CEHv12-09 - Network and Perimeter Hacking - Social Engineering

In

Social engineering concepts and attacks

Social engineering involves manipulating individuals to reveal confidential information or provide unauthorized access. Attackers exploit trust, fear, and ignorance to achieve these goals.

  • Common targets

  • Help desk & Support staff: they have access to sensitive systems and data.

  • Admins & IT ersonnel: often hold higher access levels.

  • Executives (C-Level): have access to critical organizational resources.

  • Anyone with Desired Access: attackers target individuals with access, regardless of role.

  • Techniques:

  • Framing & pretexting: making lies believable through authority or familiarity.

  • Types of framing:**

    • Negative: authority, social pressure, urgency.
    • Positive: trust-building, helpfulness.

  • Phases:

    1. Research: gather details about the target.
    2. Target selection: identify individuals with required access.
    3. Relationship building: gain trust or rapport.
    4. Exploitation: use the relationship to gain access or sensitive information.

  • Types of aocial:

    • Human-based:
      • Piggybacking: gaining access by following an authorized person.
      • Tailgating: entering a restricted area without authorization.
      • Dumpster Diving: searching trash for confidential information.
      • Impersonation, Vishing, and Eavesdropping.**
    • Computer-based:
      • Phishing: trick targets into clicking malicious links or sharing credentials.
      • Spear phishing: targeted attacks on specific individuals or departments.
      • Whaling: targeting high-profile individuals like executives.
      • Smishing: phishing over SMS.

  • Countermeasures:

    • Security awareness training: regular training on social engineering tactics.
    • Mock phishing campaigns: test employee awareness and response.
    • Anti-phishing tools: toolbars and detection systems.
    • Visitor check-in: control building access with visitor logs and badges.
    • Physical security: locks, RFID badges, and proper garbage disposal.
    • Strong security policies: enforce password policies, multi-factor authentication, and restricted access zones.

Insider threats

Insider threats involve individuals within an organization who misuse their trusted access, intentionally or unintentionally, to cause harm or security risks.

  • Type:

    1. Disgruntled employees: employees seeking revenge due to perceived mistreatment or termination.
    2. Negligent insiders: individuals who unintentionally cause harm by neglecting security protocols (e.g., mishandling passwords).
    3. Professional insiders: individuals hired or compromised to deliberately gather or exfiltrate data.
    4. Compromised insiders: individuals coerced, blackmailed, or financially influenced to act against the company.

  • Motivation:

    • Revenge: driven by personal grievances against the organization.
    • Financial Gain**: Compromised insiders may be influenced by financial incentives or debt.
    • Competitive advantage: competitors might embed insiders to access trade secrets.
    • Hacktivism: motivated by ethical or moral beliefs, intending to harm organizations perceived as unethical.
    • Coercion: insider pressured through blackmail or threats.

  • Indicators:

    • Unusual data access: large amounts of sensitive data accumulated or moved.
    • Odd ñogin times: access outside normal working hours or from multiple devices simultaneously.
    • Physical access attempts: unusual activity near restricted areas, like server rooms.
    • Behavioral changes: employees acting secretive or displaying unusual work patterns.

  • Defenses:

    1. Monitoring and logging: track access to sensitive data and alert unusual activities.
    2. Background checks**: conduct checks before providing access, especially for sensitive roles.
    3. User account termination policy: disable accounts immediately upon termination.
    4. Role-based access and least privilege: limit data and system access based on roles.
    5. Separation of duties: divide responsibilities to prevent one individual from having too much control.
    6. Forced vacations: require time off to observe if issues arise in an employee’s absence.

  • Tools for detection:

    • Regularly review access logs and set alerts for abnormal activities.
    • Conduct routine background checks, especially for roles requiring high-level access.
    • Implement strict policies for access and review permissions regularly.

Identity theft

Identity theft involves impersonating someone’s identity, typically in digital form, to commit fraud or other malicious activities. Attackers may steal digital or physical information to assume another’s identity for financial gain, criminal activity, or personal advantage.

  • Motivations:

    • Financial gain: stealing personal info to commit fraud, open credit lines, or steal tax refunds.
    • Avoiding detection: using a stolen identity to commit crimes without being traced.
    • Framing victims: using someone else’s identity to place blame on them.
    • Gaining access: using another’s identity to bypass restricted access or gain legitimacy.

  • Commonly targeted information:

    • Standard IDs: social security numbers, driver’s licenses, tax info.
    • Financial details*: banking information, credit/debit card data.
    • Insurance and benefits info: personal details for health, life, or other insurance.
    • Children’s Information: often exploited for credit fraud as it may go unnoticed for years.

  • Methods:

    1. Physical theft: stealing wallets, purses, or personal devices.
    2. Open Source Intelligence (OSINT): gathering publicly available information to impersonate someone.
    3. Social engineering: phishing, shoulder surfing, and dumpster diving to acquire sensitive data.
    4. Digital hacking: compromising systems, installing keyloggers, or hacking into unsecured devices.
    5. Mail theft: stealing physical mail to gain sensitive information.

  • Indicators:

    • Unfamiliar charges: unknown purchases or withdrawals on statements.
    • Missing mail: sudden lack of statements or bills, or receiving unfamiliar bills.
    • Debt collection notices: unexpected contact from debt collectors.
    • Credit report changes: changes in credit scores or history without known cause.
    • Tax filing issues**: attempting to file taxes and finding they were already filed.

  • Prevention tips:

    • Monitor financial activity: regularly check bank statements and use credit monitoring services.
    • Secure physical mail**: collect mail daily and secure important documents.
    • Use strong security practices: enable multi-factor authentication, use strong passwords, and consider password managers.
    • Limit information sharing: avoid oversharing personal info on social media.
    • Be cautious with unknown contacts: avoid answering unknown calls and verify unexpected communication.