Information Security-Module 3
Information Security-Module 3
● Ethical hacking involves the use of hacking tools, tricks, and techniques to identify
vulnerabilities so as to ensure system security.
● It focuses on simulating techniques used by attackers to verify the existence of exploitable
vulnerabilities in the system security.
● Ethical hackers performs security assessment of their organization with the permission of
concerned authorities.
● Scope:
o Ethical hacking is a crucial component of risk assessment, auditing, counter
fraud, and information systems security best practices.
o It is used to identify risks and highlight the remedial actions, and also reduces
information and communications technology (ICT) costs by resolving those
vulnerabilities.
● Limitations:
o However, unless the businesses first know what it is at that they are looking
for and why they are hiring an outside vendor to hack systems in the first
place, chances are there would not be much to gain from the experience.
o An ethical hacker thus can only help the organization to better understand their
security system, but it is up to the organization to place the right guards on the
network.
Cybersecurity threats are acts performed by individuals with harmful intent, whose goal is to steal
data, cause damage to or disrupt computing systems. Common categories of cyber threats include
malware, social engineering, man in the middle (MitM) attacks, denial of service (DoS), and injection
attacks—we describe each of these categories in more detail below.
Cyber threats can originate from a variety of sources, from hostile nation states and terrorist groups, to
individual hackers, to trusted individuals like employees or contractors, who abuse their privileges to
perform malicious acts.
● Nation states—hostile countries can launch cyber attacks against local companies and
institutions, aiming to interfere with communications, cause disorder, and inflict damage.
● Terrorist organizations—terrorists conduct cyber attacks aimed at destroying or abusing
critical infrastructure, threaten national security, disrupt economies, and cause bodily harm to
citizens.
● Criminal groups—organized groups of hackers aim to break into computing systems for
economic benefit. These groups use phishing, spam, spyware and malware for extortion, theft
of private information, and online scams.
● Hackers—individual hackers target organizations using a variety of attack techniques. They
are usually motivated by personal gain, revenge, financial gain, or political activity. Hackers
often develop new threats, to advance their criminal ability and improve their personal
standing in the hacker community.
● Malicious insiders—an employee who has legitimate access to company assets, and abuses
their privileges to steal information or damage computing systems for economic or personal
gain. Insiders may be employees, contractors, suppliers, or partners of the target organization.
They can also be outsiders who have compromised a privileged account and are
impersonating its owner.
Malware Attacks
Malware is an abbreviation of “malicious software”, which includes viruses, worms, trojans, spyware,
and ransomware, and is the most common type of cyberattack. Malware infiltrates a system, usually
via a link on an untrusted website or email or an unwanted software download. It deploys on the target
system, collects sensitive data, manipulates and blocks access to network components, and may
destroy data or shut down the system altogether.
Social engineering involves tricking users into providing an entry point for malware. The victim
provides sensitive information or unwittingly installs malware on their device, because the attacker
poses as a legitimate actor.
● Baiting—the attacker lures a user into a social engineering trap, usually with a promise of
something attractive like a free gift card. The victim provides sensitive information such as
credentials to the attacker.
● Pretexting—similar to baiting, the attacker pressures the target into giving up information
under false pretenses. This typically involves impersonating someone with authority, for
example an IRS or police officer, whose position will compel the victim to comply.
● Phishing—the attacker sends emails pretending to come from a trusted source. Phishing often
involves sending fraudulent emails to as many users as possible, but can also be more
targeted. For example, “spear phishing” personalizes the email to target a specific user, while
“whaling” takes this a step further by targeting high-value individuals such as CEOs.
● Vishing (voice phishing)—the imposter uses the phone to trick the target into disclosing
sensitive data or grant access to the target system. Vishing typically targets older individuals
but can be employed against anyone.
● Smishing (SMS phishing)—the attacker uses text messages as the means of deceiving the
victim.
● Piggybacking—an authorized user provides physical access to another individual who
“piggybacks” off the user’s credentials. For example, an employee may grant access to
someone posing as a new employee who misplaced their credential card.
● Tailgating—an unauthorized individual follows an authorized user into a location, for
example by quickly slipping in through a protected door after the authorized user has opened
it. This technique is similar to piggybacking except that the person being tailgated is unaware
that they are being used by another individual.
