SlideShare a Scribd company logo

Social Engineering, or hacking people

Tudor Damian
Tudor Damian

DefCamp #5, Bucharest, November 29th Just as a chain is as weak as its weakest link, computer systems are as vulnerable as their weakest component – and that’s rarely the technology itself, it’s more often the people using it. This is precisely why it’s usually easier to exploit people’s natural inclination to trust than it is to discover ways to hack into computer systems. As the art of manipulating people into them giving up confidential information, Social Engineering has been a hot topic for many years. This session will discuss some of the most common Social Engineering techniques and countermeasures.

Technology
1 of 28
Download to read offline
Social Engineering...OR «HACKING PEOPLE» Tudor DamianCEH, IT solutions specialistwww.tudy.telDefCamp #5 -Bucharest, November 28th, 2014
https://www.youtube.com/watch?v=_G3NT91AWUE
87% of small business and 93% of larger organizations experienced a cyber security breach in the last year Source: UK Government, Department for Business, Innovation and Skills (BIS) http://bit.ly/tudydefcamp
Most malicious attacks come from within an organizationDid you see this: http://bit.ly/tudydefcamp ?
Timeline of discovery for cyber espionage attacks worldwide (2013) Hours, 9% Days, 8% Weeks, 16% Months, 62% Years, 5% Hours Days Weeks Months Years Source: Verizonhttp://bit.ly/tudydefcamp
Cyber crime attacks experienced by US companies (June 2014) VIRUSES, WORMS, TROJANSMALWAREBOTNETSWEB-BASED ATTACKSMALICIOUS CODEPHISHING AND SOCIAL ENGINEERINGMALICIOUS INSIDERSSTOLEN SEVICESDENIAL OF SERVICE100% 97% 76% 61% 46% 44% 41% 37% 34% Source: Ponemon Institute; Hewlett-Packard (HP Enterprise Security) Go to http://bit.ly/tudydefcamp now
So, what is Social Engineering? http://bit.ly/tudydefcamp
OSI Model –anything missing? 7 –Application layer 6 –Presentation layer 5 –Session layer 4 –Transport layer 3 –Network layer 2 –Link layer 1 –Physical layer Go to http://bit.ly/tudydefcamp now, ...please?
OSI Model –revised  8 –Human layer 7 –Application layer 6 –Presentation layer 5 –Session layer 4 –Transport layer 3 –Network layer 2 –Link layer 1 –Physical layer http://bit.ly/tudydefcamp
Social Engineering, or “Hacking People” •The science of making people do what you want •Attacks the most vulnerable layer in the OSI model  Really now, did you check out http://bit.ly/tudydefcamp ?
Why are people vulnerable? •False Assumptions •If X is true, then Y is true; Y is true, therefore X must be true •Logical Fallacies •Incorrect arguments in logic and rhetoric, resulting in a lack of validity •Cognitive Biases •Patterns of deviation in judgment, whereby inferences about other people and situations may be drawn in an illogical fashion •Heuristics & Mental Shortcuts •Used to speed up the process of finding a satisfactory solution via mental shortcuts •e.g. using a rule of thumb, an educated guess, an intuitive judgment, stereotyping, profiling, common sense, etc. •Eases the cognitive load of making a decision http://bit.ly/tudydefcamp
Behaviors vulnerable to attacks •Human nature of trust is the basis of most SE attacks •Ignorance about SE and its effects •SE attackers might threatenwith losses or consequences in case of non-compliance with their request •SE attackers lure the targets to divulge information by promising something for nothing •Targets are asked for help and they comply out of a sense of moral obligation Can't believe you haven't noticed this yet: http://bit.ly/tudydefcamp
Technology doesn’t fix ignorance http://bit.ly/tudydefcamp
Types of Social Engineering • Human-based Social Engineering • Gathers sensitive information by interaction • Attacks of this category exploit trust, fear and the helping nature of humans • Computer-based or mobile-based Social Engineering • SE carried out with the help of computers and/or mobile apps Go. There. Now. http://bit.ly/tudydefcamp
