Tag Archive for: Engineering

Social Engineering News: SMiShing – Security Boulevard

/in


SMiShing attacks continue to soar as more companies transition to a remote/hybrid workforce. According to a Pew Research Center survey, 59% of U.S. employees work from home all or most of the time. This transition means that employees are now more likely to use mobile devices such as a phone or tablet to access corporate information and accounts. Bad actors are taking notice and exploiting this reliance on mobile devices. They are using popular mobile messaging apps and digital channels that aid the productivity or remote workers such as Facebook Messenger, WhatsApp, LinkedIn, Zoom, Microsoft Teams, Google Meet, and Slack to facilitate attacks. As a result, SMiShing is a threat that companies can no longer ignore. 

What is SMiShing?

The word SMiShing comes from combining SMS (Short Message Service), the original technology which started mobile texting, with phishing. In either instance the goal of the bad actor is to steal personal or financial information.

Cybersecurity Live - Boston

The following social engineering news story shows how bad actors exploit messaging apps and digital channels

A sophisticated Teams attack. As reported on by VentureBeat, a bad actor posing as a CEO (Chief Executive Officer) known to be on a business trip to China, sent a WhatsApp message to several of the company’s employees asking them to join a Teams meeting. When the employees joined the Teams meeting, they thought they were seeing the CEO live on video. However, it was really a scraped video feed of the CEO from a past TV interview. To make the fraud more convincing, the bad actor added a fake background to make it appear that the CEO was really in China. Now for the twist, there was no audio feed for the Teams meeting. The “CEO” chatted that he was experiencing issues with the audio feed and told the employees, that “since I can’t make this work, send me the information on this SharePoint link.‘”

Social Engineering News SMiShing

Image: VentureBeat

Test, Educate and Protect with our Managed SMiShing Service

How can you protect your company from SMiShing attacks such as mentioned above? It’s important that your employees can identify an attack. At Social-Engineer, LLC our fully managed, enterprise scalable program measures and tracks…

Source…

What is a social engineering attack?

/in


Seen some scary headlines about a new “social engineering attack” doing the rounds but not sure what that actually means? Then you’re in the right place as we’ve created this guide to detail what the term means, and some quick tips on how to avoid falling victim to them.

The short version is that a social engineer attack is the point at which computer misuse combines with old-fashioned confidence trickery. Specifically, social engineering attacks are scams that exploit the most vulnerable part of any technical system: the user.

Social engineering attacks can be carried out via the web, email, phone, and SMS or instant messaging, or in person. They rely on deceiving a user into believing that the bad actor is an honest representative of, for example, Amazon or Microsoft for long enough to give the bad actor their login credentials, access to their computer, or money.

Social engineering attacks can take place in real time, with someone actively speaking to you on the phone or physically present at your office; asynchronously as through an exchange of emails with a bad actor pretending to be someone they’re not, or be a passive trap delivered via an email, a website, or even a physical USB drive.

Kaspersky Total Security – Now 60% off

Kaspersky Total Security – Now 60% off

Award-winning protection against hackers, viruses and malware. Includes, Free VPN, Password Manager and Kaspersky Safe Kids.

USE code: KTSQ210 to save an additional 10% on top of the already fantastic 50% discount

  • CODE: KTSQ210
  • 60% off
  • £16 per year

View Offer

Examples of social engineering attacks

Phishing, in which a bad actor sends out messages, often by email, designed to look like they’re from a legitimate company, with the intention of getting you to hand over your login details or authorise a payment are common example of social engineering attacks. They often do this by offering an irresistible, time-limited deal or threatening dire consequences (such as an imminent overpayment) to make the victim panic and rush to click…

Source…

Engineering seminar: Cyber Storm Tracker — Using Machine Learning for Cyber Log Data

/in


Dr. Glenn A. Fink, a senior cyber sercurity researcher with Pacific Northwest National Laboratory (PNNL), will give the talk.

Cyber logs are not human language, but of all the common data types used in machine learning (ML), natural language is the closest. But cyber log data is very different from natural lanuage. Log lines contains lots of random-looking garbage. IP addresses and other things frequently change definition. Punctuationh is all over the place. Domain names look like Windows Active Directory names, which look like many other cyber “nouns.” And the syntax and semantics of phrases and terms changes from sensor to sensor. This makes cyber data challenging to ingest into ML models. 

Dr. Fink will talk about the work done at PNNL to ingest cyber logs into natural language processing tools using embeddings. He’ll also show how embeddings can be used as coordinates to show how IP addresses change behavior and relate over time. At the end, seminar attendees will understand why there are still not many true ML methods out there for cyber, and what the major challenges are ahead. 

Dr. Find has worked in computer security, deep learning, visualization, bio-inspired design and human-centric computing at PNNL since 2006. He is the lead inventor of several technologies, including PNNL’s Digital Ants technology, which Scientific American cited as one of 10 “world-changing ideas” in 2010. Digital Ants recently earned an award for Excellence in Technology Transfer from the Federal Laboratory Consortium and was listed as a finalist for an R&D 100 award. His work includes research in bio-inspired, decentralized cyber security and privacy. He has published numerous scientific articles and papers, has edited a book and hosted several workshops on computer security, privacy and the Internet of Things. 

Dr. Fink was a three-year NSF IGERT Graduate Fellow at Virginia Polytechnic Institute and State University, where he completed his Ph.D. in computer science in 2006. Dr. Fink’s dissertation, “Visual Correlation of Network Traffic and Host Processes,” fostered the Hone technology that currently is an open-source software project. Dr. Fink was a software…

Source…

Honeywell Industrial Cyber Security Center of Excellence, Middle East

/in