Supply chain attacks are a new type of threat to software developers and vendors. Its purpose is to
infect legitimate applications and distribute malware via source code, build processes or software
update mechanisms.
Attackers are looking for non-secure network protocols, server infrastructure, and coding techniques,
and use them to compromise build and update process, modify source code and hide malicious
content.
Supply chain attacks are especially severe because the applications being compromised
by attackers are signed and certified by trusted vendors. In a software supply chain attack, the
software vendor is not aware that its applications or updates are infected with malware. Malicious
code runs with the same trust and privileges as the compromised application.
Man-in-the-Middle Attack
A Man-in-the-Middle (MitM) attack involves intercepting the communication between two endpoints,
such as a user and an application. The attacker can eavesdrop on the communication, steal sensitive
data, and impersonate each party participating in the communication.
Denial-of-Service Attack
A Denial-of-Service (DoS) attack overloads the target system with a large volume of traffic, hindering
the ability of the system to function normally. An attack involving multiple devices is known as a
distributed denial-of-service (DDoS) attack.
● HTTP flood DDoS—the attacker uses HTTP requests that appear legitimate to overwhelm an
application or web server. This technique does not require high bandwidth or malformed
packets, and typically tries to force a target system to allocate as many resources as possible
for each request.
● SYN flood DDoS—initiating a Transmission Control Protocol (TCP) connection sequence
involves sending a SYN request that the host must respond to with a SYN-ACK that
acknowledges the request, and then the requester must respond with an ACK. Attackers can
exploit this sequence, tying up server resources, by sending SYN requests but not responding
to the SYN-ACKs from the host.
● UDP flood DDoS—a remote host is flooded with User Datagram Protocol (UDP) packets sent
to random ports. This technique forces the host to search for applications on the affected ports
and respond with “Destination Unreachable” packets, which uses up the host resources.
● ICMP flood—a barrage of ICMP Echo Request packets overwhelms the target, consuming
both inbound and outgoing bandwidth. The servers may try to respond to each request with an
ICMP Echo Reply packet, but cannot keep up with the rate of requests, so the system slows
down.
● NTP amplification—Network Time Protocol (NTP) servers are accessible to the public and
can be exploited by an attacker to send large volumes of UDP traffic to a targeted server. This
is considered an amplification attack due to the query-to-response ratio of 1:20 to 1:200,
which allows an attacker to exploit open NTP servers to execute high-volume,
high-bandwidth DDoS attacks.
Injection Attacks
Injection attacks exploit a variety of vulnerabilities to directly insert malicious input into the code of a
web application. Successful attacks may expose sensitive information, execute a DoS attack or
compromise the entire system.
● SQL injection—an attacker enters an SQL query into an end user input channel, such as a
web form or comment field. A vulnerable application will send the attacker’s data to the
database, and will execute any SQL commands that have been injected into the query. Most
web applications use databases based on Structured Query Language (SQL), making them
vulnerable to SQL injection. A new variant on this attack is NoSQL attacks, targeted against
databases that do not use a relational data structure.
● Code injection—an attacker can inject code into an application if it is vulnerable. The web
server executes the malicious code as if it were part of the application.
● OS command injection—an attacker can exploit a command injection vulnerability to input
commands for the operating system to execute. This allows the attack to exfiltrate OS data or
take over the system.
● LDAP injection—an attacker inputs characters to alter Lightweight Directory Access Protocol
(LDAP) queries. A system is vulnerable if it uses unsanitized LDAP queries. These attacks
are very severe because LDAP servers may store user accounts and credentials for an entire
organization.
● XML eXternal Entities (XXE) Injection—an attack is carried out using specially-constructed
XML documents. This differs from other attack vectors because it exploits inherent
vulnerabilities in legacy XML parsers rather than unvalidated user inputs. XML documents
can be used to traverse paths, execute code remotely and execute server-side request forgery
(SSRF).
● Cross-Site Scripting (XSS)—an attacker inputs a string of text containing malicious
JavaScript. The target’s browser executes the code, enabling the attacker to redirect users to a
malicious website or steal session cookies to hijack a user’s session. An application is
vulnerable to XSS if it doesn’t sanitize user inputs to remove JavaScript code.