Human-based Social Engineering •Posing as a legitimateend user •Give identity and ask for sensitive information •Posing as an importantuser •Posing as a VIP of a target company, valuable customer, etc. •Posing as technicalsupport •Call as technical support staff and request credentials to retrieve data •Authoritysupport •Eavesdropping •Shoulder surfing •Dumpsterdiving •Tailgating& Piggybacking •Reverse SE •Marketing •Sabotage •Tech Support http://bit.ly/tudydefcamp
Computer-based Social Engineering • Spam Email • Hoax/Chain Letters • Instant Chat Messenger • Pop-up Windows • Phishing & Spear Phishing • Publishing Malicious Apps • Repackaging Legitimate Apps • Fake Security Applications Seriously now. http://bit.ly/tudydefcamp
Common Social Engineering attacks •Email from a friend •May contain links/attachments with malicious software embedded •Messages may create a compelling story or pretext •Phishingattempts •Email, IM, comment, text message appearing to come from a legitimate, popular company, bank, school, institution •These messages usually have a scenario or story •Explain there is a problem, notify you that you’re a “winner”, ask for help •Baitingscenarios •Persuasion •Impersonation •Response to a question you never had http://bit.ly/tudydefcamp
Why are companies vulnerable to SE? •Insufficientsecurity training •Easy Access to information •Several Organizational Units •Lackof security policies •SE attacks detection is very difficult •There’s no method to ensure complete security against any form of SE attacks •There’s no specific software or hardware for defending against SE attacks Such wow, much link: http://bit.ly/tudydefcamp
SE attack against an organization -Phases •Research on target company •Dumpster diving, websites, employees, tour company, etc. •Select victim •Identify the frustrated/gullible employees of the target company •Develop relationship •Develop relationships with the selected employees •Exploit the relationship •Collect sensitive account information, financial information and current technologies http://bit.ly/tudydefcamp
Potential impact on the organization •Economiclosses •Loss of privacy •Damage of goodwill •Temporary or permanent closure •Lawsuitsand arbitrations •etc. You've got a smartphone, right? http://bit.ly/tudydefcamp
Common targets of SE attacks •Receptionistsand Help Desk personnel •Vendorsof the target organization •Usersand clients •Low-profileemployees and staff •Office workers •Technical Support Executives •System Administrators http://bit.ly/tudydefcamp
Insider attacks •Spying •If a competitor wants to damage your organization, steal critical secrets or put you out of business, they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they will be in the organization •Corporate Espionage •Information theft & sabotage •Revenge •It takes only one disgruntled person to take revenge and your company may be compromised •Insider Attack •Most attacks occur “behind the firewall” •An inside attack is easy to launch •Prevention is difficult, thus the attack can easily succeed •Financial gain is a potential reason …or a laptop? You can pull out your laptop and go to http://bit.ly/tudydefcamp
Protecting yourself from SE attacks •Slowdown •Research the facts •Delete any requests for financialinformation or passwords •Rejectrequests for help or offers of help •Lieto security questions and remember your lies •Beware of any downloads •Secure your devices •Follow security policies •Don’t let a link controlwhere you land http://bit.ly/tudydefcamp
http://bit.ly/tudydefcampTudor DamianCEH, IT solutions specialistwww.tudy.tel

