Social Engineering, very Effective for Cyber-Criminals Targeting Corporate Networks

Cyber-criminals are using more and more of social engineering for infiltrating corporate networks taking advantage of humans -the most vulnerable within the security plan of any company, states Positive Technologies a security firm in its report dated April 9, 2018.

The firm examined the ten biggest penetrating testing projects it carried out for clients during the last 2 years. The tests involved 3,332 electronic mails dispatched to staff members having web-links, forms to enter passwords, along with attachments while imitating hackers' work.

During the tests, 15% of the respondents answered e-mails having web-link to one page, and an attachment, whereas 7% answered the test electronic mails carrying attachment. Techrepublic.com posted this, April 9, 2018.

Social engineering is most effective in making victims out of Internauts when the latter are sent an e-mail having one web-link to phishing site, getting 27 percent of recipients into following the web-link pointing to one page soliciting login details. As per the report, Web-surfers frequently ignore or casually see the URL, thus mot knowing they're accessing certain fake website.

Moreover according to cyber-security resilience leader Leigh-Anne Galloway at Positive Technologies, the electronic mails become increasingly effective when attackers use a combination of methods in order that an e-mail may've one malevolent file as well as one web-link associated with a site having several exploits, along with one entry form for passwords. While malware tainted attachments are possible to block using adequate anti-virus protection, there's little surety that end-users can be stopped from getting duped so they won't divulge their pass-phrase.

Sometimes, staff members complained about their inability to open the malware tainted web-links/files. At times, these members attempted at viewing the files else typing in their pass-phrase onto the phony website as many as 30-40 times. Sometimes the frustrated members even sent them to their IT department seeking assistance that escalated the organization's risk even more since IT employees have a greater likelihood for believing their colleagues and so view the files.

For lessening dangers of social engineering assaults, there should be regular trainings as well as examinations of how well every member of the staff abides by the security principles.

» SPAMfighter News - 4/16/2018