Cybersecurity solutions are tools organizations use to help defend against cybersecurity threats, as
well as accidental damage, physical disasters, and other threats. Here are the main types of security
solutions:
Common cyber attack vectors include viruses and malware, email attachments, webpages, pop-up
windows, instant messages (IMs), chatrooms and deception. Except for deception, all of these
methods involve programming or, in a few cases, hardware. Deception is when a human operator is
fooled into removing or weakening system defenses.
To some extent, firewalls and antivirus software can block attack vectors. But no protection method is
totally attack-proof. A defense method can quickly become obsolete, as hackers are constantly
updating attack vectors and seeking new ones in their quest to gain unauthorized access to computers
and servers.
The most common malicious payloads are viruses, which can function as their own attack vectors,
Trojan horses, worms and spyware. Third-party vendors and service providers can also be considered
attack vectors, as they are a risk to an organization if they have access to its sensitive data.
A security hole can be found in a piece of software or in a computer operating system (OS).
Sometimes, a security vulnerability can open up because of a programming error in an application or a
faulty security configuration. Hacks can even be low-tech, such as obtaining an employee's security
credentials or breaking into a building.
Hackers are constantly scanning companies and individuals to identify all potential entry points into
systems, applications and networks. In some cases, they may even target physical facilities or find
vulnerable users and internal employees who will knowingly or inadvertently share their information
technology (IT) access credentials.
One of the most publicized hacks was the SolarWinds supply chain attack. An investigation was
undertaken to determine the attack vectors, but the breach may have been the result of compromised
credentials or possible access through the development environment for SolarWinds' Orion IT
management software.
Cyber Security
● Innovative field that keeps pace with fast-changing technology, tactics and threats
● Focus on protecting digital information and managing risk
● Protects information and data, but also functional systems (ex. electrical grid, transportation
infrastructure, any devices connected to the Internet of Things, or IoT)
● Tools and strategies include everything from user education, high-tech systems, firewalls,
anti-virus technology to penetration testing and bug bounty initiatives
● Threats emanate from cyberspace; computer-to-computer communications
Definition
Threat modeling is a structured process with these objectives: identify security requirements, pinpoint
security threats and potential vulnerabilities, quantify threat and vulnerability criticality, and prioritize
remediation methods.
Threat modeling methods create these artifacts:
Maximize your software security by implementing or improving threat modeling in the SDLC with
our actionable roadmap. The eBook examines 6 activities and debunks threat modeling myths.
How does threat modeling work?
Threat modeling works by identifying the types of threat agents that cause harm to an application or
computer system. It adopts the perspective of malicious hackers to see how much damage they could
do. When conducting threat modeling, organizations perform a thorough analysis of the software
architecture, business context, and other artifacts (e.g., functional specifications, user documentation).
This process enables a deeper understanding and discovery of important aspects of the system.
Typically, organizations conduct threat modeling during the design stage (but it can occur at other
stages) of a new application to help developers find vulnerabilities and become aware of the security
implications of their design, code, and configuration decisions. Generally, developers perform threat
modeling in four steps:
When performed correctly, threat modeling can provide a clear line of sight across a software project,
helping to justify security efforts. The threat modeling process helps an organization document
knowable security threats to an application and make rational decisions about how to address them.
Otherwise, decision-makers could act rashly based on scant or no supporting evidence.
Overall, a well-documented threat model provides assurances that are useful in explaining and
defending the security posture of an application or computer system. And when the development
organization is serious about security, threat modeling is the most effective way to do the following:
● Detect problems early in the software development life cycle (SDLC)—even before coding
begins.
● Spot design flaws that traditional testing methods and code reviews may overlook.
● Evaluate new forms of attack that you might not otherwise consider.
● Maximize testing budgets by helping target testing and code review.
● Identify security requirements.
● Remediate problems before software release and prevent costly recoding post-deployment.
● Think about threats beyond standard attacks to the security issues unique to your application.
● Keep frameworks ahead of the internal and external attackers relevant to your applications.
● Highlight assets, threat agents, and controls to deduce components that attackers will target.
● Model the location of threat agents, motivations, skills, and capabilities to locate potential
attackers in relation to the system architecture.
Misconceptions of threat modeling
As a security process, threat modeling is subject to several misconceptions. Some people believe
threat modeling is only a design-stage activity, some see it as an optional exercise for
which penetration testing or code review can substitute, and some think the process is simply too
complicated. The following should help dispel some of these misconceptions:
Penetration testing and code reviews can’t substitute for threat modeling. Penetration testing and
secure code review are two activities that are effective for finding bugs in code. However, security
assessments (e.g., threat modeling) are better at uncovering design flaws.
