Career Relevancy
Social engineering is the art of convincing people to reveal confidential information. Social engineers depend on the fact that people know certain valuable information yet are generally careless in protecting it. System hacking is the art of gaining access to a network and escalating privileges once inside the network. The system hacker will then execute applications by installing malicious programs.
Background:
You have likely heard of the term “social engineering” before. This term refers to the act of coercing people into certain actions based on their perception of certain media, messages, or other tools. In the world of network security, this term refers directly to the tactics hackers may use to get users to willingly hand over information without ever being suspicious that they are being preyed upon. These often come in the form of emails with sender names that the user may recognize (though the originator of the email is not a friend or coworker), suspicious links that are passed off as legitimate, or other types of engagement where users enter sensitive information with the expectation that the receiver is a secure, safe source. In actuality, the hacker can capture valuable information with this method, gaining access to the inner workings of a network with the credentials given to them by the user.
There is no single security mechanism that can protect from social engineering techniques used by attackers. Only educating employees on how to recognize and respond to social engineering attacks can minimize attackers’ chances of success. Before going ahead with this module, let’s first discuss various social engineering concepts.
Prior to performing social engineering attack, an attacker gathers information about the target organization from various sources such as official websites of the target organizations where employee IDs, names, and email addresses are shared. An attacker may also use advertisements of the target organization through the type of print media required for high-tech workers trained in Oracle databases or UNIX servers. Lastly, blogs, forums, etc. where employees share basic personal and organizational information can also be a gold mine for an attacker.
After gathering information, an attacker executes a social engineering attack using approaches such as impersonation, piggybacking, tailgating, reverse social engineering, and others.
Social engineering is an art of manipulating people to divulge sensitive information to perform some malicious action. Despite security policies, attackers can compromise an organization’s sensitive information using social engineering as it targets the weakness of people. Most often, employees are not even aware of a security lapse on their part and reveal the organization’s critical information inadvertently.
To succeed, attackers take a special interest in cultivating social engineering skills that appear innocuous to users. Their success lies in how well they can convince unsuspecting users that there is no threat. Attackers always look for new ways to access information. They also ensure that they know the organization’s perimeter and the people on the perimeter. For example, security guards, receptionists, and help-desk workers to exploit human oversight.
People have conditioned themselves not to be overly suspicious and they associate certain behavior and appearances with known entities. For instance, a man in a uniform carrying a pile of packages for delivery will be considered a delivery person. With the help of social engineering tricks, attackers succeed in obtaining confidential information, authorization and access details of people by deceiving and manipulating human vulnerability.
System Hacking Concepts
An attacker first obtains information during the footprinting, scanning, and enumeration phases, which they then use to exploit the target system. There are three steps in the CEH Hacking Methodology (CHM):
First is gaining access. This involves gaining access to low-privileged user accounts by cracking passwords through techniques such as brute-forcing, password guessing, and social engineering, and then escalating their privileges to administrative levels, to perform a protected operation.
After successfully gaining access to the target system, attackers work to maintain high levels of access to perform malicious activities such as executing malicious applications and stealing, hiding, or tampering with sensitive system files.
Lastly, in order to maintain future system access, attackers attempt to avoid recognition by legitimate system users. To remain undetected, attackers wipe out the entries corresponding to their activities in the system log, thus avoiding detection by users.
Every criminal has a specific goal they want to achieve. Likewise, attackers can have certain goals behind their system attacks. In system hacking, the attacker first tries to gain access to a target system using information obtained and loopholes found in the system’s access control mechanism. Once attackers succeed in gaining access to the system, they are free to perform malicious activities such as stealing sensitive data, implementing a sniffer to capture network traffic, and infecting the system with malware. At this stage, attackers use techniques such as password cracking and social engineering tactics to gain access to the target system.
After gaining access to a system using an account with few privileges, attackers may then try to increase their administrator privileges to perform protected system operations, so that they can proceed to the next level of the system hacking phase: executing applications. Attackers exploit known system vulnerabilities to escalate user privileges.
Once attackers have administrator privileges, they attempt to install malicious programs such as Trojans, backdoors, rootkits, and keyloggers, which grant them remote system access, thereby enabling them to execute malicious codes remotely. Installing rootkits allows them to gain access at the operating system level to perform malicious activities. To maintain access for use at a later date, they may install backdoors.
Attackers use rootkits and steganography techniques to attempt to hide the malicious files they install on the system, and thus their activities. To remain undetected, it is important for attackers to erase all evidence of security compromise from the system. To achieve this, they might modify or delete logs in the system using certain log-wiping utilities, thus removing all evidence of their presence.
Considering the proliferation of social engineering, should companies have the authority to limit or deny usage of personal items in the workplace? Explain your answer.
Your initial and reply posts should work to develop a group understanding of this topic. Challenge each other. Build on each other. Always be respectful but discuss this and figure it out together.