Social Engineering, Insider Threats, Advanced Spear Phishing

Abdulaziz Karam and Zainab BuSakher. 

Department of Computer Science and Information Systems, College of Engineering and Applied Sciences (CEAS) 

American University of Kuwait (AUK), 
Salmiya, Kuwait 

Abdulaziz Karam, Email: S00035621@auk.edu.kw  

Zainab BuSakher, Email: S00034682@auk.edu.kw 

Abstract: We live in a world in which practically everything has been digitalised. This technological era has been reported to be the death of humans and invasion of their privacy, as everything we regularly do manually can be simply performed by a click of a button, a swipe of a smartphone or even a clap of the hands, and as a result; tech-savvy individuals with malicious intents have taken advantage of the opportunity to prey on innocent victims that are unaware of these technical changes occurring.  This paper will illustrate who fall victim and the reason behind it, including the techniques and skills that are required to perform the mentioned malicious acts. 

1. Introduction 

Cybersecurity threats have become very common in our businesses and daily lives. The known definition of cyber threats involves performing malicious acts in the digital space that aim at causing harm on individuals, their information and captured data. Cyber threats include viruses, stealing of data breaching of privacy and denial of service. The main purpose of these attacks is for financial gain, yet another high percentage is vengeance. Attackers are now focusing more on the manipulation of data and information. Cyberattack mainly happens in the cyberspace, and it is used to attack companies and individuals. Over 40% of companies and security professionals are scared that their employees would take part in providing information accidentally to hackers due to a lack of awareness (Liu, Qiuyang &Chandel, 25). According to   Cybersecurity Insiders 2020 Insider Threat Report, specific states that 68% of companies think that they are vulnerable to insider attacks. Another percentage, 58%, believe that it has become challenging to detect insider attacks since most organizations have moved to cloud computing. This data clearly shows us that most companies are afraid of such a threat as it may cause a lot of damage to their company. 

Some of the attacks that happen in the cyber world often are very annoying, some are quite serious, and some are very disastrous and threatening to human lives (Iffat &Abdallah, 2). In most cases, the organization ends up losing valuable data and even incur losses. In most cases, these cybersecurity threats do not involve people from the outside. People who are very trusted with data and systems perform most of the cyber threats intentionally or unintentionally. In most cases, these people are insiders in a company.  These insiders vary from malicious insiders and negligent insiders. Multiple reports have been used to describe how an organization responds to cybersecurity threats. They have a way that they respond to the malicious risk posed by malicious and accidental insiders.  

2. What attacks involve 

In this paper, we are going to be discussing some of the cyber threats that involve inside attacks such as social engineering and insider threat. Unlike hacking, social engineering involves the tricking of the victim’s mind to do what they want. These two are the most common cases when it comes to cybersecurity, and it has grown over the years. Hackers are advancing every day by manipulating users to give those data themselves. For each cyber threat, attackers use insiders to help in manipulating data. For cases such as social engineering, victims may not be aware of their participation in cyber threats. Victims are tricked in providing sensitive information to the attacker. For inside threat, participants are either current employees, former employees, or an external party with a third-party insider who helps them.  

Insider threat is part of social engineering, which is also known as Unintentional Insider threats (UIT). Unintentional insider threats involve people who unintentionally or maliciously allow websites or software access to their system or network. This kind of intrusion may cause mass destruction as data is leaked to the attacker. These people may be employees, previous employees, or partners who are working together with the organization. Social engineering, on the other hand, involves the manipulation of an individual to give up sensitive data (Salahdine et al., 1). This kind of attack can be either a short-term attack or long-term attacks. Short-term attacks involve a single social engineering event. The data stolen during the event will cause harm and greater loss for the company. Long-term attacks, on the other hand, involves the attacker exploiting vulnerabilities to carry out the attack further. The process may take more than two weeks, but the damage that it causes is major (Liu, Qiuyang &Chandel, 25). The attacker, in this case, takes their time to research the victim or even build trust so that they can use the information acquired on the victim.  

