Home Business IT Security Intel Security: social engineering hacking the human OS

Intel’s Security arm McAfee isn’t the first to write about hacking the human OS, and it won’t be the last, with the ‘latest persuasion techniques’ revealed.

Days after Kaspersky Lab unveiled details of a billion dollar cyber heist against mostly Russian and other global banks, as reported by iTWire, Intel Security’s latest report has arrived with an endorsement by the European Cybercrime Centre at Europol.

It ’reveals the latest persuasion techniques leveraged by cybercriminals to manipulate employees to do things they normally wouldn’t, usually resulting in the loss of money or valuable data.’

Kaspersky’s report unveiled how bank computers and networks were breached by targeted phishing attacks, which Intel Security says ‘demonstrates the inherent weakness in the ‘human firewall’ and the need to educate employees about the top persuasion techniques in use in the digital world.’

To pause for a moment and insert my own thoughts, perhaps we would call this ‘the weakest link’.

Raj Samani, the EMEA CTO at Intel Security, and an advisor at Europol’s European Cybercrime Centre said: “The most common theme we see when investigating data breaches today, is the use of social engineering to coerce the user into an action which facilitates malware infection.”

Paul Gillen, Head of Operations at the European Cybercrime Centre at Europol agreed, stating: “Cybercriminals today do not necessarily require substantial technical knowledge to achieve their objectives.

“Some well-known malicious tools are delivered using spear-phishing emails and rely on psychological manipulation to infect victims’ computers.

“The targeted victims are persuaded to open allegedly legitimate and alluring email attachments or to click on a link in the body of the email that appeared to come from trusted sources.”

Intel Security’s report, Hacking the Human OS, reveals cybercriminals are deploying the same ‘selling’ and ‘scamming’ techniques used in the real world, to extract valuable data from employees.

The 20 page report can be downloaded in full here (PDF link), while an executive summary has also been made available and can be downloaded here (PDF link).

Other highlights include:

  • Two-thirds of the world’s email is now spam aiming to extort information and money
  • A sharp increase of malicious phishing emails has resulted in more than 30 million suspect URLs recorded by McAfee Labs
  • 80% of all workers are unable to detect the most common and frequently used phishing scams
  • As the global cost of cybercrime reaches an estimated $445bn, Intel Security encourages businesses to address and educate employees on the “Six Levers of Influence” now used in the digital world by hackers

Intel says its report ‘reveals the extent and severity of social engineering with McAfee Labs identifying a dramatic increase in the use of malicious URLs with more than 30 million suspect URLs identified towards the end of 2014.’

The increase is attributed to the use of new short URLs, which often hide malicious websites, and a sharp increase in phishing URLs.

These URLs are often ‘spoofed’ to hide the true destination of the link and are frequently used by cybercriminals in phishing emails to trick employees. With 18% of users targeted by a phishing email falling victim and clicking on malicious link, the increased use of these tactics is cause for concern.

McAfee’s team of 500 researchers points to the fact that two-thirds of all global email is now spam that aims to extort information and money from the recipient. This provides more incentive for consumers and employees to be on guard for the most prolific phishing and scams techniques currently in use.

Intel’s Raj Samani added: “Today, cybercriminals have become expert at exploiting the subconscious of a trusted employee, often using many of the ‘selling’ tactics we see in everyday life. Businesses must adapt and employ the right mix of controls for ‘People, Process and Technology’ to mitigate their risk.”

The company says the importance of security training and policy management ‘has never been more apparent’, yet a points to a recent study by Enterprise Management Associates which found that only 56% of all workers had gone through any form of security or policy awareness training.

Intel Security’s ‘Hacking the Human OS’ report reveals some of the basic persuasion techniques currently in use by cybercriminals, which all businesses and employees should be aware of:

The Six Levers of Influence To Watch for in the Digital World

  • Reciprocation: When people are provided with something, they tend to feel obligated and subsequently repay the favour
  • Scarcity: People tend to comply when they believe something is in short supply e.g. a ‘spoof’ email claiming to be from your bank asking the user to comply with a request or else have their account disabled within 24 hours
  • Consistency: Once targets have promised to do something, they usually stick to their promises because people do not wish to appear untrustworthy or unreliable. For example, a hacker posing as a company’s IT team could have an employee agree to abide by all security processes, and then ask him / her to perform a suspicious task supposedly in line with security requirements
  • Liking: Targets are more likely to comply when the social engineer is someone they like. A hacker could use charm via the phone or online to ‘win over’ an unsuspecting victim
  • Authority: People tend to comply when a request comes from a figure of authority. This could be a targeted email to the finance team that might appear to come from the CEO or President
  • Social Validation: People tend to comply when others are doing the same thing. For example, a phishing email might look as if it’s sent to a group of employees, which makes an employee believe that it must be okay if other colleagues also received the request

The 20 page report can be downloaded in full here (PDF link), while an executive summary has also been made available and can be downloaded here (PDF link)

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect