From the course: Career Essentials in System Administration by Microsoft and LinkedIn

Mitigating social engineering attacks

From the course: Career Essentials in System Administration by Microsoft and LinkedIn

Mitigating social engineering attacks

- Social engineering is when a hacker will use deception, manipulation or intimidation to get credentials needed to gain access to a network resource. Hackers can use publicly available information found on internet sites, like Facebook to give up enough access to deduce a password by using various combinations of names and birthdays as passwords. Or to be used when calling a help desk for a password reset. In 2020, almost a quarter of all breaches were related to social engineering. Because with the right information, people can be manipulated into giving away information to help the hacker gain access. There are several popular ways social engineering attacks can be successful. The first is phishing, typically used in email. Phishing attackers impersonate a legitimate user and use fear, urgency or curiosity to deceive their targets. The attacker's aim is to get users to click on a malicious link, open a malware attachment or reveal login credentials. A more sophisticated version is called spear phishing. Spear phishing attackers research their target beforehand and tailor their approach to improve chances of success. When spear phishing is aimed at executives or senior management, it's called whaling and it usually aims to steal sensitive company information. I've seen this many times when hackers try to get other employees in a company to wire money because the email looked like it came from the executive. Pretexting is another type of social engineering attack. It involves a dialogue between the attacker and the victim and often begins with a phishing attempt. Pretexting attackers attempt to build trust with their victims. The attacker usually pretends to be someone in a position of authority who has the right to access the sought after information or who can help the victim. Attackers use this method to trick individuals into revealing information that can be used in a later attack. There are many ways to prevent a social engineering attack but the best way to start is by training employees. This could be a regular email sent out or a training given to staff. Many companies send out fake phishing emails and record how many clicked on them. Some staff even have their jobs terminated for clicking the emails. Mitigation to social engineering can also include strong passwords, multifactor authentication, removing local admin rights to computers, good anti-malware implementations, and a procedure that can't be circumvented when a user calls for help. Some companies have an incident response team available and trained for when a phishing attack occurs to assess damage and fix any issues that may have occurred due to the breach. Based on personal experience, employee training that is updated annually has always worked best for keeping phishing attacks from being successful.

Contents