3. Methods used by attackers in social engineering 

Social engineering uses various methods of carrying out the attack. The social engineer does not necessarily have to have contact with the victim. The reason as to why this method is very popular is that it is not technical. The first method is an online threat, which mainly occurs on the internet (Liu, Qiuyang &Chandel, 26). Social engineering uses data transmission medium like the internet in the form of emails, pop-up applications, worms, or viruses. This method is very effective because many companies use the internet to communicate with their clients or employees through email. Second, telephone-based threats. This method is where the attacker tries to acquire information from the victim through the phone. The victim may not suspect a thing because this is a rare method of attack. Finally, waste management threats (Liu, Qiuyang &Chandel, 26). This is where the attacker analyses information gotten through junk search or dumpster diving.  Information such as discarded user ID or employee information is very valuable to the attacker.  

Social engineers have become very successful due to some methods they use. These methods we will discuss extensively with more examples throughout the paper. Social engineers use intimidation, persuasion, integration, and assistance (Liu, Qiuyang &Chandel, 26).  The first method id intimidation.  The attacker who used this method creates fear in the victim by pretending to be a high- level figure so that they may agree on the request—secondly, persuasion where the attacker tempts the victim using lies for his or her gain. Every attacker knows which lies to use for every situation. Thirdly, integration, which involves building the trust of the victim. This method takes approximately two weeks to interact with the victim and build a relationship. Through this, the attacker easily gains the information they need to form the victim. Finally, an attacker uses a method known as assistance. This method involves the attacker asking for help from a third party to gain access to the victim (Liu, Qiuyang &Chandel, 26). They may take time to research on the victim and try finding more information from their colleagues. 

4. The evolution of social engineering summarized 

 Social engineering leads to a type of insider attack know as user error.  This is where victims click on a link accidentally that leads them to a malicious website. The targeted Individuals are tricked into giving the attacker their sensitive information such as passwords or bank information (Kristian et al., 1). The main reason as to why it is very popular because it is not very technical. Social engineers do not have to use a lot of effort to track an individual. 

In most cases, these threats cannot be stopped but can easily be detected. Once the threat has taken place, it would take both time and money to stop the attack.  The attackers take advantage of the information they get and can easily use it to manipulate the victim. The attacker may even sell this data for specific purposes, such as selling the data in the black market or the dark web. Most of the information is sold for capital gain. 

The evolution of social engineering has been influenced by changes in the society, psychology discipline advancement, and development of new technologies. Social engineers are very creative, and they grow as different developments come into place. Every tactic they use is expected to grow and take advantage of the new technology and situation. Technology advancement, such as artificial intelligence and IoT, has made it easy for attackers to find information. Anyone can find a lot of information on a person using data search engines. There are techniques used in social engineering to deliver malicious software. In some cases, that part of the attack is informing of gaining additional information from the victim, stealing data, or obtaining easy access to networks and systems.  Social engineering techniques can range from complicated attacks, which look as real as the normal interaction to indiscriminate attacks that can easily be detected (Salahdine et al., 6).   

5. Tactics in acquiring information 

Social engineers are different; however, they use different tactics in acquiring information. They have a typical pattern that involves four phases. The first phase consists of gathering information about the target (Salahdine et al., 3). Through extensive research, they can collect enough information about an individual within a small period. The second phase involves building a close relationship with the target. This also helps them gather more information on the goal. The third phase involves executing the attack by exploiting the information they got on the target. It is effortless for them to attack at this point because they have verified all their sources on the information gathered. Finally, they leave with no traces.  Most of the time, social engineers use big data for capitalizing on very important data for business purposes. 

6. Forms of social engineering 

The most common form of social engineering attacks includes phishing, baiting, ransomware, pretexting, scareware, advanced spear phishing and insider threat.  

Phishing- This is one of the most common forms where the attacker sends an email or text message with a malicious link that leads the victim to a website. This will prod the victim into giving out personal information that may lead to loss off data. 

Vishing-this is a type of phishing but over the phone. Phishing occurs over emails. In this case, the attacker uses a fake phone number to call the victim. For example, they may pose as the bank trying to get credentials to form the victim to fix their bank account issues. 