There’s a good reason to conduct a threat model after deployment. Understanding the issues in the
current deployment influences future security architecture strategy, and monitoring weaknesses allows
for faster and more effective remediation. Without understanding the potential threats an application
faces, you can’t ensure that you’re addressing all risks.
Threat modeling isn’t that complicated. Many developers are intimidated by the idea of threat
modeling. At first glance, it can seem daunting. However, if you break up the tasks into workable
steps, performing a threat model on a simple web application—or even a complex
architecture—becomes systematic. The key is to start with basic best practices
The killer application of threat modeling is promoting security understanding across the whole team.
It’s the first step toward making security everyone’s responsibility. Conceptually, threat modeling is a
simple process. So consider these five basic best practices when creating or updating a threat model:
1. Define the scope and depth of analysis. Determine the scope with stakeholders, then break down
the depth of analysis for individual development teams so they can threat model the software.
2. Gain a visual understanding of what you’re threat modeling. Create a diagram of the major system
components (e.g., application server, data warehouse, thick client, database) and the interactions
among those components.
3. Model the attack possibilities. Identify software assets, security controls, and threat agents and
diagram their locations to create a security model of the system (see Figure 1). Once you’ve have
modeled the system, you can identify what could go wrong (i.e., the threats) using methods like
STRIDE.
4. Identify threats. To produce a list of potential attacks, ask questions such as the following:
Are there paths where a threat agent can reach an asset without going through a control?
Could a threat agent defeat this security control?
What must a threat agent do to defeat this control?
5. Create a traceability matrix of missing or weak security controls. Consider the threat agents and
follow their control paths. If you reach the software asset without going through a security control,
that’s a potential attack. If you go through a control, consider whether it would halt a threat agent or
whether the agent would have methods to bypass it.
Figure 1: Security model of a system.
To prevent a social engineering attack, you need to understand what they look like and how you might
be targeted. These are the 10 most common types of social engineering attacks to be aware of.
1. Phishing
Phishing is the most common type of social engineering attack, typically using spoofed email
addresses and links to trick people into providing login credentials, credit card numbers, or other
personal information. Variations of phishing attacks include:
● Angler phishing – using spoofed customer service accounts on social media
● Spear phishing – phishing attacks that target specific organizations or individuals
2. Whaling
Whaling is another common variation of phishing that specifically targets top-level business
executives and the heads of government agencies. Whaling attacks usually spoof the email addresses
of other high-ranking people in the company or agency and contain urgent messaging about a fake
emergency or time-sensitive opportunity. Successful whaling attacks can expose a lot of confidential,
sensitive information due to the high-level network access these executives and directors have.
3. Diversion Theft
In an old-school diversion theft scheme, the thief persuades a delivery driver or courier to travel to the
wrong location or hand off a parcel to someone other than the intended recipient. In an online
diversion theft scheme, a thief steals sensitive data by tricking the victim into sending it to or sharing
it with the wrong person. The thief often accomplishes this by spoofing the email address of someone
in the victim’s company—an auditing firm or a financial institution, for example.
4. Baiting
Baiting is a type of social engineering attack that lures victims into providing sensitive information or
credentials by promising something of value for free. For example, the victim receives an email that
promises a free gift card if they click a link to take a survey. The link might redirect them to a spoofed
Office 365 login page that captures their email address and password and sends them to a malicious
actor.
5. Honey Trap
In a honey trap attack, the perpetrator pretends to be romantically or sexually interested in the victim
and lures them into an online relationship. The attacker then persuades the victim to reveal
confidential information or pay them large sums of money.
6. Pretexting
Pretexting is a fairly sophisticated type of social engineering attack in which a scammer creates a
pretext or fabricated scenario—pretending to be an IRS auditor, for example—to con someone into
providing sensitive personal or financial information, such as their social security number. In this type
of attack, someone can also physically acquire access to your data by pretending to be a vendor,
delivery driver, or contractor to gain your staff’s trust.
7. SMS Phishing
SMS phishing is becoming a much larger problem as more organizations embrace texting as a primary
method of communication. In one method of SMS phishing, scammers send text messages that spoof
multi-factor authentication requests and redirect victims to malicious web pages that collect their
credentials or install malware on their phones.
