Social Engineering, Insider Threats, Advanced Spear Phishing

We live in a world in which practically everything has been digitalised. This technological era has been reported to be the death of humans and invasion of their privacy, as everything we regularly do manually can be simply performed by a click of a button, a swipe of a smartphone or even a clap of the hands, and as a result; tech-savvy individuals with malicious intents have taken advantage of the opportunity to prey on innocent victims that are unaware of these technical changes occurring. This paper will illustrate who fall victim and the reason behind it, including the techniques and skills that are required to perform the mentioned malicious acts. ### 1. Introduction Cybersecurity threats have become very common in our businesses and daily lives. The known definition of cyber threats involves performing malicious acts in the digital space that aim at causing harm on individuals, their information and captured data. Cyber threats include viruses, stealing of data breaching of privacy and denial of service. The main purpose of these attacks is for financial gain, yet another high percentage is vengeance. Attackers are now focusing more on the manipulation of data and information. Cyberattack mainly happens in the cyberspace, and it is used to attack companies and individuals. Over 40% of companies and security professionals are scared that their employees would take part in providing information accidentally to hackers due to a lack of awareness (Liu, Qiuyang &Chandel, 25). According to Cybersecurity Insiders 2020 Insider Threat Report, specific states that 68% of companies think that they are vulnerable to insider attacks. Another percentage, 58%, believe that it has become challenging to detect insider attacks since most organizations have moved to cloud computing. This data clearly shows us that most companies are afraid of such a threat as it may cause a lot of damage to their company. Some of the attacks that happen in the cyber world often are very annoying, some are quite serious, and some are very disastrous and threatening to human lives (Iffat &Abdallah, 2). In most cases, the organization ends up losing valuable data and even incur losses. In most cases, these cybersecurity threats do not involve people from the outside. People who are very trusted with data and systems perform most of the cyber threats intentionally or unintentionally. In most cases, these people are insiders in a company. These insiders vary from malicious insiders and negligent insiders. Multiple reports have been used to describe how an organization responds to cybersecurity threats. They have a way that they respond to the malicious risk posed by malicious and accidental insiders. ### 2. What attacks involve In this paper, we are going to be discussing some of the cyber threats that involve inside attacks such as social engineering and insider threat. Unlike hacking, social engineering involves the tricking of the victim’s mind to do what they want. These two are the most common cases when it comes to cybersecurity, and it has grown over the years. Hackers are advancing every day by manipulating users to give those data themselves. For each cyber threat, attackers use insiders to help in manipulating data. For cases such as social engineering, victims may not be aware of their participation in cyber threats. Victims are tricked in providing sensitive information to the attacker. For inside threat, participants are either current employees, former employees, or an external party with a third-party insider who helps them. Insider threat is part of social engineering, which is also known as Unintentional Insider threats (UIT). Unintentional insider threats involve people who unintentionally or maliciously allow websites or software access to their system or network. This kind of intrusion may cause mass destruction as data is leaked to the attacker. These people may be employees, previous employees, or partners who are working together with the organization. Social engineering, on the other hand, involves the manipulation of an individual to give up sensitive data (Salahdine et al., 1). This kind of attack can be either a short-term attack or long-term attacks. Short-term attacks involve a single social engineering event. The data stolen during the event will cause harm and greater loss for the company. Long-term attacks, on the other hand, involves the attacker exploiting vulnerabilities to carry out the attack further. The process may take more than two weeks, but the damage that it causes is major (Liu, Qiuyang &Chandel, 25). The attacker, in this case, takes their time to research the victim or even build trust so that they can use the information acquired on the victim. ### 3. Methods used by attackers in social engineering Social engineering uses various methods of carrying out the attack. The social engineer does not necessarily have to have contact with the victim. The reason as to why this method is very popular is that it is not technical. The first method is an online threat, which mainly occurs on the internet (Liu, Qiuyang &Chandel, 26). Social engineering uses data transmission medium like the internet in the form of emails, pop-up applications, worms, or viruses. This method is very effective because many companies use the internet to communicate with their clients or employees through email. Second, telephone-based threats. This method is where the attacker tries to acquire information from the victim through the phone. The victim may not suspect a thing because this is a rare method of attack. Finally, waste management threats (Liu, Qiuyang &Chandel, 26). This is where the attacker analyses information gotten through junk search or dumpster diving. Information such as discarded user ID or employee information is very valuable to the attacker. Social engineers have become very successful due to some methods they use. These methods we will discuss extensively with more examples throughout the paper. Social engineers use intimidation, persuasion, integration, and assistance (Liu, Qiuyang &Chandel, 26). The first method id intimidation. The attacker who used this