Credit: SergeyNivens via Canva
The world of cyber security never fails to surprise us with bolder and more sophisticated cyber-attacks and methods added to its already extensive roster, especially with its relatively short history.
Weekends and holidays are foreign to many cyber security labs as this endless war is 24/7. Hackers are just looking for cyber security research labs to get caught off-guard.
With zero-day exploits possibly being released at any moment, the cyber security industry needs to operate like a digital hawk.
Techies working in cyber security related technical fields often keep track on the latest on cyber threats such as DDoS in the networking industry. Others are diligently keeping track of the notorious ransomware cyberattack that has impacted multiple industries.
Other cyber threats such as stalkerware malware are growing in numbers keeping technology professionals and prudent cyber citizens on their toes.
A Prevalent Oversight: Social Engineering
All of the above is valid, but in many cases, other types of less apparent threats are overlooked, posing many cyber dangers.
Brain hacking or social engineering is one example as it is a general area that does not get new names like the other types of exploits and malware discovered.
This type of attack is very hazardous as it does not require technical knowledge and often near-zero technical sophistication to carry out.
This type of attack requires more social-psychological skills, in order to employ manipulation methods to gain users' trust and use that trust to carry out a cyber-attack or as part of a more elaborate attack.
Let's dive deeper into brain hacking or social engineering to help you, whether you are just an internet user or even a technology professional that does not have enough awareness around this area.
Let's walk through fictional, theoretical scenarios that could easily occur in the real world through a story.
The story should make you more cognizant of social engineering dynamics and why this cyber threat could often result in a much more significant cyber-attack than meets the eye.
The Person & Item You Least Expect
Competitive intelligence falls within the cyber security sphere as it collects data for competitive purposes.
You must remember that several social engineering actors are often involved, and they may contact someone you know to act as a proxy to help them carry out the social engineering attempt.
The other fact you should be aware of is that it may not necessarily data they are looking for but rather something that may not appear as related to cyber security initially.
One item in your possession could move the needle forward for an elaborate cyber-attack. For example, a facilities access card could enable the cybercriminal organization to access the facilities and perhaps infect computers or install other spying equipment.
In this fictional story you work for a Fortune 500 company and their main competitor, another Fortune 500 company, knows that you are in charge of maintenance and have keys and access cards to all areas of the corporate office.
Through additional research about you, this company finds out that you have a cleaning lady that works in your house over the weekend.
All they have to do is convince the cleaning lady that they need the access card. The convincing part is in a nutshell social engineering.
Social engineering could stem from someone you just met on a dating platform and even your favorite local Starbucks.
This is why being aware and keeping access cards, laptops and other works and personal devices secure and not giving anyone access without exception is of paramount cyber importance.
Learn to scrutinize social situations and flag them early on through reading more about social engineering and practicing prudent awareness on a regular basis.