8. Scareware
Scareware is a form of social engineering in which a scammer inserts malicious code into a webpage
that causes pop-up windows with flashing colors and alarming sounds to appear. These pop-up
windows will falsely alert you to a virus that’s been installed on your system. You’ll be told to
purchase and download their security software, and the scammers will either steal your credit card
information, install real viruses on your system, or (most likely) both.
9. Tailgating/Piggybacking
Tailgating, also known as piggybacking, is a social engineering tactic in which an attacker physically
follows someone into a secure or restricted area. Sometimes the scammer will pretend they forgot
their access card, or they’ll engage someone in an animated conversation on their way into the area so
their lack of authorized identification goes unnoticed.
An insider threat refers to a cyber security risk that originates from within an organization. It
typically occurs when a current or former employee, contractor, vendor or partner with legitimate user
credentials misuses their access to the detriment of the organization’s networks, systems and data. An
insider threat may be executed intentionally or unintentionally. No matter the intent, the end result is
compromised confidentiality, availability, and/or integrity of enterprise systems and data.
Malicious insiders have a distinct advantage over other categories of malicious attackers because of
their familiarity with enterprise systems, processes, procedures, policies and users. They are keenly
aware of system versions and the vulnerabilities therein. Organizations must therefore tackle insider
threats with at least as much rigor as they do external threats.
Also referred to as a turncloak, the principal goals of malicious insider threats include espionage,
fraud, intellectual property theft and sabotage. They intentionally abuse their privileged access to steal
information or degrade systems for financial, personal and/or malicious reasons. Examples include an
employee who sells confidential data to a competitor or a disgruntled former contractor who
introduces debilitating malware on the organization’s network.
Collaborator
Collaborators are authorized users who work with a third party to intentionally harm the organization.
The third party may be a competitor, nation-state, organized criminal network or an individual. The
collaborator’s action would lead to the leak of confidential information or the disruption of business
operations.
Lone Wolf
Lone wolves operate entirely independently and act without external manipulation or influence. They
can be especially dangerous because they often have privileged system access such as database
administrators.
Careless insider security threats occur inadvertently. They are often the result of human error, poor
judgement, unintentional aiding and abetting, convenience, phishing (and other social engineering
tactics), malware and stolen credentials. The individual involved unknowingly exposes enterprise
systems to external attack.
Pawn
Pawns are authorized users who have been manipulated into unintentionally acting maliciously, often
through social engineering techniques such as spear phishing. These unintentional acts could include
downloading malware to their computer or disclosing confidential information to an impostor.
Goof
Goofs deliberately take potentially harmful actions but harbor no malicious intent. They are arrogant,
ignorant and/or incompetent users who do not recognize the need to follow security policies and
procedures. A goof may be a user who stores confidential customer information on their personal
device, even though they know it’s against organizational policy.
A Mole
A mole is an outsider but one who has gained insider access to the organization’s systems. They may
pose as a vendor, partner, contractor or employee, thereby obtaining privileged authorization they
otherwise would not qualify for.
Most threat intelligence tools focus on the analysis of network, computer and application data while
giving scant attention to the actions of authorized persons who could misuse their privileged access.
For secure cyber defense against an insider threat, you have to keep an eye on anomalous behavioral
and digital activity.
Behavioral Indicators
There are a few different indicators of an insider threat that should be looked out for, including:
● Signing into enterprise applications and networks at unusual times. For instance, an employee
who, without prompting, signs into the network at 3am may be cause for concern.
● Surge in volume of network traffic. If someone is trying to copy large quantities of data across
the network, you will see unusual spikes in network traffic.
● Accessing resources that they usually don’t or that they are not permitted to.
● Accessing data that is not relevant for their job function.
● Repeated requests for access to system resources not relevant for their job function.
● Using unauthorized devices such as USB drives.
● Network crawling and deliberate search for sensitive information.
● Emailing sensitive information outside the organization.
Numerous insider cyberattacks take place each year, but the overwhelming majority do not make it to
the news. There have, however, been insider threats in cyber security that have stood out in recent
years.
● In 2018, Facebook fired a security engineer accused of exploiting the privileged information
his position accorded him to stalk women online.
