Social engineering attacks have emerged as a dominant method for cyber fraudsters to penetrate organizations.
These deceptive attacks unfold typically in four stages:
- Information Collection (the attacker compiles data about the target)
- Trust Building (the attacker connects with the target and gains their confidence)
- Manipulation (the attacker convinces the target to take a specific action)
- Utilization (the attacker uses the gathered data from the manipulation to carry out the attack)
The initial phase is crucial – lacking accurate information hampers the execution of a precise social engineering attack.
Intelligence Gathering Avenues
How do attackers amass details about their targets? Cybercriminals have five intelligence sources to collect and scrutinize information about their targets, which are:
1. OSINT (Open-Source Intelligence): Hackers employ OSINT to harvest and evaluate information that’s publicly accessible about companies and individuals. Using OSINT tools, adversaries can uncover details about a target’s IT and security setup; assets vulnerable to attack like open ports and email IDs; IP addresses; flaws in websites, servers, and IoT devices; and compromised or leaked credentials. This information is then used to mount social engineering attacks.
2. SOCMINT (Social Media Intelligence): While SOCMINT falls under OSINT, it warrants separate attention. Individuals often share personal and professional information on social media platforms, including photos, interests, family, acquaintances, residence, workplace, and job roles. Tools like Social Analyzer and NameCheckup.com enable attackers to sift through social media activities and craft personalized social engineering traps.
3. ADINT (Advertising Intelligence): Consider an instance where you install a free chess application on your smartphone. The app displays location-specific ads, informing users about local chess players and events. When these ads appear, the app conveys user details to the ad exchange service, such as IP addresses, operating system type, mobile carrier name, screen resolution, and GPS coordinates. Ad exchanges typically use this data to tailor ads to user preferences and locations. However, they also sell this data, which can end up in the hands of malicious actors or unauthorized governments.
4. DARKINT (Dark Web Intelligence): The Dark Web operates as a clandestine marketplace dealing in corporate espionage, ransomware kits, narcotics, weapons, human trafficking, and more. Billions of stolen records, including personal identification, health records, financial transactions, corporate data, and compromised credentials, are traded. Threat actors can buy ready-made data for their social engineering plots or hire experts to conduct social engineering or uncover hidden organizational weaknesses.
5. AI-INT (AI Intelligence): With the evolution of generative AI technologies like Google Gemini and ChatGPT, it’s conceivable that cybercriminals might utilize AI to mine, assimilate, process, and filter target information. Malicious AI-powered tools reported on Dark Web forums, such as FraudGPT and WormGPT, can drastically cut down the research time for social engineers, providing them with actionable data for their schemes.
Strategies for Businesses to Counter Social Engineering Threats
The fundamental cause of social engineering attacks is the mishandling of information. By minimizing information exposure, businesses and their employees can significantly reduce the risk of such attacks. Here’s what they can do:
- Regular Training: Employ phishing simulators and in-person training to educate staff about the dangers of sharing sensitive or personal information related to themselves, their families, colleagues, or the company.
- AI Policy Guidelines: Establish clear online conduct guidelines for employees. For instance, using ChatGPT with proprietary data or code lines is off-limits, as is responding to odd or suspicious inquiries without proper checks.
- Utilize Hacker Tools: Adopt the same intelligence tools used by hackers to proactively gauge the extent of information about your company, personnel, and infrastructure that’s publicly available. Implement a continuous process to minimize this exposure.
Effective cybersecurity starts with addressing the root causes. Since social engineering and poor judgment are behind most cyberattacks, organizations should focus on reducing information exposure and shaping human behavior through training and education. Focusing on these areas can substantially diminish the threat level and the potential repercussions of such exposure.
