 2Data security concepts chapter 2
Data security concepts chapter 2
Nickkisha Farrell
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
Lourdes Paloma Gimenez
 
- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf
Ramya Nellutla
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptx
prosunghosh7
 
Getting users to care about security
Getting users to care about securityGetting users to care about security
Getting users to care about securityAlison Gianotto
 
No plagiarism very importantNeed responses to my teamates discus.docx
No plagiarism very importantNeed responses to my teamates discus.docxNo plagiarism very importantNeed responses to my teamates discus.docx
No plagiarism very importantNeed responses to my teamates discus.docx
hallettfaustina
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
Jamie Proctor-Brassard
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Goutham Shetty
 
Reconnaissance and Social Engineering
Reconnaissance and Social EngineeringReconnaissance and Social Engineering
Reconnaissance and Social Engineering
Varunjeet Singh Rekhi
 
Insider threats
Insider threatsInsider threats
Insider threats
izoologic
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
Shawon Raffi
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceMehrdad Jingoism
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker SideCybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker Side
Steve Poole
 

Similar to Social Engineering | #ARMSec2015 (20)

Social Engineering.pdf
Social Engineering.pdfSocial Engineering.pdf
Social Engineering.pdf
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
What is social engineering & why it is important
What is social engineering & why it is importantWhat is social engineering & why it is important
What is social engineering & why it is important
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
Data security concepts chapter 2
Data security concepts chapter 2Data security concepts chapter 2
Data security concepts chapter 2
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
 
- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptx
 
Getting users to care about security
Getting users to care about securityGetting users to care about security
Getting users to care about security
 
No plagiarism very importantNeed responses to my teamates discus.docx
No plagiarism very importantNeed responses to my teamates discus.docxNo plagiarism very importantNeed responses to my teamates discus.docx
No plagiarism very importantNeed responses to my teamates discus.docx
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Reconnaissance and Social Engineering
Reconnaissance and Social EngineeringReconnaissance and Social Engineering
Reconnaissance and Social Engineering
 
Insider threats
Insider threatsInsider threats
Insider threats
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker SideCybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker Side
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 

Recently uploaded

一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
GTProductions1
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
VivekSinghShekhawat2
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 

Recently uploaded (20)

