CEH v10: 09 Social Engineering
Certified Ethical Hacker v10 Chapter 09: Social Engineering.
Social engineering is an act of stealing information from humans.
- No interaction with target system or network
- Non-technical attack
- Convincing the target to reveal information
One of the major vulnerability which leads to this type of attack is "Trust". User trust in another user and does not secure their credentials from them.
Employees are uneducated at organizations, so this is a major vulnerability.
Lack of security policies and privacy are also vulnerable.
Steps of Social Engineering
Research
- Collection of information from the target organization
- Collected by dumpster diving, scanning, search on the internet, ...
Select target
- Select the target among other employees
- A frustrated target is more preferred
Relationship
- Create relationship with the target
- Earn the trust
Exploit
- Collecting sensitive information such as usernames, password, etc...
Social Engineering Techniques
##Types of Social Engineering
Human-based Social Engineering
One-to-one interaction with the target. Earn the trust to gather sensitive information from the target.
Impersonation
Pretend to be something or someone, pretending to be a legitimate user or authorized person. Impersonation is performed by identity theft.
Eavesdropping and Shoulder Surfing
Eavesdropping is a technique in which attacker is revealed information by listening to the conversation. Reading or accessing any source of information without being notified.
Shoulder Surfing is a method of gathering information by standing behind the target.
Dumpster Diving
Looking for treasure in trash.
Reverse Social Engineering
The attacker convinces the target of having a problem or might have in the future to get sensitive information.
Piggybacking and Tailgating
Piggybank is a technique in which attacker waits for an authorized person to gain entry in a restricted area. Tailgating is a technique in which attacker gains access to the restricted area by following the authorized person.
Computer-based Social Engineering
Phishing
Attacker send fake emails which looks like legitimate email. When recipient opens the link, he is enticed for providing information.
Spear Phishing
Similar as phishing but it is focused on one target. Because of this, it is generate higher response rate.
Mobile-based Social Engineering
Publishing Malicious Apps
These applications are normally a replica or similar copy of a popular application.
Repackaging Legitimate Apps
Repack a legitimate app with a malware.
Fake Security Apps
Attacker develop a fake security app.
Insider Attack
Social Engineering is not all about a third person gathering information, it may be an insider with privileges.
Impersonation on Social Network Sites
Social Engineering Through Impersonation on Social Network Sites
Attacker gathers personal information of a target from different sources mostly from social network sites such as full name, date of birth, email address, residential address, etc. After gathering the information, the attacker create an account that is exactly the same. Then introduced to friends, group joined by the target to get updates or convince the target's friends to reveal information.
Risks of Social Network in a Corporate Networks
Social network sites is not secured enough as a corporate network secures the authentication. The major risk of social network is its vulnerability in the authentication. The employee while communicating on social network may not take care of sensitive information.
Identity Theft
- Stealing the identification information of someone
- Popularly used for frauds
- Prove the fake identity to take advantage of it
Process
- Gathering information: full name, address, contacts, accounts, birth information, bill from social networks, dumpster diving, etc...
- Fake identity proof: get fake IDs (driving licence, ID card, etc...)
- Fraud: spend money, unauthorized access, use ID for frauds, etc...
Countermeasures
- Security of sensitive information
- Physical security
- Rotational duties
- Monitoring
- Controlled access
- Least privileges
- Strong policies
- Training
- Bio-metric authentication
- Audit
- Awareness
Tools
- social engineering toolkit (linux)