Cybersecurity Challenges in Social Media Erdal Ozkaya
Yüklə 1,17 Mb. Pdf görüntüsü
|
| 3.2
The techniques used Social engineering is a hacking technique that involves manipulating people into giving out some information or complying with some malicious requests (Mouton, Leenen & Venter, 2016). It can be used to get to the core of an organization, bypassing multiple layers of security that the organization might have put up. It does not rely on technical knowledge or possession of the latest hacking tools, all one needs is knowledge of the human psychology (Granger, 2001). There are some aspects of a human that can be taken advantage of such as courtesy, gullibility, sympathy, obedience, and greed. A social engineer will make a target make some questionable decisions by pulling some strings attached to these psychological aspects of a human. The following section will outline the lifecycle of a social engineering attack, presenting some of the key phases. It is, however, important to note that it is not necessary for a social engineer to use a linear path, that is, going phase by phase. The attack can be concluded at any of the phases depending on the objectives of the attacker. 3.3 Lifecycle of social engineering 3.3.1 Information gathering This might just be the most torturous step in the entire social engineering exercise and may last anywhere from a few hours to a few years (Krombholz et al., 2015). Not only is it long, it is demanding and requires an attacker to always be keen in observing the target. Today’s social engineer needs to be well-informed of the data to look for and the software tools that can help with this. The quick adoption of social media platforms by a large percentage of people has made this process somewhat simpler. However, this data is at times 47 insufficient or too fabricated to be of help and, therefore, more data sources may be required. An attacker may, therefore, be forced to gather data using specialized software tools or using soft skills to directly get this data from the target without raising alarm. Information is hardly gathered all at once. Doing so is hard and is therefore common for a social engineer to collect small pieces of data and combine them to complete a puzzle about the target. For instance, while gathering information about a CEO, an attacker may start by interviewing people that the CEO comes across or talks to. Janitors, secretaries, subordinates, or even visitors may be wisely interviewed to find out small pieces of information that may not be so useful discreetly but very powerful when put together. Even the most insignificant of people that a target interacts with may have a key to unlocking a much larger puzzle. Therefore, any source of information is treated as valuable. Yüklə 1,17 Mb. Dostları ilə paylaş:
|