Baiting-This form of social engineering is more like phishing, but the victims use things like Trojan horse. Attackers use devices such as USB drives with Trojans lying around aimlessly, hoping that someone will pick it up.  In case, the person uses it in their devices. The device gets infected, giving access to the attacker. The modern form of baiting involves download links that just pop up on the web page. This link contains malicious software that gives the attacker access.  

Quid pro quo- This is a type of baiting. The difference is that in this case, the attacker offers the victim something in return for offering the data they want. The most popular example is where the attacker pretends to be the technical support for a service you have, and they ask you for personal data such as passwords and usernames to be assisted with a problem with your work account. 

Ransomware- This form of advancing requires the attacker to rely on deception to trick the victim into clicking a link or downloading a file that then allows the attacker into their own network, afterwards, the malware that encrypts the clicked link or downloaded file makes the victim inaccessible unless they pay the ransom to the attacker. 

Pretexting- This form of attack involves the attacker acquiring sensitive information from the victim using some lies. They give the victim the impression that they need the information to perform a very important task. The attacker always gains the victim’s trust by impersonating something that the victim knowns, such as a co-worker.  

Scareware-Scareware involves attackers giving the victim the impression that some sort of virus has affected their machines. The attacker then prompts the victim to install certain software that contains the malware. This will give the attackers entry to the victim’s computer, hence accomplishing their mission. 

Advanced spear phishing- Advanced Spear Phishing is another method where an attacker acquires information through inside access. Advanced Spear Phishing is the most common social engineering technique. Advanced Spear Phishing involves sending out an email to a specific individual to steal data from (Oliveira, Daniela, et al., 6412). In most cases, cybercriminals tend to install malicious software’s in a target’s computer to have access to the data they want. For example, an email arrives in your inbox with a link that leads to a website full of malware. Most of the time, the emails look like credible emails.   

They use smart ways to attract individual attention. Advanced Spear Phishing is more personalized; unsolicited emails are sent that as a user to click on a particular link with the purpose to mislead the user into what appears to be a legitimate website (Sebastien, 1). The site is typically spoofed, which would make it easy for a target to key in their passwords, bank details, and username.  Advanced Spear Phishing is more personalized where the attacker first takes time to gather as much information as possible about their victim. This will make it very easy for them to trap the victim. The main target of these techniques are individuals with critical information. The emails have a more detailed and personalized message to gain the trust of the goal (Sebastien, 3). Because of the trust factor of the email, the recipient finds it hard to identify the phishing attack. Normal phishing is very detectable because it involved sending out of bulk email. 

More sophisticated attackers will take their time to personalize the victim’s email and appeal the message to look legitimate carryout Advanced Spear Phishing.  Most targets of Advanced Spear Phishing often play an essential role in the attacker (Allodi, Luca, et al., 4). They usually have sufficient information that the attackers need—having to limit your victims to make the goal more achievable. Most Advanced Spear Phishing emails look legitimate. However, some can be easily detected because they contain some indicators that rat them out. 

This method is ubiquitous, especially to trick high-level employees such as executives by tricking them into giving them confidential information. They may also use these senior employees to reach other employees leveraging the credibility inherent to executive communication throughout the messaging process. Advanced Spear Phishing techniques are not only limited to acquire sensitive information from the target. Often time they plant malicious ransomware the company’s network to encrypt the company’s data. This gives them easy access to extort fees from the victim. Attacks are more customized as developments go by. For instance, in the hospitality and retail businesses, attackers tend to take a keen interest in point of sale reconnaissance Trojan that affects the company as a whole. Phishing attack techniques are continuing to grow and substantially adopted by attackers. They are a natural attempt for attackers to achieve any malicious activities they want to make. 

Insider threat- Insider threat is another common cyber threat that attacks most of the organizations.  An insider threat, on the other hand, entails security threats that originate from inside the company (Markus et al., 12). Most of the time, these insider threats are brought about by employees inside the company, a business associate who has access to the company’s details or a former employee. 

7. Frequency of the attacks 

This kind of threat has grown over the years all around the global and domestic companies. These threats have become very frequent over the years as the numbers grow. The individuals who undertake these activities possess specific characteristics and personality traits (Markus et al., 14). They will convey to their fellow staff the eminence of an assault. By identifying these characteristics and behaviours and the motivations that cause them, it is hypothesized that businesses would be able to take a more proactive position of protection as compared to a reactive position. To achieve this mission, companies need to incorporate various layers of technical means of defence, as well as take a more practical, proactive approach with interaction across the company. 