一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 

Social Engineering | #ARMSec2015

  • 1. Social Engineering Art of "Human OS" hacking Hovhannes Aghajanyan hovhannesagh
  • 2. Topics covered  What is Social Engineering?  Techniques and Case studies of Social Engineering  Defending against Social Engineering
  • 3. Objectives  Understand the principles of social engineering  Define the goals of social engineering  Recognize the signs of social engineering  Increase awareness conserving social engineering  Identify ways to protect yourself from social engineering 3
  • 4. What is Social Engineering At its core it is manipulating a person into knowingly or unknowingly giving up information; essentially 'hacking' into a person to steal valuable information.  Psychological manipulation  Trickery or Deception for the purpose of information gathering. One of the most effective routes to stealing confidential data from organizations 85% of office workers were duped by engineering 4
  • 5. What is Social Engineering The purpose of social engineering is secretly install spyware, other malicious software or to trick persons into handing over passwords and/or other sensitive financial or personal information 5
  • 6. 48% of enterprises have been victims of social engineering attacks, experiencing 25% or more such attacks in the past two years at a average cost of over $ 18,000 per incident Source: Check Point (http://www.net-security.org/secworld.php?id=11665) 6
  • 7.  Phishing emails were ranked the most common source of social engineering threats (47%), followed by social networking sites that can expose personal and professional information (39%) and insecure mobile devices (12%).  New employees are at high risk to social engineering risks, followed by contractors (44%), executive assistants (38%), human resources (33%), business leaders (32%) and IT personnel (23%). Source: Check Point (http://www.net-security.org/secworld.php?id=11665) 7
  • 8. Who are Social Engineers ?  Lone hackers and or organized cybercriminals  Script kiddies o Unskilled hackers who use simple techniques.  Hacktivists o Adding the online activity of hacking to political activism gives us hacktivism.  Nation-state hackers: o These actors pose the highest, consistent cyberthreat to state and territorial governments, and an unknown level of risk to local and tribal governments.  Media, Commercial Organizations, Private investigators
  • 9. What motivates social engineers?  Obtaining personal information.  Gaining unauthorized access.  Circumventing established procedures.  Because they can.
  • 10. Kevin Mitnick Famous Social Engineer Hacker • Went to prison for hacking • Became computer security consultant "The weakest link in the security chain is the human element."
  • 11. Social Engineering can take on many forms. It can be malicious and it can be friendly.
  • 12. Phases in a Social Engineering Attack • Research on a target o Websites, Employees, Search Engine, News ..etc. • Select a victim o Identify the frustrated person. • Develop a Relationship o Develop Relationship with the selected person. • Exploit the Relationship o Manipulate, Collect Sensitive information, financial information, and.
  • 13. Why Social Engineering is effective and very dangerous?  Security Polices are strong, but as their, and humans factor is the weakest link.  It is difficult to detect social engineering attempts.  There is no method to ensure complete security from social engineering attacks.  There is no specific software or hardware for defending against a social engineering attack.
  • 14. Types of Social Engineering • Quid Pro Quo o Something for something • Phishing o Fraudulently obtaining private information o Send out bait to fool victims into giving away their information • Baiting o Real world trojan horse • Pretexting o Invented Scenario • Diversion Theft, Tailgating o delivery is requested elsewhere
  • 15. Human-based Social Engineering • Posing as a legitimate end user o Give identity and ask for sensitive-information. Example “Hi This is Hovhannes, From Marketing Department, I have forgotten my password, Can I get it ?“ • Posing as an Important user o Posing as a VIP of a Target company, valuable customer, etc. Example " Hi! This is Lilit, CEO Secretary. I'm working on an urgent project and lost my system password, Can you help me out? “ • Posing as Technical Support o Call as technical support staff and request IDs and passwords. Example "Sir, this is Gurgen, Technical Support, our company, last night we had a system crash, and we are checking for the lost data, Can you give me your ID and password? "
  • 16. Computer-based Social Engineering  Pop-Ups trick users into clicking a hyperlink that redirects them to fake web pages asking for personal information, or downloads malicious programs such Key-loggers, Trojans, or Spyware.  An illegitimate email falsely claiming to be from legitimate company attempts to acquire the user’s personal or account information's.
  • 17. Mobile-based social engineering  Tracy Received SMS, notifications  Tracy calls, Recordings, IVR
  • 18. CASE STUDIES RSA SecurID Breach - $66 million  "The attacker in this case sent two different phishing emails over a two-day period. The email subject line read '2011 Recruitment Plan.'  "The email was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached excel file. It was a spreadsheet titled '2011 Recruitment plan.xls.'  "The spreadsheet contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability (CVE-2011-0609)."
  • 19. CASE STUDIES ABN Amro bank- $27.9 million  Posing as a successful businessman, the thief visited the bank frequently, befriending staff and gradually winning their confidence.  Use charm and brought them chocolates,  Got the original of keys to make copies and got information on where the diamonds were.
  • 20. CASE STUDIES CIA Director John Brennan - email  Call Verizon  Take Brennan’s account number, his four-digit PIN, the backup mobile number on the account, Brennan’s AOL email address and the last four digits on his bank card.  Call AOL
  • 21. Ways to Prevent Social Engineering  For Individuals o Do not provide personal information o Always be suspicious, Read mails and don’t click o Take ownership for corporate security o Password management/Two factor authentication o Understand what information you are putting on the Web/Social networks  For Companies o 3rd Party tests o Policies o Trainings/User Awareness o Email/Web fliting and Strong authentication o Customer notification 34% of businesses do not have any employee training or security policies.
  • 22. THANKS AND PROTECT YOURSELF ! Hovhannes Aghajanyan hovhannesagh