[MART] - Daily Diary #525 - Initial Access Techniques - Social Engineering
ctas-mat at appgate.com
Fri Jun 3 21:16:27 UTC 2022
I hope everyone is doing well!
Below is the entry for today.
06/03/2022 - Diary entry #525:
In our Daily Diary #420, we started to cover malware techniques and their variations. Today we will cover a human-targeted technique used as initial vector by attackers to breach organizations.
Also known as the "art of deception", Social Engineering is a manipulation technique that exploits human error to obtain information, access, or privileges to restricted information systems to perform further malicious activities such as deploying a malware in the network or exfiltrating sensitive information.
It all starts with the selection of an organization and human targets. Through the Internet, open-source intelligence (OSINT), physical surveillance, human sources, and covert interview techniques (HUMINT), the attacker creates a credible pretext to gain confidence and get closer to its targets.
Regardless of the method used (calls, emails, phishing), the goal is always to convince the victim that the attacker is someone who can be trusted with the information. To disguise the execution of its attack, the attacker will make innocent and not so innocent requests for information or actions to manipulate the victim.
Human vulnerabilities have not improved as security technology has. That is why, in addition to implementing high-quality security tools and solutions, we recommend that organizations frequently train their employees so that they can recognize the red flags and respond accordingly to a social engineering attack when they become a target.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MART