8. Types of people who fall victim and/or are accused of participating in the attack 

While the word insider threat has been somewhat co-opted to describe purely malicious behaviour, an established continuum of insider threats is present. Not all insiders are alike and differ considerably in terms of motivation, knowledge, level of access, and purpose (Matthew, 12). For insider threats, both technical and non- technical measures should be taken. Types of insiders are categorized according to what role they place in performing the task. These categories include turn cloaks, mole, pawns, lone wolves and goofs. 

Turn cloaks are those malicious insiders tend to misuse their privileges to steal information for financial or personal gain. A person who has a grudge on a former employer may want to seek revenge by selling the companies data (Matthew, 13). These attackers have an advantage since they know the company’s policies concerning security. An opportunistic employee who wants to sell the company’s secret for commercial gain may also be termed as turn cloak.   

A mole, who is also known as a collaborator, is an external who seeks assistance from an insider to gain access to the organization. The insider knows how to access the information they need. A mole has the privilege of accessing, either sensitive data, systems of networks.  

The third type expressed as the pawn is the careless insiders who have no idea that they took part in exposing the company. They innocently make mistakes that quickly exposes the organizational system to outside threats. Such errors are like leaving a laptop unattended. (Markus, et al., 16).  

The lone wolves like working alone. They do not have an external influence or internal influence to help them manipulate an order; this kind of individuals are dangerous when they have administrative privileges or secure access to systems and network.  

Finally, the goofs that are involved in taking deliberately and potentially harmful actions (Matthew, 13). In most cases, this kind of person is very ignorant, and they always feel that they are entitled to be exempted from security policies in an organization. 

9. Examples of well-known companies and organisations falling victim to social engineering 

Ubiquity networks, Amazon, and Sun Trust are companies that have fallen victim to social engineering attacks. Ubiquity networks fell victim to social engineering attacks in the year 2015 (Subhadeep, 3). They fell victim to Business email compromise (BEC). The finance employee received an email requested him to transfer finance to someone else. The sender of the email claimed to be their bank top executive.  Ubiquity networks is an American technology company that manufactures wireless networking products. The BEC attacks cost the company 39.1 million dollars to stop the attack. (Subhadeep, 3). This kind of social engineering attack is one that the attackers modifies the email of a high-ranking executive to make it look real. They then used the phishing email to commit fraud. They transferred money to the bank of their choice. Ubiquiti was the first company of this kind of attack. Later on, more companies started to complain of such cases in their companies. The FBI then stated that victims of such crimes made lose worth 214 million dollars combined 

 A widespread example of Spear phishing is one the happened to Amazon in the year 2015. Amazon is a very popular, trusted online shop.  According to the article, Amazon Users Targets of Massive Locky Spear-Phishing Campaign by the threat post, a detailed of the incident is given (spring, n.p). Customers were tricked using an email that was sent to them.  The customers who were affected were clients who had made orders at that time. That email contained a link that prompted them to install specific software, which happened to be ransomware.  The recipients got a word document with a macro which triggered downloads of the Locky ransomware. According to researchers, this more significant ransomware fraud had ever taken place and lasted for almost 12 hours. Within those 12 hours, it had sent out over 30 million messages to amazon clients, saying it was an update for their orders (spring, n.p). The fraud was all over the US and European countries. The email looked legitimately from amazon. The email stated that their order had been dispatched, but the body part was empty. A Microsoft word attachment prompted them to enable macros. For those who enabled macros, the ransomware immediately downloads, installs and encrypts itself. 

According to the article, sun trust ex-employee may have stolen data on 1.5 million bank clients in 2018, which is an example of a real-life case of insider threats (Saxena &Mishra, n.p). Sun Trust Bank said that a former employee was trying to download a client’s information so that they can provide data to a criminal outside of the organization. The employee may have stolen personal details and account balances of the client’s width of 1.5 million. The CEO states that the information may not have come out of the bank, but there was a possible insider threat in place. The company is now more cautious about how they operate because there could be a potential data leak. According to the article, very personal information such as the client’s pin, user ID, account number, driver license information, and password don’t seem to have been stolen(Saxena &Mishra, n.p). Most of Sun Trust bank was informed of a potential data threat. Investigations were still going on at this time, but this is just an example of a potential insider threat. 