Recommended

Securing the Virtual Branch
Securing the Virtual BranchSecuring the Virtual Branch
Securing the Virtual Branch
Jay McLaughlin
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
Praetorian
 
Securing Your Perimeter: Preventing Loss, Theft and Misappropriation of Your ...
Securing Your Perimeter: Preventing Loss, Theft and Misappropriation of Your ...Securing Your Perimeter: Preventing Loss, Theft and Misappropriation of Your ...
Securing Your Perimeter: Preventing Loss, Theft and Misappropriation of Your ...IntelCollab.com
 
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightKeeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
CBIZ, Inc.
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 

Recommended

Securing the Virtual Branch
Securing the Virtual BranchSecuring the Virtual Branch
Securing the Virtual Branch
Jay McLaughlin
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
Praetorian
 
Securing Your Perimeter: Preventing Loss, Theft and Misappropriation of Your ...
Securing Your Perimeter: Preventing Loss, Theft and Misappropriation of Your ...Securing Your Perimeter: Preventing Loss, Theft and Misappropriation of Your ...
Securing Your Perimeter: Preventing Loss, Theft and Misappropriation of Your ...IntelCollab.com
 
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightKeeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
CBIZ, Inc.
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Cyber Agency
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
Sushil Kumar
 
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Social engineering and Phishing
Social engineering and PhishingSocial engineering and Phishing
Social engineering and Phishingthecorrosiveone
 
Geovon TECH621 Presentation
Geovon TECH621 PresentationGeovon TECH621 Presentation
Geovon TECH621 PresentationGeovon
 
Social Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark ArtsSocial Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark Arts
n|u - The Open Security Community
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
Jahangirnagar University
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing Awareness
Nicholas Davis
 
Cyber war
Cyber warCyber war
Cyber warGuro/ Pharmacy muse/ isang mamayan ng PIlipinas/ Social Scientist
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Recent Trends in Cyber Security
Recent Trends in Cyber SecurityRecent Trends in Cyber Security
Recent Trends in Cyber Security
Ayoma Wijethunga
 
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Aurum Radiance
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering Risks
Craig Clark ITIL, CIS LI,EU GDPR P
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
Peter Wood
 
B-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseB-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive Defense
Stephan Chenette
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Phishing & Pharming
Phishing & PharmingPhishing & Pharming
Phishing & Pharming
Devendra Yadav
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 

More Related Content

Viewers also liked

Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Cyber Agency
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
Sushil Kumar
 
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Social engineering and Phishing
Social engineering and PhishingSocial engineering and Phishing
Social engineering and Phishingthecorrosiveone
 
Geovon TECH621 Presentation
Geovon TECH621 PresentationGeovon TECH621 Presentation
Geovon TECH621 PresentationGeovon
 
Social Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark ArtsSocial Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark Arts
n|u - The Open Security Community
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
Jahangirnagar University
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing Awareness
Nicholas Davis
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Recent Trends in Cyber Security
Recent Trends in Cyber SecurityRecent Trends in Cyber Security
Recent Trends in Cyber Security
Ayoma Wijethunga
 
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Aurum Radiance
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering Risks
Craig Clark ITIL, CIS LI,EU GDPR P
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
Peter Wood
 
B-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseB-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive Defense
Stephan Chenette
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Phishing & Pharming
Phishing & PharmingPhishing & Pharming
Phishing & Pharming
Devendra Yadav
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 

Viewers also liked (20)

Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
Social engineering and Phishing
Social engineering and PhishingSocial engineering and Phishing
Social engineering and Phishing
 
Geovon TECH621 Presentation
Geovon TECH621 PresentationGeovon TECH621 Presentation
Geovon TECH621 Presentation
 
Social Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark ArtsSocial Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark Arts
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing Awareness
 
Cyber war
Cyber warCyber war
Cyber war
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Recent Trends in Cyber Security
Recent Trends in Cyber SecurityRecent Trends in Cyber Security
Recent Trends in Cyber Security
 
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering Risks
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
 
B-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseB-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive Defense
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Phishing & Pharming
Phishing & PharmingPhishing & Pharming
Phishing & Pharming
 
Social engineering
Social engineering Social engineering
Social engineering
 

Similar to Social Engineering, or hacking people

Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Counterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptxCounterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptx
ZakiAhmed70
 
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Matt Hathaway
 
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Alexandre Sieira
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
CBIZ, Inc.
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
Tzar Umang
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
pdewitte
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
Stephen Cobb
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
Pratum
 
The Insider Threat January.pptx
The Insider Threat January.pptxThe Insider Threat January.pptx
The Insider Threat January.pptx
BertrandRussell6
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
Lourdes Paloma Gimenez
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
Sarah K Miller
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics security
Joel Cardella
 
Social Engineering.pdf
Social Engineering.pdfSocial Engineering.pdf
Social Engineering.pdf
MeshalALshammari12
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
CCIAOR
 
- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf
Ramya Nellutla
 
Common sense security by Fortium Partners
Common sense security by Fortium PartnersCommon sense security by Fortium Partners
Common sense security by Fortium Partners
DAVID BERGH
 

Similar to Social Engineering, or hacking people (20)

Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Counterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptxCounterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptx
 
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
 
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
The Insider Threat January.pptx
The Insider Threat January.pptxThe Insider Threat January.pptx
The Insider Threat January.pptx
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
 