method creates fear in the victim by pretending to be a high- level figure so that they may agree on the request—secondly, persuasion where the attacker tempts the victim using lies for his or her gain. Every attacker knows which lies to use for every situation. Thirdly, integration, which involves building the trust of the victim. This method takes approximately two weeks to interact with the victim and build a relationship. Through this, the attacker easily gains the information they need to form the victim. Finally, an attacker uses a method known as assistance. This method involves the attacker asking for help from a third party to gain access to the victim (Liu, Qiuyang &Chandel, 26). They may take time to research on the victim and try finding more information from their colleagues. ### 4. The evolution of social engineering summarized Social engineering leads to a type of insider attack know as user error. This is where victims click on a link accidentally that leads them to a malicious website. The targeted Individuals are tricked into giving the attacker their sensitive information such as passwords or bank information (Kristian et al., 1). The main reason as to why it is very popular because it is not very technical. Social engineers do not have to use a lot of effort to track an individual. In most cases, these threats cannot be stopped but can easily be detected. Once the threat has taken place, it would take both time and money to stop the attack. The attackers take advantage of the information they get and can easily use it to manipulate the victim. The attacker may even sell this data for specific purposes, such as selling the data in the black market or the dark web. Most of the information is sold for capital gain. The evolution of social engineering has been influenced by changes in the society, psychology discipline advancement, and development of new technologies. Social engineers are very creative, and they grow as different developments come into place. Every tactic they use is expected to grow and take advantage of the new technology and situation. Technology advancement, such as artificial intelligence and IoT, has made it easy for attackers to find information. Anyone can find a lot of information on a person using data search engines. There are techniques used in social engineering to deliver malicious software. In some cases, that part of the attack is informing of gaining additional information from the victim, stealing data, or obtaining easy access to networks and systems. Social engineering techniques can range from complicated attacks, which look as real as the normal interaction to indiscriminate attacks that can easily be detected (Salahdine et al., 6). ### 5. Tactics in acquiring information Social engineers are different; however, they use different tactics in acquiring information. They have a typical pattern that involves four phases. The first phase consists of gathering information about the target (Salahdine et al., 3). Through extensive research, they can collect enough information about an individual within a small period. The second phase involves building a close relationship with the target. This also helps them gather more information on the goal. The third phase involves executing the attack by exploiting the information they got on the target. It is effortless for them to attack at this point because they have verified all their sources on the information gathered. Finally, they leave with no traces. Most of the time, social engineers use big data for capitalizing on very important data for business purposes. ### 6. Forms of social engineering The most common form of social engineering attacks includes phishing, baiting, ransomware, pretexting, scareware, advanced spear phishing and insider threat. **Phishing**- This is one of the most common forms where the attacker sends an email or text message with a malicious link that leads the victim to a website. This will prod the victim into giving out personal information that may lead to loss off data. **Vishing**-this is a type of phishing but over the phone. Phishing occurs over emails. In this case, the attacker uses a fake phone number to call the victim. For example, they may pose as the bank trying to get credentials to form the victim to fix their bank account issues. **Baiting**-This form of social engineering is more like phishing, but the victims use things like Trojan horse. Attackers use devices such as USB drives with Trojans lying around aimlessly, hoping that someone will pick it up. In case, the person uses it in their devices. The device gets infected, giving access to the attacker. The modern form of baiting involves download links that just pop up on the web page. This link contains malicious software that gives the attacker access. **Quid pro quo**- This is a type of baiting. The difference is that in this case, the attacker offers the victim something in return for offering the data they want. The most popular example is where the attacker pretends to be the technical support for a service you have, and they ask you for personal data such as passwords and usernames to be assisted with a problem with your work account. **Ransomware**- This form of advancing requires the attacker to rely on deception to trick the victim into clicking a link or downloading a file that then allows the attacker into their own network, afterwards, the malware that encrypts the clicked link or downloaded file makes the victim inaccessible unless they pay the ransom to the attacker. **Pretexting**- This form of attack involves the attacker acquiring sensitive information from the victim using some lies. They give the victim the impression that they need the information to perform a very important task. The attacker always gains the victim’s trust by impersonating something that the victim knowns, such as a co-worker. **Scareware**-Scareware involves attackers giving the victim the impression that some sort of virus has affected their machines. The attacker then prompts the victim to install certain software that contains the malware. This will give the attackers entry to the victim’s computer, hence accomplishing their mission.