10. The technologies used to perform the act of social engineering 

Attackers have used new technologies in performing their malicious acts. Most companies have implemented new security measures as well as improved and complex systems. Attackers are learning more about the implementation of AI technologies. With the increased implementation of AI technologies to counter cyber-attacks, attackers are also advancing and using it to create smart malware that would execute attacks (Ismail, np).   Attackers are creating malicious codes and hiding than in new applications. The code is made to execute at a certain time maybe after a year after the application has been installed or after the system has reached a certain number of users who have subscribed to it. This will increase the impact of malware, as the system is more vulnerable at that time.  The success rate of this kind of AI- trigger attacks, the attacker requires application of AI skills such as creating models and deriving private keys that will assist in customizing the malware on when and where the malware will be executed.  

Such AI features would be in an application for years being completely undetected.  This will give the attacker enough time to customize and weaponized the malware and attack whenever they want to (Ismail, np). Attackers are fully implementing AI as it requires fewer efforts, but the success rate is always at its top. The attacker can easily get a lot of information form the system, such as the system vulnerabilities and what prevents attacks from being successful. AI smart malware can also exploit those vulnerabilities that are not mitigated. This will increase the rate of compromise to the target. In case a smart malware comes across a vulnerability that is patched, they can adapt and learn the system to use a different type of attack to compromise the system. 

 Finally, AI attackers also use this technology to create malware that can mimic a trusted system component.  The performance and the system environment look the same. This kind of attack is called stealth attacks. For this kind of attacker, the attackers first learn a system environment and protocols, and when they are vulnerable, the attacker enters blending with the security environment. They are very dangerous as the attacker would compromise the system and leave when they want, and no trace of the attacker is left behind (Ismail, np). 

11. Why social engineering is a very popular attack method 

 According to the information given above, it is clear that social engineering entirely relies on the full participation of the victim. Personals who have knowledge about the company’s system or have control over very sensitive data are the main targets. This is because they can easily give social engineers the access they need to complete their tasks.  Humans can be very unpredictable with system knowledge and can easily give social engineers the password to the system (Kristian et al., 1). Foreseeing future social engineering threats is very difficult in such cases. Social engineering attackers play with the psychology of a human through greed, curiosity, shyness, courtesy, apathy, and gullibility such as curiosity, gullibility, timidity, courtesy, thoughtlessness, indifference, and desire. 

12. Methods that help in preventing from falling victim into a social engineering attack 

Control measures have to be put in place to prevent future attacks. I would advise companies to focus more on creating awareness for their employees on the possible social engineering attacks. Companies have used common techniques to protect them from cybersecurity threats such as the use of antivirus, blocking known websites associated with phishing and baiting, not allowing unauthorized devices like USB, cd/DVDs, or floppy disks (Salahdine et al., 8). However, social engineers have become very smart in bypassing all these controls. The best prevention against social engineering involves raising awareness to fellow employees and educating them on the importance of these controls. Some of the knowledge involves teaching employees on possible signs of phishing emails and potential frauds (Koyun et al., 7537). This will help them more alert on emails that looks suspicious. For organizations that have CiSP membership can ask for advice from them on ways to improve awareness. Frequent awareness sessions should be held in the company. This should enable mandatory training and the induction of new employees. Some of the companies have been able to perform penetration tests to show how easy a social engineering attack can be successful on any member of the company. 

Other measures include encouraging employees to always verify strange emails or messages. This is by calling the person who claims to have sent the email to confirm if they sent the email (Salahdine et al., 10). Another standard advice given to everyone involves information made available in our Socials. Everyone needs to be careful about how much information we put out in our social media. This would easily make our target of social engineers. Policies established by the organization to reduce cases of fraud and phishing should be fully implemented.   Finally making sure that your organization has placed in strategies and controls in times where such an occurrence has happened. In case social engineering has occurred in your organization, everyone should be aware of what to do next to contain the situation. 

