Social Engineering — News

Hackers are adapting distributed denial of service (DDoS) attacks and combining these with social engineering tactics to try and infiltrate banks during 2013, warns Gartner.

Enterprise information security in Australia could come under much greater scrutiny with the nation’s Information Commissioner looking to drill down deeply into the details of an organisation’s security practices after a breach.

In this series, Computerworld Australia examines some of the information security threats facing small businesses and larger enterprises today. We’ve looked at internal negligence and continue the series by speaking to experts about the problem of social engineering.

I had the opportunity to speak at a new security conference last week, Security Threats 2012. I presented on the topic of balancing business benefits with risks in the cloud (more on that later), but the event touched on a wide range of pertinent IT topics, provoking stimulating discussions of some of the most pressing challenges business leaders are facing.

A decade ago, most viruses and worms were unleashed by curious students, pranksters and punks wanting to see what kind of damage they could inflict. That quickly evolved into criminals and thieves writing most of the malware once they realized money could be made.

It's been an interesting year for those following information security news. We started the year with the Vodafone breach, one of the largest privacy breaches ever experienced within Australia.

If a company hires us for a social engineering engagement, typically they want us to get in and get to their back-up tapes, or into the data in their document room.

Jim Stickley got his first computer at age 12, and he was chatting with other computer "nerds" on bulletin board sites by the time he was 16. A wannabe hacker, Stickley said his first foray into playing the system was with free codes -- codes that would exclude his phone and computer time from racking up charges that would incur the wrath of his parents.

You may now be savvy enough to know that when a friend reaches out on Facebook and says they've been mugged in London and are in desperate need of cash, that it's a scam. But social engineers, the criminals that pull off these kinds of ploys by trying to trick you, are one step ahead.

The latest social engineering trick to get victims to open malicious email attachments accuses them of being spammers and threatens to sue them if they don't stop.

When it comes to social engineering attacks, larger companies attract more of them, and when they are victimized it costs more per incident, according to a survey sponsored by Check Point.

Social engineering attacks are widespread, frequent and cost organizations thousands of dollars annually according to new research from security firm Check Point Software Technologies.

A group of security researchers based in Egypt have created a tool that will make social engineering easier because it automates the collection of hidden Facebook profile data that is otherwise only accessible to friends in a user's network.

The security company Qualys this week demonstrated how to reverse-engineer a Microsoft patch in order to launch a denial-of-service attack on Windows DNS Server.

Stories about lost wages aren't the only scary things being talked about in Sin City this week. The best security researchers and hackers from around the world have gathered in Las Vegas, and news about their work has been creeping out like a toxic flood.

Social engineers have been using various dirty tricks to fool people for centuries. Social engineering, the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques, is as old as crime itself and has been used in many ways for decades.

A hacking operation dubbed ‘Night Dragon’ has targeted energy utilities, using tried-and-tested intrusion methods to steal intellectual property related to oil field exploration and bidding plans, according to security company McAfee.

Despite increases in the number and capability of botnets for distributed denial of service (DDoS) attacks, social engineering remains one of the largest cyber security threats to IT infrastructure according to the Australian Federal Police (AFP).

In the last three months of 2010 attackers managed to serve 3 million malicious advertising, or malvertising, impressions every day. That's the headline figure from a report released today from Web security firm Dasient. According to Dasient, that's a 100 percent increase from the preceding quarter.