Upload
amir-bouker
View
102
Download
2
Embed Size (px)
Citation preview
SOCIAL ENGENNERING
Presented By Amir BOUKER
Plan
Definition
Why and How Is it performed
Types
How to counter
Examples
Stats
“
◦ 'Social engineering,' the fancy term for tricking you into giving away your digital secrets, is at least as a great threat as spooky technology. ’
◦ -Barton Gellman
Definition
Social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter.
IT IS AN ART
Social Engennering
PsychologyManipulation Misdirection
Why ?phishers use social engineering to convince people to divulge sensitive information.scareware vendorsuse social engineering to frighten people into running software that is useless at best and dangerous at worst.Virus writersuse social engineering tactics to persuade people to run malware laden email attachments
Why & How social engineering is performed
How ?con gamegain the confidence of an authorized user and get them to reveal information that compromises the network's securityOrthe authorized employee with some kind of urgent problem that requires immediate network access
Types of social engineering attacks
Baitingan attacker leaves a malware-infected physical device, such as a USB flash drive or CD-ROM, in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware.
Phishinga malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into installing malware on his or her computer or device, or sharing personal or financial information..
PretextingPretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
How To Counter
1. Educate yourself.2. Be aware of the information you're
releasing.3. Determine which of your assets
are most valuable to criminals.4. Write a policy and back it up with
good awareness training.5. Keep your software up to date.6. When asked for information,
consider whether the person you're talking to deserves the information they're asking about.
7. Watch for questions that don't fit the pretext.
Stats
39.90%
37.40%
16.60%3.60%
2.80%2.20% 1.90% 0.30%
Ways Of Attacking
E-mail attachment E-mail link Web Drive-ByDirect Install Download By malware Web DownloadRemote Injection Network Propagation
294.000.000.000Mails sent daily
90%Of all mails is spam and Viruses
107 Trilion Mails sent annully
60% Of US Adult receive spam in 2016
Conclution
Not all mails are honest
Don’t let any one take your human nature and use it against you
In the Internet Don’t trust Any one
Thanks!ANY QUESTIONS?You can find me at@[email protected]