Social engineering
Social engineering Social engineering
Social engineering
 
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics security
 
Social Engineering.pdf
Social Engineering.pdfSocial Engineering.pdf
Social Engineering.pdf
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf
 
Common sense security by Fortium Partners
Common sense security by Fortium PartnersCommon sense security by Fortium Partners
Common sense security by Fortium Partners
 

More from Tudor Damian

Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Tudor Damian
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
Tudor Damian
 
Modern cybersecurity threats, and shiny new tools to help deal with them
Modern cybersecurity threats, and shiny new tools to help deal with themModern cybersecurity threats, and shiny new tools to help deal with them
Modern cybersecurity threats, and shiny new tools to help deal with them
Tudor Damian
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016
Tudor Damian
 
Microsoft Azure Stack
Microsoft Azure StackMicrosoft Azure Stack
Microsoft Azure Stack
Tudor Damian
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security
Tudor Damian
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Tudor Damian
 
IDS Evasion Techniques
IDS Evasion TechniquesIDS Evasion Techniques
IDS Evasion Techniques
Tudor Damian
 
Azure Site Recovery and System Center
Azure Site Recovery and System Center Azure Site Recovery and System Center
Azure Site Recovery and System Center
Tudor Damian
 
Upgrading your Private Cloud to Windows Server 2012 R2
Upgrading your Private Cloud to Windows Server 2012 R2Upgrading your Private Cloud to Windows Server 2012 R2
Upgrading your Private Cloud to Windows Server 2012 R2
Tudor Damian
 
What's new in Hyper-V 2012 R2
What's new in Hyper-V 2012 R2What's new in Hyper-V 2012 R2
What's new in Hyper-V 2012 R2
Tudor Damian
 
Comparing MS Cloud with VMware Cloud
Comparing MS Cloud with VMware CloudComparing MS Cloud with VMware Cloud
Comparing MS Cloud with VMware Cloud
Tudor Damian
 
What's new in Windows 8
What's new in Windows 8What's new in Windows 8
What's new in Windows 8
Tudor Damian
 
Linux on Hyper-V
Linux on Hyper-VLinux on Hyper-V
Linux on Hyper-V
Tudor Damian
 
Private cloud, the Good, the Bad and the Ugly
Private cloud, the Good, the Bad and the UglyPrivate cloud, the Good, the Bad and the Ugly
Private cloud, the Good, the Bad and the Ugly
Tudor Damian
 
Hyper-V 3.0 Overview
Hyper-V 3.0 OverviewHyper-V 3.0 Overview
Hyper-V 3.0 OverviewTudor Damian
 
BOI 2011 - Be what's next
BOI 2011 - Be what's nextBOI 2011 - Be what's next
BOI 2011 - Be what's next
Tudor Damian
 
Hosting your virtual private cloud
Hosting your virtual private cloudHosting your virtual private cloud
Hosting your virtual private cloud
Tudor Damian
 
Linux sub Hyper-V R2
Linux sub Hyper-V R2Linux sub Hyper-V R2
Linux sub Hyper-V R2
Tudor Damian
 
White Hat Hacking #3
White Hat Hacking #3White Hat Hacking #3
White Hat Hacking #3
Tudor Damian
 

More from Tudor Damian (20)

Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
 
Modern cybersecurity threats, and shiny new tools to help deal with them
Modern cybersecurity threats, and shiny new tools to help deal with themModern cybersecurity threats, and shiny new tools to help deal with them
Modern cybersecurity threats, and shiny new tools to help deal with them
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016
 
Microsoft Azure Stack
Microsoft Azure StackMicrosoft Azure Stack
Microsoft Azure Stack
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
IDS Evasion Techniques
IDS Evasion TechniquesIDS Evasion Techniques
IDS Evasion Techniques
 
Azure Site Recovery and System Center
Azure Site Recovery and System Center Azure Site Recovery and System Center
Azure Site Recovery and System Center
 
Upgrading your Private Cloud to Windows Server 2012 R2
Upgrading your Private Cloud to Windows Server 2012 R2Upgrading your Private Cloud to Windows Server 2012 R2
Upgrading your Private Cloud to Windows Server 2012 R2
 
