Top 10 Social Engineering Security Predictions in 2014!
In this, we have provided you top ten security predictions for all cyber attacks in 2014 using social engineering for penetrating the network. Just read the following and I will let you know which one is real in 12 months.
- The Registry Hack- It was shared on Facebook by a mid-size Credit Union’s controller that she is expecting a baby. On LinkedIn, she had a detailed profile and also created at Amazon a baby registry. Thus, Amazon’s marketing department mails the lady to take her interview about baby registry and for that she can select from registry items any one for free. She clicks the link. On clicking the link, Trojan infects her workstation and $495,000 amount were being transferred by the bad guy to Ukraine for a long weekend.
- Legal File Corruption- Working for long days in-house counsel of large defense contractor on corruption lawsuit against VP Sales closely works with their outside attorney when case appears to be in trial. When she receives an email from counterpart complaining that his office email server is down and if she replies to that email then the case file will immediately gets transferred at the time when he is on the way to court. Thus, it is actually a competition to use file in order to steal away large deal.
- PCI Compliance Failure- On getting an email to system administrator from their credit card merchant account processor saying that his company’s PCI Compliance has failed due to this their card processing will be shut down within 24hours until he reports immediately to the recent scan what to be done. A link will be provided in order to confirm and if a system administrator clicks on the link then zero-day exploit infects his workstation allowing the bad guys his kingdom i.e. admin credentials.
- Underperformance Review- CEO of healthcare company mails their several employees asking to participate in ‘How Are We Doing’ survey. CEO actually asks them to give their feedback and rate the performance of their direct supervisor. Maximum percentage of employees click on the link and infects their workstation letting IT team to take a lot of time to rebuild it.
- iPhone Pwned- CEO of non-profit shares on LinkedIn telling that he really liked the new iPhone having fingerprint recognition. He gets a Apple text message few weeks later saying that it is important to update fingerprint software as soon as possible. Thus, requires rebooting of his phone. He directly complies and in reality mobile malware gets installed stealing the office VPN credentials. Victim employees then need to pay and loses $15,000 to money mules to deposit directly the next Friday.
- Celebrity Trap- Sometimes, VP Sales of a large online ticket reservation site gets an email from lead singer of his favourite band telling that he can meet him backstage after completing his show when he will come in his town. He gets excited and simultaneously clicks on the link. On clicking the link, his database gets exfiltrated along with 275,000 full customer credit card transactions.
- Credit Card Security Con- Mid-size bank’s President’s wife receives a credit card company phone call who explains her about the new security service offer ensuring their account to be free from cyber attacks. She will get a text message and if it provides charges for anything then she can say ‘no’ for the charge. In order to activate this service, she is asked to type domain name in her domain. Hence, the domain will be malware dropping Trojan on her PC. This will let the bad guy to take over home network results in infecting his husband laptop as soon as he plugs it in the bank’s network. This way it gets penetrated in the bank itself transferring $2 Million from bank’s customer accounts to Russia.
- Broken Cloud- Chinese government few years ago sponsored hackers to open a front office in the US which carefully developed it in well funded upcoming cloud consultancy firm. The worked impressing cloud providers with whitepapers as if they have great knowledge of cloud security. They also hired unwitting US employees possessing security clearance. Thus, they got contracting job from Amazon finally. Now, they accessed to the premises and allowed to tour data centre and plugged a small device in Ethernet jack of a conference room phone for some seconds. This allowed them to cleverly harm data centre and wrote another whitepaper which describes the particular problem. Next day, they waited for the call. On getting call they moved to ‘assist’ obtaining full cloud ownership.
- PDF Deception- Large insurance company CIO gets a call from an attractive sounding recruiter telling that he has been selected for interview so that he can discuss a CEO position at online competitor. As he has not heard of recruiting firm then can check on LinkedIn. As procedure part, CIO gets a PDF file having company description. He tries to open PDF file but fails to open. Just guess what happened? Trojan is inside and workstation is being pnwed exfiltrating your very valuable confidential information.
- Top Dog Social Engineer- A new web portal is being crafted by man establishing trust to new users helping them socially to share their personal details, habits, work details etc. Thus, all the data is being collected by him allows targeting advertisement then goes to public also. This is unbelievable as he get away all this when identity theft has become uncontrolled so you must not give all your personal details. Several people fall in this trap. Several people fall in this trap. You must remember when you will not pay for the product then you will be the product.