● In 2018, a Tesla employee was alleged to have sabotaged company systems and sent
proprietary information to third parties.
● In the 2019 Capital One data breach, a former Amazon engineer retrieved more than 100
million customer records. They exploited their inside knowledge Amazon EC2 to circumvent
a misconfigured firewall in Capital One’s cloud server.
● In 2020, a former Google executive was sentenced to 18 months in prison for stealing trade
secrets from Google’s self-driving-car division and handed them over to Uber, his new
employer.
You can protect your organization’s digital assets from an internal threat. Here’s how.
Identify your organization’s critical logical and physical assets. These include networks, systems,
confidential data (including customer information, employee details, schematics and detailed strategic
plans), facilities and people. Understand each critical asset, rank the assets in order of priority and
determine the current state of each assets protection. Naturally, highest priority assets should be given
the highest level of protection from insider threats.
There are many different software systems that can track insider threats. These systems work by first
centralizing user activity information by drawing from access, authentication, account change,
endpoint and virtual private network (VPN) logs. Use this data to model and assign risk scores to user
behavior tied to specific events such as downloading sensitive data to removable media or a user
logging in from an unusual location. Create a baseline of normal behavior for each individual user and
device as well as for job function and job title. With this baseline, deviations can be flagged and
investigated.
Increase Visibility
In a 2019 SANS survey on advanced threats, more than a third of respondents admitted to lacking
visibility over insider misuse. Therefore, it’s important to deploy tools that continuously monitor user
activity as well as aggregate and correlate activity information from multiple sources. You could, for
instance, use cyber deception solutions that establish traps to draw in malicious insiders, track their
actions and understand their intentions. This information would then be fed into other enterprise
security solutions to identify or prevent current or future attacks.
Enforce Policies
Define, document and disseminate the organization’s security policies. This prevents ambiguity and
establishes the right foundation for enforcement. No employee, contractor, vendor or partner should
have any doubts about what acceptable behavior is as it relates to their organization’s security stance.
They should recognize their responsibility to not divulge privileged information to unauthorized
parties.
While detecting insider threats is important, it is more prudent and less expensive to dissuade users
from wayward behavior. Promoting a security-aware culture change and digital transformation is key
in this regard. Instilling the right beliefs and attitudes can help combat negligence and address the
roots of malicious behavior. Employees and other stakeholders should regularly participate in security
training and awareness that educate them on security matters, which should be accompanied by the
continuous measurement and improvement of employee satisfaction to pick up early warning signs of
discontent.
Insider threats are more difficult to identify and prevent than external attacks. They are often below
the radar of conventional cybersecurity solutions such as firewalls, intrusion detection systems and
antimalware software. If an attacker logs in via an authorized user ID, password, IP address and
device, they are unlikely to trigger any security alarms. To effectively protect your digital assets, you
need an insider threat detection software and strategy that combines multiple tools to monitor insider
behavior while minimizing the number of false positives.
You can take the following steps to help reduce the risk of insider threats:
Insider threats can be harder to identify or prevent than outside attacks, and they are invisible to
traditional security solutions like firewalls and intrusion detection systems, which focus on external
threats. If an attacker exploits an authorized login, the security mechanisms in place may not identify
the abnormal behavior. Moreover, malicious insiders can more easily avoid detection if they are
familiar with the security measures of an organization.
To protect all your assets, you should diversify your insider threat detection strategy, instead of relying
on a single solution. An effective insider threat detection system combines several tools to not only
monitor insider behavior, but also filter through the large number of alerts and eliminate false
positives.
Tools like Machine Learning (ML) applications can help analyze the data stream and prioritize the
most relevant alerts. You can use digital forensics and analytics tools like User and Event Behavior
Analytics (UEBA) to help detect, analyze, and alert the security team to any potential insider threats.
User behavior analytics can establish a baseline for normal data access activity, while database
activity monitoring can help identify policy violations.
1. Multi-Factor Authentication
Don’t rely on one factor – the most basic preventive measure guarantees your account security. Of
course, the password ensures security, but we have realized they’re inadequate on its own. Because it
is far easier for someone else to guess your password and obtain access to your accounts.
The passwords can be accessed through social engineering. Multi-Factor verification is required that
could be anything from biometric access, security questions to an OTP code.
