the nature of social engineering attacks
ISS Q1Prathik Meka: (need your opinion on this with minimum of 150 words)
Social engineering is the practice of psychological manipulation of people to achieve a desired outcome or duping them into giving up confidential information, money, and in most cases both. Social engineering works on the premise of taking advantage of human emotions like fear, greed, love, and most importantly social engineering attacks target the basic trusting nature of humans. The victims of social engineering can be anyone who is not aware or someone who doesn’t give enough attention to the content they are reading on the internet. Social engineering attacks are more dangerous than general hacking or phishing emails because, these attacks are disguised in the form of emails from a trusted friend, or something that can take advantage of our curiosity. Attackers could also use a compelling story like they are person who are in dire need of help and lead victims into giving them financial support.
One of the classic examples of social engineering is the Trojan Horse, where the Greeks played to the Trojans’ ego by appearing to accept defeat and leaving Trojan shores with all their army but a gift. The Trojans believing the gift to be a genuine acceptance of defeat took it in to their kingdom and celebrated their victory. Little did they know that there was a small group of elite soldiers in the giant wooden horse, who came out in the night and let the Greek army into the gates of Troy, thereby destroying the whole kingdom. A recent and more common example would be that of the Michigan county employee, Thomas Katona, who was a treasurer of the Alcona county. Katona fell for a fake investment scheme saying it was from a Nigerian prince and promised huge returns for Katona’s investment. This may seem like a simple and obvious attack but we can learn a lot from this incident. The attackers targeted a designated official who was working for the treasury and by doing this made it seem like a genuine offer which was open only for the elite. The second successful element of this attack was catering to the greed of Thomas Katona.
Such incidents can be prevented by spreading general awareness about the nature of social engineering attacks along with hacking and phishing emails. Few of the ways to prevent such incidents would be to report and delete any request for financial or confidential information as no organization exchanges such information through email. Information handling procedures like encryption and classification should be followed to avoid sensitive information reaching the hands of individuals. If there are requests for help, we need to reject them as no organization will ask for help from an individual. Thorough cyber security strategies must be implemented along with a robust firewall setup and spam filters to avoid unnecessary emails reaching employees. Securing all the devices in the organization by installing anti-virus software, anti-phishing tools, email filters, as well as training the employees to identify and report any kind of cyber attack will help in protecting company information and property.
ISS Q2 Vikas kumar gujala (need your opinion on this with minimum of 150 words)
In the field of social engineering, we have identified the following attack scenarios: Attackers in different channels for social engineering attacks. They are mainly performed by people, and software is classified as physical, technical, social or social. The boundaries of different types of attacks are very scalable and, in most cases, are not technically exhausted. Engineering is an electronic communication environment that tries to acquire sensitive information or to force someone to disguise themselves as trustworthy people in the way you want them to. They usually aim at a large group of people. Engineering attacks can take place in almost any channel, from physical presence to attackers ‘ websites, social networks and even cloud services. Attacks against specific individuals or companies are called spear engineering. Replication-engineering requires attackers to gather information about alleged victims first, but with a higher success rate than traditional engineering. If engineering attacks are directed to high-profile targets in the enterprise, the attack is further whaling. Garbage cans immerse in the practice of filtering individuals or enterprise recycle bins to find obsolete items that can be used to compromise a system or specific confidential information. User accounts.
Surfing refers to using direct observation techniques to get information, such as seeing someone on the screen or on a keyboard. Reverse social engineering is an attack that finds a simple trust between the attacker and the victim. An attacker creates a situation in which the victim needs help and then presents himself in a personal way. The victim will examine the person who can solve the problem and gain privileged information. Of course, attackers try to choose an individual who they think has the information to help them. Water holing describes the target attack, and the attacker destroys a site that may be of interest to the selected victim. Then the assailant waited in the puddle for the victim. Advanced persistent threats are long-term, primarily internet-based spy attacks on attackers, and their capabilities and intentions are stubbornly extracted from the system. The bait is an attack. During this time, the media infected with the malware will remain where the target victim can find it. To prevent this type of attack, you need to improve physical security. The discussion also emphasizes that today’s social engineering attacks mostly depend on the combination of social and technical methods. Therefore, in order to effectively prevent social and technological attacks, consumers need to be better aware of social engineering attacks and to protect their equipment at the technical level.
Burchell, S., Clubb, C., Hopwoo, A.G., Hughes, J. and Nahapiet, J. (1980). The roles of accounting in organizations and society. Accounting, Organizations, and Society, 5 (1), 5-27.
Chan, M., Woon, I. and Kankanhalli, A. (2015). Perceptions of information security in the workplace: Linking information security climate to compliant behavior. Journal of Information Privacy & Security, 1 (3), 18-41.
MIS Disc1: No less than 300 words
1. Discuss the relationship between data, information, and knowledge. Support your discussion with at least 3 academically reviewed articles.
2. Why do organization have information deficiency problem? Suggest ways on how to overcome information deficiency problem.