Social engineering remains biggest cyber threat

99 per cent of cases could be avoided with basic use of cyber security best practice, according to the AFP

Despite increases in the number and capability of botnets for distributed denial of service (DDoS) attacks, social engineering remains one of the largest cyber security threats to IT infrastructure according to the Australian Federal Police (AFP).

As opposed to DDoS and other remote hacking techniques, social engineering involves obtaining system passwords and potential flaws in security systems by speaking to IT departments or relevant staff.

Presenting to the Australian Computer Society’s Discover IT 2011 conference in Canberra, AFP detective superintendent, Brad Marden, said the “unwitting inside threat” account for the vast majority of successful attacks on information systems. That included, he said, recent attacks on cyber security firm HBGary, which was targeted by Anonymous after the company’s chief executive, Aaron Barr, boasted that he knew the identities of high-level members at the secretive hacking group.

Marden said the HBGary incident came as a result of “computer professionals who allow themselves initially to be socially engineered to give up a little bit of information”.

Lack of best practice and use of common passwords between low-end and critical systems allowed those involved to gain access to the company’s high-level infrastructure and ultimately deal damage.

Marden said the same was the case in several local instances, where the AFP has mounted investigations into hacking attempts on high-end sensitive systems as a result of “deliberate or inadvertent social engineering”.

“Once you’ve literally got unfettered access to a system, you can do whatever you want,” he said. “If you had the root-level admin access to the system, the world’s your oyster.”

The majority of cases investigated by the AFP could have been prevented, Marden said, by implementing some of the more basic principles set out in a list of 34 best practices mandated by the Cyber Security Operations Centre, a department of the Defence Signals Directorate.

The AFP’s high tech crime unit, of which Marden is a director, has moved to solve several of these issues by talking to a wider range of industry professionals and using the unit’s support team to educate the wider police department on cyber security measures including IP and Whois domain checks.

“We are going to end up with a quite educated police force from a cyber perspective,” Marden said. “But we know there will be some Luddites that are just never ever going to get up to that level.”

Talks are continuing with cyber security firms but, according to Marden, the AFP is not yet satisfied with the industry’s level of cooperation.

Marden’s warning came as the auditor-general this week scolded the Department of Prime Minister and Cabinet among other federal agencies for putting government security at risk through the use of Gmail and Hotmail on work computers. The department has since vowed to block access to the websites.

Follow James Hutchinson on Twitter: @j_hutch

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CSO newsletter!

Error: Please check your email address.

Tags Australian Federal Police (AFP)Cyber Security Operations Centre (CSOC)social engineeringcyber securityDefence Signals Directorate (DSD)

More about Australian Computer SocietyAustralian Federal PoliceFederal PoliceHotmail

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by James Hutchinson

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place