We are almost prompted to start off this section with a few clichés such as…
- “Because there is no patch for human stupidity”
- “People are the largest vulnerability in any network”
Path of Least Resistance
Others like these all point to the truth. A hacker can spend hours, weeks, months trying to brute force his way to a password… when a phone call with the rightpretext and perfect questions can get you the same password or more in a few minutes. By utilizing dumpster diving, sifting through trash bags, talking to a disgruntled employee or even walking into the business as a delivery person can lead you to full network access. As software vendors get more and more secure and their products get harder to crack the role of social engineering becomes greater. Understanding what it is a social engineer will try, how they will try it and what methodology they may use can help you develop a plan how to protect from such attacks.
On The Rise
This article we found on cisco.com warns users that social engineering, phishing, client side attacks and the like are on the rise. A staggering 26% increase PER MONTH in the number of phishing attempts in a one year span. The attacker knows that most of the time an employee doesn’t realize they are doing something wrong and it is that naivety and that innocence that creates a perfect atmosphere for attack.
One of Many
It is notable to mention that just because social engineering is becoming more common and wider in attack scope, does not mean everyone can successfully pull it off. As this framework will outline, a successful social engineer will have many tools in their arsenals and many attack vectors at their finger tips.