Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Social Engineering

Methods of Social Engineering

What are some of the methods phishers use to compromise organizations? In this video, Nick goes over the common methods phishers use to gain information: Phishing is most insidious when it uses a combination of techniques. It can even overcome sophisticated security measures like Multifactor Authentication (MFA) – for example, if an attacker manages to steal a password through email, then calls the user pretending to be a technician asking them to approve an authenticator popup on their phone.

Rise of AI-Generated, Fake LinkedIn Profiles Raises Social Engineering Challenges

The nature of LinkedIn’s professional environment facilitates communication among individuals from various backgrounds across industries. However, threat actors have been known to exploit the business networking platform for malicious aims, including intelligence gathering, identity theft and spear phishing. A number of fake profiles identified on the site have been observed targeting individuals in diverse sectors, particularly those with roles in government, cyber security and education.

Goals of Social Engineering

Social engineering, including phishing, is one of the best opportunities for an attacker to enter a well-secured network. Knowing what data is at risk is an important part of any security strategy. What data or systems of value does your organization have access to? That’s what an attacker will try to hijack. Sedara can help protect your organization against social engineering attacks and more. Subscribe to our YouTube Channel to learn more about protecting your organization.

What is Social Engineering?

Many organizations focus on technological controls to protect their assets. But that’s only part of the story! Smart attackers use social engineering to achieve their goals in compromising networks and data. In a social engineering attack vector, attackers lie or present deceptive fronts to convince people to divulge information or take some action that allows the attackers access. If you learned anything from this video, please subscribe to our YouTube Channel! We will be releasing more videos to help you understand cybersecurity for your organization.

Stories from the SOC: Feeling so foolish - SocGholish drive by compromise

SocGholish, also known as FakeUpdate, is a JavaScript framework leveraged in social engineering drive by compromises that has been a thorn in cybersecurity professionals’ and organizations’ sides for at least 5 years now. Upon visiting a compromised website, users are redirected to a page for a browser update and a zip archive file containing a malicious JavaScript file is downloaded and unfortunately often opened and executed by the fooled end user.


Cyber Risk Intelligence: County Government Cyber Incident May Have Involved Social Engineering and Targeting of Vulnerable SSH Services

The government of a U.S. county announced on September 11 that a recent cyber incident had disrupted its online services. Subsequent coverage of the event has noted that it strongly resembles a ransomware attack. The disruption comes against a backdrop of frequent ransomware activity targeting state and local governments and the education sector.


Social Engineering and VPN Access: The Making of a Modern Breach

In what seems to be a constant drip of headlines about large enterprises experiencing security incidents, the world most recently learned of a successful data infiltration of rideshare and delivery company Uber. In a blog update, Uber attributed the attack to the infamous Lapsus$ group that has made a name for itself over the past year with successful breaches of household names including Microsoft, Rockstar Games, Samsung, Nvidia, Ubisoft, and Okta.


What is Social Engineering?

Social engineering is the psychological manipulation used to get others to do things or reveal private information. Between 70% and 90% of data breaches involve social engineering. Social engineering is currently one of the largest cybersecurity dangers facing both small and large enterprises. These “human hacking” techniques are commonly used in cybercrime to trick unwary users into disclosing information, dispersing malware infections or granting access to restricted systems.


Don't Hack the Computer - Hack the Person! Recently Observed Social Engineering Attacks

When most people think about the origin of a cyberattack, the image is that of a hacker using some kind of exploit against software or hardware in order to gain unauthorized access to systems. The hacker is seeking data to exfiltrate and monetize, either through re-sale on the darknet or extortion through ransomware.