Social Engineering — Today’s Number 1 Option for Unauthorised Access
Phyras El Amin, (Support Analyst, Masters of Cybersecurity), Transpire
“Without access to the Internet, your device becomes a paperweight…” That’s the general opinion these days. The way technology is progressing, we are relying on internet access more than ever, and it is an integral part of workplaces, especially since many work remotely.
With such a global push to move everything online, we tend to forget that there are dangers in this vast sea of digital 1’s and 0’s. In a commonly occurring example, a CEO of a massive tech firm has logged onto her computer, and opened her emails, finding an array of different business emails. However, one strikes as interesting, marked as high priority, the senders name being the manager of one of the companies she regularly liaises with for business transactions. Subject states; Cancellation of Project. The CEO is distraught and panics as she opens up the email which has nothing in it, except a link to a file named ‘new_contract.pdf’.
“The CEO is distraught and panics as she opens up the email which has nothing in it, except a link to a file named ‘new_contract.pdf”
Little did she know how far this went. This pdf file has a small change exploited within, the moment she clicks ‘open’, her entire company data is no longer safe. Hackers have come a long way from sitting behind computers and attempting to crack passwords. The BlackHat Hacking Community is far more advanced, and it is simple and easy for them to choose a target and begin exploiting through different methods now.
We have always been let down by authentication and password cracking on computers, but with new technology, passwords are encrypted with AES-128 by Google and Apple, setting a global standard for all companies to follow suit. Hackers simply cannot crack an AES-128 encrypted password with a brute force tool, this has become so difficult we would be providing supercomputers to even provide a hacker a chance to give the attack a try.
The hackers have adapted, and are targeting the weakest link, (it’s you…) Toolkits have been provided to the hacking community, they simply need to choose an option from a menu to create an attack, their machines do everything automatically, and it could even be used by a savvy 10 year old.
“…they simply need to choose an option from a menu to create an attack, it’s all automated, and it could even be used by a savvy 10 year old”
The only way for someone to be completely protected, would be to ensure they have no contact with a computer or device and AI was in charge of all files and data. The way we are progressing in the world means that we must be vigilant and be mindful of what links we click on, and what files we download, what pages we look at and what encryption we use. Otherwise we can fall victim to the BlackHat’s, lurking in the shadows, sending out emails that say you are related to a Nigerian Prince who wants to send you $100million that he suddenly feels entitled to give you.
If it sounds too good to be true… it probably is.