What's new in Hyper-V 2012 R2
What's new in Hyper-V 2012 R2What's new in Hyper-V 2012 R2
What's new in Hyper-V 2012 R2
 
Comparing MS Cloud with VMware Cloud
Comparing MS Cloud with VMware CloudComparing MS Cloud with VMware Cloud
Comparing MS Cloud with VMware Cloud
 
What's new in Windows 8
What's new in Windows 8What's new in Windows 8
What's new in Windows 8
 
Linux on Hyper-V
Linux on Hyper-VLinux on Hyper-V
Linux on Hyper-V
 
Private cloud, the Good, the Bad and the Ugly
Private cloud, the Good, the Bad and the UglyPrivate cloud, the Good, the Bad and the Ugly
Private cloud, the Good, the Bad and the Ugly
 
Hyper-V 3.0 Overview
Hyper-V 3.0 OverviewHyper-V 3.0 Overview
Hyper-V 3.0 Overview
 
BOI 2011 - Be what's next
BOI 2011 - Be what's nextBOI 2011 - Be what's next
BOI 2011 - Be what's next
 
Hosting your virtual private cloud
Hosting your virtual private cloudHosting your virtual private cloud
Hosting your virtual private cloud
 
Linux sub Hyper-V R2
Linux sub Hyper-V R2Linux sub Hyper-V R2
Linux sub Hyper-V R2
 
White Hat Hacking #3
White Hat Hacking #3White Hat Hacking #3
White Hat Hacking #3
 

Recently uploaded

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 

Recently uploaded (20)

