One Article Review
| Source |  knowbe4 |
|---|---|
| Identifiant | 8344804 |
| Date de publication | 2023-06-13 13:00:00 (vue: 2023-06-13 13:06:57) |
| Titre | CyberheistNews Vol 13 # 24 [Le biais de l'esprit \\] le prétexage dépasse désormais le phishing dans les attaques d'ingénierie sociale CyberheistNews Vol 13 #24 [The Mind\\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks |
| Texte |
CyberheistNews Vol 13 #24 | June 13th, 2023
[The Mind\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks
The New Verizon DBIR is a treasure trove of data. As we will cover a bit below, Verizon reported that 74% of data breaches Involve the "Human Element," so people are one of the most common factors contributing to successful data breaches. Let\'s drill down a bit more in the social engineering section.
They explained: "Now, who has received an email or a direct message on social media from a friend or family member who desperately needs money? Probably fewer of you. This is social engineering (pretexting specifically) and it takes more skill.
"The most convincing social engineers can get into your head and convince you that someone you love is in danger. They use information they have learned about you and your loved ones to trick you into believing the message is truly from someone you know, and they use this invented scenario to play on your emotions and create a sense of urgency. The DBIR Figure 35 shows that Pretexting is now more prevalent than Phishing in Social Engineering incidents. However, when we look at confirmed breaches, Phishing is still on top."
A social attack known as BEC, or business email compromise, can be quite intricate. In this type of attack, the perpetrator uses existing email communications and information to deceive the recipient into carrying out a seemingly ordinary task, like changing a vendor\'s bank account details. But what makes this attack dangerous is that the new bank account provided belongs to the attacker. As a result, any payments the recipient makes to that account will simply disappear.
BEC Attacks Have Nearly Doubled
It can be difficult to spot these attacks as the attackers do a lot of preparation beforehand. They may create a domain doppelganger that looks almost identical to the real one and modify the signature block to show their own number instead of the legitimate vendor.
Attackers can make many subtle changes to trick their targets, especially if they are receiving many similar legitimate requests. This could be one reason why BEC attacks have nearly doubled across the DBIR entire incident dataset, as shown in Figure 36, and now make up over 50% of incidents in this category.
Financially Motivated External Attackers Double Down on Social Engineering
Timely detection and response is crucial when dealing with social engineering attacks, as well as most other attacks. Figure 38 shows a steady increase in the median cost of BECs since 2018, now averaging around $50,000, emphasizing the significance of quick detection.
However, unlike the times we live in, this section isn\'t all doom and |
| Envoyé | Oui |
| Condensat | #24 #24 $50 $5bn 000 100km/h:https://youtube 13th 2012 2018 2023 231 2:00 365 7:25 :https://www able about abused academic academics access according account across act action actor actors actually add added adding additional address addresses administratively administrator adorable adults advisory aerospace affected aforementioned africa after afterwards against aggravated aired albert alert alert:https://www all allow almost also altered always amanda amazing americans ammo anderson anime another anti any apart appeal appear appeared appears appliances applying appropriate approximately april apt43 are around article: artificial asia ask asking assistance associated attachment attack attacker attackers attacks attend audi augmented authentication automate averaging avoid awareness away awesome babies:https://www back bane bank banks banshee barracuda based be/xiqkewofwmk be/y1r4zotay6u bec become becomes becs been beforehand being believing belongs below benefit best between bias biking bit black bleepingcomputer block blocklist blog blog: blog:https://krebsonsecurity bloghttps://blog bluntly bots brand branded breach breaches break brhqqwxi broad budget bureau business but button call called calling campaign campaigns can can/should can: card carrying cases categories: categorized category cause caused causes center center/press centers ceo ceoknowbe4 changes changing channel chatbots:https://thecyberwire chatgpt chatgpt: chats children chinese chn chollima cia circles circulated claiming claims/ class classic clean click clicks closer co/p/opinion code codes coerce coerced collect collection com/2023/06/05/world/europe/putin com/2023/06/08/radio com/2023/06/barracuda com/2023/06/service com/archive/2023/06/03/space com/article/3698277/shadow com/chatgpt com/cyberheistnews com/en/article/y3wwwb/the com/fbi com/flip com/implementing com/information com/lord com/media com/news/security/new com/north com/password com/phisher com/podcasts/hacking com/verizon com/video/wooglobe/27bb212ea1 com/watch com/why combat comes commenced commission common communications community companies companion company complaint complaints complexity compromise compromising computer concept conducted conducting configuration configure confirmed consent consenting console conspiracy contact contain content continually continued continues contributing contributor conversing convince convincing correctly cost could countermeasure counts couple course cover covert crack create created creates credential credentials credit crime criminal criminals crucial csoonline currently customers cut cyber cyberheist cyberheistnews cybersecurity: cyberspace czar dams:https://www danger dangerous data dataset date/time: day dbir dealing deceive decommission deep deep: deeper deepfake deepfakes deer defense defenses deliver delivery demand demands demo department departments designed desperately details detection develop difference difficult diffusion/ diffusion:https://arstechnica digital dimple direct disappear discover disgusting disinformation distribute dive dkim dmarc does doesn dog dollars domain don doom doppelganger double doubled douglas down downhill downloading dprk dramatically drill driven dune:https://www earth ease easily east eastern easy einstein element email emails embezzled emotions emphasizing employed employees enable enabled enabling end enforcement engineering engineers ensure enters entire entries eric especially essence essential establish etc evangelist even eventually ever evident exactly examination existence existing expanded expands experts explained: explanation explicit exploitation exploited external fact factors fake fall family fan farmer fascinating fave fbi feature fee fewer fights figure filmed filters financially find fines firewall first five fixes flaming flipboard flixxy follows foreign former forward found free friend friends from fully fun fundamental future gain gains gang gateways gateways/ geopolitical get ghwua&feature=share give global gloom goal golden google gopro: gov/media/y2023/psa230605 governmen |
| Tags | Spam Malware Vulnerability Threat Patching |
| Stories | Uber APT 37 ChatGPT ChatGPT APT 43 |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.