Attackers may take advantage of an employee’s innocence when they are not aware of such attacks. Questions employees should ask when they receive an email with a suspicious link are as follows: who is the sender? An employee should be in a place to determine and verify the identity of the sender. They should be in a position to know if they expected an email from that person or that person would be in a position to send such an email (Allodi, Luca, et al., 7). The second question, is the style of writing consistent with the email? It is effortless to know how different people in the organization send particular emails based on urgency. An employee should be in a position to tell if anything appears unusual with the one, spelling, or need of the email. Is the request out of the ordinary? Unexpected emails that have to link would look suspicious. Finally, have any other colleagues received the same email? This would help you as an employee to quickly determine spear phishing. For instance, you get emails that claim to come from the department head; most of your colleagues in the same departments should have gotten the same email. The organization must make every employee aware of the company’s policies on security and communication.  

Controlling the use of administrative privileges is another way of preventing social engineering attacks. This means that not everyone in the organization will be in a position to access administrative accounts. This is safer for the organization in case of an actual attack. Administrative accounts will only be used when required. An individual with administrative privileges opens a malicious link with a suspicious website. The whole IT system will be compromised in a way that malware will be deployed, assuming administrative rights. With this access, an attacker may install malware and have access to the company’s network very quickly. All data and sensitive information will be compromised with such privileges. That is why controlling such rights to a controlled number of people who can be more careful with such emails. 

 Carrying out frequent vulnerability assessment tests. The main aim of attackers is to exploit a system from the weakest point of the system. System vulnerabilities may be the most accessible form of entry of attackers. It is important to make sure that all the software and system are up to date with the recently updated patches (Allodi, Luca, et al., 7). Makings sure that all issues in the systems are sorted will help to make them more secure. Making sure to patch all devices in the organization is important. This means that all phones, laptops, computers, servers, routers, and switches will be patched to ensure that in case a link is clicked, no malware will be installed. 

 Firewall, proxies, demilitarised perimeter network, network-based IPS, and IDS should be installed to reduce traffic through the network borders. This will be able to detect malicious activity and block it. It is important to filter both inbound and outbound traffic to look for any unusual events that may suggest malicious activities. Using the boundary defence mechanism, malicious code from Advanced Spear Phishing activities will be detected and controlled before it can reach across the system. 

Organizations should come up with a training plan to educate their employees on threats that are caused by social engineerings, such as advanced spear phishing using commercially available tools. In the training package, organizations come up with test plans to ensure that all employees take in training. Test training such as sending test emails with a link to all employees. In case any employee clicks on the link in that email, they are taken in for the training, making them understand the importance of not clicking the link on suspicious email (Allodi, Luca, et al., 7). This will prevent future attacks on minor mistakes made by employees. Organizations also offer antiviruses and ant phishing tools that help employees detect phishing contents that are contained in a website or email. This is an advanced level of protection from cyber threats, unlike traditional mechanisms like antiviruses. 

Monitoring emails, data, files, and activities in your primary data sources (Matthew, 30). This will assist in detecting unusual events taking place in the system. Unsolicited activities that you are not aware of. An organization needs to know where essential and sensitive data is placed.  In addition, to control the number of people that will handle such information by controlling administrator control. With this, not everyone will have access to sensitive information. In case of an attack, it will be easy to trace back who is in play when it comes to leaking out of the confidential information. 

 Another way to prevent these threats is to allow the owners of the data to manage who can or cannot access their data. (Matthew, 30) This is in cases such as a bank where the owner of the account can only access their account using the right pin. There is an attack; the owner will be aware of that attack. In this case, they have to manage the permission of their data. Another prevention measure is to prepare a security portal where there is an alert in case of abnormal behaviours. Such unusual behaviour includes an attempt to gain access to critical data in the system, try to obtain access permission to sensitive data outside of the normal process,  increased activity of filed in a confidential folder, attempt to delete large volumes of data at the same time, try to change system logs in the system. Finally, a large number of data is emailed out of the company to an anonymous recipient without the company’s authority. In case employees have strong willpower to follow the company’s policy being able to have a data security mind-set, these controls will save the company a lot of struggle to pick up the company after a significant loss of relevant data or finances. 

