One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8400065 |
| Date de publication | 2023-10-25 10:00:00 (vue: 2023-10-25 10:08:28) |
| Titre | Ingénierie sociale: piratage d'esprit sur les octets Social engineering: Hacking minds over bytes |
| Texte | In this blog, lets focus on the intersection of psychology and technology, where cybercriminals manipulate human psychology through digital means to achieve their objectives.
Our world has become more interconnected over time, and this has given rise to an entirely new breed of criminal masterminds: digital criminals with deep psychological insights who use technology as the ultimate battlefield for social engineering activities. Welcome to social engineering - where your mind becomes the battlefield!
Before the digital revolution, social engineering was practiced face-to-face and practitioners of this form were known as "con men," regardless of gender. Today however, cybercriminals use psychological methods to trick individuals into compromising their systems, divulging sensitive data, or participating in malicious activities unwittingly.
An unsuspecting employee receives an email purporting to be from an official subscription service for software used at their organization, prompting them to log-in as quickly as possible and avoid having their account frozen due to inactivity. Following a link in this email leading them directly to a convincing fake login page, unknowingly giving away their credentials which give a threat actor access to company systems and confidential data. This deception was an ideal example of Business Email Compromise (BEC). An attacker created an urgent phishing email designed to distort employee judgment. There was reconnaissance conducted beforehand by threat actors, so they already possessed information regarding both an employee\'s email address and web-based applications, making the attack became even more effective.
Social engineering is one of the primary strategies criminals use in their attempts to attack our systems. From an information security perspective, social engineering is the use of manipulative psychological tactics and deception to commit fraud. The goal of these tactics is to establish some level of trust to convince the unsuspecting victim to hand over sensitive or confidential information.
Here are some books that offer a range of perspectives and insights into the world of social engineering, from the psychology behind it to practical defenses against it. Reading them can help you better understand the tactics used by social engineers and how to protect yourself and your organization.
1. Influence: The Psychology of Persuasion" by Robert B. Cialdini
Robert Cialdini\'s classic book explores the six key principles of influence: reciprocity, commitment and consistency, social proof, liking, authority, and scarcity. While not solely focused on social engineering, it provides valuable insights into the psychology of persuasion that are highly relevant to understanding and defending against social engineering tactics.
2. "The Art of Deception: Controlling the Human Element of Security" by Kevin D. Mitnick
A former hacker turned cybersecurity consultant, delves into the art of deception and social engineering. He shares real-life examples of social engineering attacks and provides practical advice on how to protect yourself and your organization from such threats.
3. "Ghost in the Wires: My Adventures as the World\'s Most Wanted Hacker" by Kevin D. Mitnick In this autobiography, Kevin Mitnick recounts his personal experiences as a hacker and social engineer. He provides a fascinating insider\'s perspective on the tactics used by hackers to manipulate people and systems, shedding light on the world of cybercrime and social engineering.
4. "Social Engineering: The Art of Human Hacking" by Christopher Hadnagy Summary: A comprehensive guide to social engineering techniques and strategies. It co |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | while about access account achieve activities actor actors address adventures advice against already applications are art aspects assessment attack attacker attackers attacks attempts authority autobiography avoid aware awareness away based battlefield bec became become becomes before beforehand behavior behind better blog book books both breed building business bytes can christopher cialdini classic cognition commit commitment company comprehensive compromise compromising con conducted confidence confidential cons consistency consultant controlling convince convincing countermeasures covers created credentials criminal criminals cyberattacks cybercrime cybercriminals cybersecurity dark data deception deception: deep defend defending defenses defensive delves depend designed detail digital directly distort diving divulging due dumpster eavesdropping effective element email emails emerging employee engineer engineering engineering: engineers entirely establish even every examines example examples excellent exclusively execution experiences exploit exploiting explores face fake fall fascinating fincher focus focused focusing following form former fraud from frozen game: gathering gender ghost give given giving goal guidance guide hacker hackers hacking hacking: hadnagy hand has having help here highly his how however human ideal inactivity including increasingly individuals influence: information insider insidious insights interaction interconnected intersection intrusion jack johnny judgment keeping kevin key known konnikova leading lets level life light liking link log login long looking low making malicious manipulate manipulative maria masterminds: means men methods michele mind minds mitnick mitnick more most new non not objectives offensive offer offers official often one organization organizations over page participating people personal personnel perspective perspectives persuasion phishing physical pinzon policies possessed possible practical practiced practitioners primary principles procedures prompting proof protect provides psychological psychology purporting quickly range rapport reading real reasons receives reciprocity reconnaissance recounts regarding regardless regular relevant resource revealing revolution rise robert scams scarcity scott security sensitive service sessions shares shedding shoulder sides six skilled social software solely some specifically strategies subscription successful such sufficient summary: surfing systems tactics tech techniques technology them themselves these those threat threats through time today training trick trust turned ultimate understand understanding unknowingly unsuspecting unwittingly urgent use used valuable various victim vulnerabilities wanted waters: web welcome well where which who why wiles wires: world your yourself |
| Tags | Vulnerability Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.