Social Engineering Presentation

Transcript

1. Social Engineering The art of human hacking Khaleel Syed

2. None

3. Interpretations of Social Engineering - “Manipulation of people into divulging

   confidential data” - Oxford Dictionary - “Using cheap dirty tricks to get people to do what you want” - Brian Brushwood

4. Purpose - Information gathering - Fraud - Infiltration - Penetration

   Testing • White hat hackers: Ethical hackers hired to ensure security within an firm • Black hat hackers: Individuals with a purpose to breach machines

5. Common Attacks - Phishing - Reverse Social Engineering - Spear-phishing

6. Phishing - Attempt to obtain sensitive information - Disguising as

   a trustworthy entity - Attack surfaces: Email or Phone • Web spoofing: Allows an adversary to modify web pages sent to a victim • Vishing: Voice phishing

7. Reverse Social Engineering - Three stages: 1) Attacker sabotages their

   systems 2) Convinces victim that he/she can provide support 3) Acquire data maliciously

8. Spear-phishing - Targeted phishing - Frequent example of an APT

   - Usual payload - Email attachment - Higher success rate (85%) in comparison to regular phishing (20%) - Average impact: £1.28 million

9. - Reconnaissance - Crafted Email forgeries - Multi-vector attacks -

   “The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you.” - Symantec • SSL: Secure Sockets Layer • DNS: Domain Name Server • Man-in-the middle attack: Secret interception of communication between parties Characteristics of Spear-phishing attacks

10. The usual targets

11. Defense against Social Engineering attacks - Advancements in Anti-phishing filters

    - Background checks - Don’t rely on security services - Minimise attack surface

12. Thank you for listening Any Questions?