Skip to main content

Social Engineering Attack

Introduction

Simply, Social engineering is a process of converting people’s mindsets by being friendly
in order to get confidential, private information to execute an attack. It’s not easy to protect
systems by using sophisticated hardware and software, security professionals should focus
on the weakness of the employees and educate them in order to protect systems from such
attacks. 

Common Patterns

Social engineering attacks involve 4 common patterns.
  1. Collect information about the target.
  2. Build trust with the target.
  3. Exploit the information and execute the attack.
  4. Quit without leaving any proof.



Importance of attack prevention


Social engineering attacks are rapidly increasing and cybercriminals have a high chance of
obtaining valuable and sensitive organizational information. It is the most powerful attack which
cybercriminals use when they cannot find vulnerabilities in software and hardware systems. 
The phishing is the most common social engineering attack reported at the moment and
impersonation of help desk, shoulder surfing, fake software, baiting, tailgating, Pop-up windows,
ransomware, online social engineering, reverse social engineering, phone call social engineering
and robocalls are some of the famous attacks reported recently. By executing aforesaid attacks,
an organization loses not only the sensitive data but also organization reputation and the profit. 
People tend to trust others and extend the help of which the attackers take advantage (using
people’s kindness as a shield ) to reach their goals. Most of the organizations preparing plans
to prevent/minimize social engineering attacks because it executes by taking advantage of
humans’ emotions. 
Attack Mitigation.

Social Engineering attacks are sophisticated and they are very hard to detect. It uses
psychological manipulation for users/employees to make security mistakes or give sensitive
information away. 
There are a few steps than an organization must take in order to minimize the risk of social
engineering attacks.

  1. Encourage security education and training
  2. Make a security awareness culture in an organization.
  3. Provide required tools to detect attacks
  4. Create a procedure to report suspected activities to the security team
System users’ responsibility is to report all the abnormal behaviors of the system to the technical
staff as soon as possible in order to minimize the damage. The IR team or any responsible team
will isolate the affected devices from the network to minimize the loss as much as possible in
case of an emergency.

Ways of identification, containment, neutralization, and recovery
Preparation 
The organization should be prepared to avoid any type of attack by following below instructions. 

  • Fix all security-related bugs in applications.
  • Increase the perimeter level and backend firewalls security.
  • Enhance server security(OS level) and update patches regularly.
  • Keeping regular backups(snapshots) inside the data center and remote locations. 
  • Prepare an incident response plan.
  • Provide security awareness training for all users.
  • Use resistance building techniques in training sessions. 
 Identification:- 
  • Monitor systems and be alert for automated alarms. 
  • Use a log analyzing tool or any other sophisticated method to identify attacks. 
Containment:- 
  • Isolate the system from the network when an attack is identified. 
  • Limit the attack propagation over the companies network.
  • Protect evidence for further investigation and forensic purposes. 
  • Try to identify the source and attackers if possible. 
Neutralization:- 
  • Kill the process of attacks execution by using the endpoint protection system
  • Deactivate the network connectivity. 
Recovery:-

  • Use backups to restore the system after clean the servers/SANs from attack.

Comments

Post a Comment

Popular posts from this blog

Reverse Proxy configuration with WSO2 Identity Server 5.0.0

Reverse proxy is a type of a proxy which can hide back end servers from the client applications. According to the above figure, Original servers are not exposed to the internet. Only reverse proxy is exposed to the internet.Client knows only the reverse proxy IP address. So he thinks that he is sending a request to the reverse proxy.He doesn't know anything about the original server. You can avoid some attacks using this architecture. Today I'm going to configure Apache HTTPD server(reverse proxy) and WSO2 identity server 5.0. Please download WSO2 identity server 5.0 from here You can install apache httpd server using below commands sudo apt - get update sudo apt - get install apache2 Restart the newly install apache server sudo service apache2 restart Apache is a modular server. This implies that only the most basic functionality is included in the core server.So You have to enable few other required features. Please use below command
Post a Comment
Read more

Essential Debug Logs for WSO2 Identity Server

Essential Debug loggers for WSO2 Identity Server  When you are working with WSO2 products, you have to enable debug logs to investigate issues. Its better to enable debug logs only for particular module that you need to investigate. It reduce debug writing time and unnecessary debug reading time.So you can easily understand the root cause when you are reading the console.I'm going to discuss about debug lines one by one. You have to add debug line to [WSO2_HOME]\repository\conf\log4j.properties file, all debug lines are displayed in the console and write to the wso2carbon.log file. To enable loggers for user core.This is helpful to investigate user related issues. log4j.logger.org.wso2.carbon.user.core=DEBUG      To enable debug logs for identity module. This debug log will be helpful to investigate identity related issues. log4j.logger.org.wso2.carbon.identity=DEBUG If you need to investigate saml assertion or assertion related issue, you can enable debug
Post a Comment
Read more

CURL commands to get access token from WSO2 Identity Server

WSO2 Identity server supports all grant types those are defined in oAuth2 core specification Four grant types: Authorization Code Grant Implicit Grant Resource Owner Password Credentials Grant (password) Client Credentials Grant We cannot use curl command directly to get an access token for Authorization code grant type and Implicit grant type. I'm going through other two grant types one by one and provide the curl command to get access token. 3. Get access token using password grant type curl -k -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic ME5fbXdWRXpTVnhfalJIbDV2cmc4RHIycHZBYTp0RmZjcHVFRFM5V1d2eFFEc1ZCd0tWVGd0dE1h, Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/token ME5fbXdWRXpTVnhfalJIbDV2cmc4RHIycHZBYTp0RmZjcHVFRFM5V1d2eFFEc1ZCd0tWVGd is the encoded value of 0N_mwVEzSVx_jRHl5vrg8Dr2pvAa:tFfcpuEDS9WWvxQDsVBwKVTgttMa (<client_id>:<client_secret>). these
Post a Comment
Read more