2. Continuously Monitor Critical System
Make sure your system, which houses sensitive information is being monitored 24 x 7. When certain
exploiting tactics are employed like Trojans, they sometimes depend on the system, which is
vulnerable. Scanning both external and internal systems with Web application scanning can help to
find vulnerabilities in your system.
Besides, you should also perform a social engineering engagement at least once a year to assess
whether your employees would fall victim to the dangers of social engineering. Once tracked, fake
domains, if any, can be taken down instantly to avoid copyright infringement online.
3. Utilize Next-Gen cloud-based WAF
You’re probably already employing a firewall within your business, but a next-generation web
application cloud-based firewall is specially designed to ensure maximum protection against social
engineering attacks. The web WAF is very different from the traditional WAF that most companies
deploy.
To be specific, AppTrana can consistently monitor a web application or website for anomalous
activity and misbehavior. Although social engineering threats depend on human mistakes, it will block
attacks and alerts you to any endeavored malware installations. Implementing risk-based WAF is one
of the best ways to prevent social engineering attacks and any potential infiltration.
4. Verify Email Sender’s Identity
Most scams involve the method of falsely obtaining victim’s information by pretending as a trusted
entity. Especially in a phishing attack, attackers send email messages that may appear like they are
from a sender you trust like from a credit card company, a bank, a social networking site, or an online
store. The emails often tell a story to make you click onto the false link, which looks legitimate.
To avoid this kind of social engineering threats, contact the claimed sender of the email message and
confirm whether he sent the email or not. Remember, legitimate banks will not ask your authorized
credentials or confidential information through email.
5. Identify your critical assets which attract criminals
“When a lot of companies focus on protecting their assets, they’re very focused on that from the
perspective of their business” – Jim O’Gorman, a member of Social-Engineer.org
That is not necessarily the approach hacker will target your company. They always target the assets
valuable to them.
You should evaluate in the attacker’s perspective and identify what to protect, considering the assets
beyond your product, service, or intellectual property.
“Independent Assessment is the best tool to determine which of your assets criminals are most likely
to target.” – according to O’Gorman.
6. Check for SSL Certificate
Encrypting data, emails, and communication ensure that even if hackers intercept your
communication, they can’t be able to access the information contained within. This can be achieved
by obtaining SSL certificates from trusted authorities.
Furthermore, always verify the site, which asks for your sensitive information. To verify the website’s
authenticity, check the URLs. The URLs which start with https:// can be considered as trusted and
encrypted website. The websites with http:// are not offering a secure connection.
7. Penetration Testing
The most effective approach among the ways to prevent social engineering attacks is conducting a
pen-test to detect and try to exploit vulnerabilities in your organization. If your pen-tester succeeds in
endangering your critical system, you can identify which system or employees you need to
concentrate on protecting as well as the types of social engineering attacks you may be prone to.
Learn more about how application Pen testing can mitigate Fraud.
8. Check and Update your Security Patches
Cybercriminals are generally looking for weaknesses in your application, software, or systems to
attain unauthorized access to your data. As a preventive measure, always maintain your security
patches up to date and keep your web browsers & systems up to date with the latest versions.
This is because companies release security patches as a response whenever they uncover security
loopholes. Maintaining your systems with the recent release will not only reduce the possibilities of
cyber-attacks but will also ensure a cyber-resilient environment.
9. Enable Spam Filter
Enable Spam filters and close the door for offenders of social engineering security threats. Spam
filters offer vital services in protecting your inboxes from social engineering attacks.
Most email service providers offer spam filters that hold the emails which are deemed as suspicious.
With spam features, you can categorize emails effortlessly, and freed from the horrible tasks of
identifying mistrustful emails.
10. Pay Attention to Your Digital Footprint
Oversharing of personal details online through social media can give these criminals more
information to work with. For instance, if you keep your resume online, you should consider
censoring your date of birth, phone number, and residential address. All that information is useful for
attackers who are planning a social engineering threat.
We recommend you maintain your social media settings to “friends only” and think twice before you
share anything on social media.
The Closure
The dangers of social engineering threats are increasing day by day and now becomes one of the
major cyber threats for businesses of all sizes. You should equip your business with proper defense
measures to prevent social engineering attacks.
Make sure that your company has the methods to rapidly detect security incidents, monitor what is
going on, and alerts your security team so they can take immediate action.