The FBI has warned crypto companies of sophisticated social engineering attacks by North Korean hackers targeting employees to install malware leading to crypto theft.
As more recipients get wise to the usual phishing tactics, attackers are adopting another strategy: pretexting. Protecting an organization against pretexting attacks requires a layered approach that includes preventing attack messages from reaching employees, and making employees aware of how pretexting works.
Octo Tempest has gradually stepped up from data theft, to data extortion, and now to ransomware as of this summer (becoming an affiliate of the ALPHV/BlackCat group). The cybercriminals are entirely financially motivated and nearly always leads with either a phishing email/message or a social engineering call. It also looks to execute SIM swap attacks.
Okta has warned about social engineering attacks by sophisticated actors targeting super administrators by tricking service desk staff into resetting multi-factor authentication for privileged users.
Business communication tools are indispensable in today’s distributed working environments, both for internal communication between team members and for external communication with customers. But their use has attracted the attention of attackers who successfully exploit their security weaknesses and tailor their attacks to specific communication platforms.
The annual Verizon DBIR provides further confirmation that attackers are showing a renewed interest in social engineering, particularly in conjunction with business email compromise (BEC) attacks. And the average financial damage of a ransomware attack has doubled and is almost certain to cost organizations at least $1 million to remediate.
Whatever new technologies are adopted, social engineering will evolve in parallel and find work arounds. Even as these security defenses mature, it will always be easier to hack a human than hack a system.
BadUSB attacks have proliferated in the last year for a simple reason — they work as long as curiosity is part of human nature. The impact of BadUSB is tantamount to allowing an unknown hacker to sit at an employee’s unlocked computer and directly attack the network from the inside.
Cybercriminals are using social engineering to target company employees on social media, which remains a weak point even if a company takes every precaution necessary to protect in-house information.
Uber cybersecurity incident was the result of social engineering by teenage hacker. Network breach was a total compromise and that the attacker had full access to Uber's systems.