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 

Social Engineering, or hacking people

  • 1. Social Engineering...OR «HACKING PEOPLE» Tudor DamianCEH, IT solutions specialistwww.tudy.telDefCamp #5 -Bucharest, November 28th, 2014
  • 3.
  • 4.
  • 5.
  • 6. 87% of small business and 93% of larger organizations experienced a cyber security breach in the last year Source: UK Government, Department for Business, Innovation and Skills (BIS) http://bit.ly/tudydefcamp
  • 7. Most malicious attacks come from within an organizationDid you see this: http://bit.ly/tudydefcamp ?
  • 8. Timeline of discovery for cyber espionage attacks worldwide (2013) Hours, 9% Days, 8% Weeks, 16% Months, 62% Years, 5% Hours Days Weeks Months Years Source: Verizonhttp://bit.ly/tudydefcamp
  • 9. Cyber crime attacks experienced by US companies (June 2014) VIRUSES, WORMS, TROJANSMALWAREBOTNETSWEB-BASED ATTACKSMALICIOUS CODEPHISHING AND SOCIAL ENGINEERINGMALICIOUS INSIDERSSTOLEN SEVICESDENIAL OF SERVICE100% 97% 76% 61% 46% 44% 41% 37% 34% Source: Ponemon Institute; Hewlett-Packard (HP Enterprise Security) Go to http://bit.ly/tudydefcamp now
  • 10. So, what is Social Engineering? http://bit.ly/tudydefcamp
  • 11. OSI Model –anything missing? 7 –Application layer 6 –Presentation layer 5 –Session layer 4 –Transport layer 3 –Network layer 2 –Link layer 1 –Physical layer Go to http://bit.ly/tudydefcamp now, ...please?
  • 12. OSI Model –revised  8 –Human layer 7 –Application layer 6 –Presentation layer 5 –Session layer 4 –Transport layer 3 –Network layer 2 –Link layer 1 –Physical layer http://bit.ly/tudydefcamp
  • 13. Social Engineering, or “Hacking People” •The science of making people do what you want •Attacks the most vulnerable layer in the OSI model  Really now, did you check out http://bit.ly/tudydefcamp ?
  • 14. Why are people vulnerable? •False Assumptions •If X is true, then Y is true; Y is true, therefore X must be true •Logical Fallacies •Incorrect arguments in logic and rhetoric, resulting in a lack of validity •Cognitive Biases •Patterns of deviation in judgment, whereby inferences about other people and situations may be drawn in an illogical fashion •Heuristics & Mental Shortcuts •Used to speed up the process of finding a satisfactory solution via mental shortcuts •e.g. using a rule of thumb, an educated guess, an intuitive judgment, stereotyping, profiling, common sense, etc. •Eases the cognitive load of making a decision http://bit.ly/tudydefcamp
  • 15.
  • 16. Behaviors vulnerable to attacks •Human nature of trust is the basis of most SE attacks •Ignorance about SE and its effects •SE attackers might threatenwith losses or consequences in case of non-compliance with their request •SE attackers lure the targets to divulge information by promising something for nothing •Targets are asked for help and they comply out of a sense of moral obligation Can't believe you haven't noticed this yet: http://bit.ly/tudydefcamp
  • 17. Technology doesn’t fix ignorance http://bit.ly/tudydefcamp
  • 18. Types of Social Engineering • Human-based Social Engineering • Gathers sensitive information by interaction • Attacks of this category exploit trust, fear and the helping nature of humans • Computer-based or mobile-based Social Engineering • SE carried out with the help of computers and/or mobile apps Go. There. Now. http://bit.ly/tudydefcamp
  • 19. Human-based Social Engineering •Posing as a legitimateend user •Give identity and ask for sensitive information •Posing as an importantuser •Posing as a VIP of a target company, valuable customer, etc. •Posing as technicalsupport •Call as technical support staff and request credentials to retrieve data •Authoritysupport •Eavesdropping •Shoulder surfing •Dumpsterdiving •Tailgating& Piggybacking •Reverse SE •Marketing •Sabotage •Tech Support http://bit.ly/tudydefcamp
  • 20. Computer-based Social Engineering • Spam Email • Hoax/Chain Letters • Instant Chat Messenger • Pop-up Windows • Phishing & Spear Phishing • Publishing Malicious Apps • Repackaging Legitimate Apps • Fake Security Applications Seriously now. http://bit.ly/tudydefcamp
  • 21. Common Social Engineering attacks •Email from a friend •May contain links/attachments with malicious software embedded •Messages may create a compelling story or pretext •Phishingattempts •Email, IM, comment, text message appearing to come from a legitimate, popular company, bank, school, institution •These messages usually have a scenario or story •Explain there is a problem, notify you that you’re a “winner”, ask for help •Baitingscenarios •Persuasion •Impersonation •Response to a question you never had http://bit.ly/tudydefcamp
  • 22. Why are companies vulnerable to SE? •Insufficientsecurity training •Easy Access to information •Several Organizational Units •Lackof security policies •SE attacks detection is very difficult •There’s no method to ensure complete security against any form of SE attacks •There’s no specific software or hardware for defending against SE attacks Such wow, much link: http://bit.ly/tudydefcamp
  • 23. SE attack against an organization -Phases •Research on target company •Dumpster diving, websites, employees, tour company, etc. •Select victim •Identify the frustrated/gullible employees of the target company •Develop relationship •Develop relationships with the selected employees •Exploit the relationship •Collect sensitive account information, financial information and current technologies http://bit.ly/tudydefcamp
  • 24. Potential impact on the organization •Economiclosses •Loss of privacy •Damage of goodwill •Temporary or permanent closure •Lawsuitsand arbitrations •etc. You've got a smartphone, right? http://bit.ly/tudydefcamp
  • 25. Common targets of SE attacks •Receptionistsand Help Desk personnel •Vendorsof the target organization •Usersand clients •Low-profileemployees and staff •Office workers •Technical Support Executives •System Administrators http://bit.ly/tudydefcamp
  • 26. Insider attacks •Spying •If a competitor wants to damage your organization, steal critical secrets or put you out of business, they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they will be in the organization •Corporate Espionage •Information theft & sabotage •Revenge •It takes only one disgruntled person to take revenge and your company may be compromised •Insider Attack •Most attacks occur “behind the firewall” •An inside attack is easy to launch •Prevention is difficult, thus the attack can easily succeed •Financial gain is a potential reason …or a laptop? You can pull out your laptop and go to http://bit.ly/tudydefcamp
  • 27. Protecting yourself from SE attacks •Slowdown •Research the facts •Delete any requests for financialinformation or passwords •Rejectrequests for help or offers of help •Lieto security questions and remember your lies •Beware of any downloads •Secure your devices •Follow security policies •Don’t let a link controlwhere you land http://bit.ly/tudydefcamp
  • 28. http://bit.ly/tudydefcampTudor DamianCEH, IT solutions specialistwww.tudy.tel