13. Conclusion  

In conclusion, cybersecurity threats have caused many companies over the years. Most companies have undergone substantial declines after a cyber-attack such as losses, bad reputation, and even lost clients. In the modern-day, attackers are mainly focusing on data and information of an organization or an individual. Attackers aim at compromising the system and networks by leaking the company’s sensitive information, stealing a company’s assets or finances.  Most attackers aim at damaging the company’s reputation for a particular reason. Above, we have discussed three cybersecurity threats that include social engineering, advanced Spear Phishing, and insider threats. All of them are related in that they involve inside manipulation of data and systems. Social engineering is the manipulating individuals to give up sensitive information. In this case, the attackers use strategies such as phishing or baiting to access confidential information.  

Advanced spear phishing is a type of social engineering that involves the use of emails that contains a suspicious link that leads to a website with malware. In both cases, the links sent look very legitimate as the attacker takes their time to know the victim and personalize the email. Since it is the most common form of social engineering, the frequency of Advanced Spear Phishing keeps on increasing each year and is delivered on a much broader scale.  Besides, what is worrying is the fact that most of these attacks are being made from trusted sources that are usually compromised accounts. These attacks are designed to disarm email security measures that focus on sender validation. Attackers specifically look for vulnerabilities such as lousy IP reputation, spoofed domain names, and things like DKIM and SPF   that will all generally fail to raise any red flags. These attacks often have a high success rate in subverting a well-trained end-user who might otherwise be cautious enough to avoid emails from an unknown sender. 

Finally, insider attacks involve security threats that originate from inside the company. In this type of threat, there are different ways in which they can manipulate a company.  An insider may be an employee, an employee who was previously working in the company, or an associate that has access to the company’s details. In all these threats, we have discussed different controls and measures that vary in all risks. Attackers are very smart; they do a completer search on their target. Due to curiosity, greed, or ignorance, attackers are able to manipulate individuals very easily. As much as technical controls have been put in place, employees require to be trained on following the company’s policy on security. Create awareness on the possible social engineering threats and how to detect them. The main targets are employees of high levels and those with knowledge on the system and network.  

Reference 

Allodi, Luca, et al. “On the Need for New Anti-phishing Measures against Spear Phishing Attacks.” IEEE Security & Privacy (2019). 

Aparajita Saxena, Parikshit Mishra, SunTrust says ex-employee may have shared info on 1.5 million clients Retrieved from https://www.reuters.com/article/us-suntrust-clients/suntrust-says-ex-employee-may-have-shared-info-on-1-5-million-clients-idUSKBN1HR1VT(2018) 

Beckers, Kristian, and et al. “Creativity Techniques for Social Engineering Threat Elicitation: A Controlled Experiment.” REFSQ Workshops. 2017. 

Dasgupta, Subhadeep. “SOCIAL ENGINEERING–THE VULNERABILITY OF INTERNET.” 

Gheyas, Iffat A., and Ali E. Abdallah. “Detection and prediction of insider threats to cybersecurity: a systematic literature review and meta-analysis.” Big Data Analytics 1.1 (2016) 

Goutal, Sebastien. “Detecting and thwarting spear-phishing attacks in electronic messages.” US Patent Application No. 14/861,846. 2017 

Kont, Markus, et al. “Insider threat detection study.” NATO CCD COE, Tallinn (2015). 

Koyun, Arif, and Ehssan Al Janabi. “Social engineering attacks.” Journal of Multidisciplinary Engineering Science and Technology (JMEST) (2017). 

Nick Ismail,” AI in cybersecurity: a new tool for hackers?” retried from 

 https://www.raconteur.net/technology/ai-cybersecurity, February 26, 2019 

Oliveira, Daniela, et al. “Dissecting spear-phishing emails for older vs. young adults: On the interplay of weapons of influence and life domains in predicting susceptibility to phishing.” Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. 2017. 

Salahdine, Fatima, and Naima Kaabouch. “Social engineering attacks: A survey.” Future Internet 11.4 (2019): 89. 

Tom Spring, Amazon Users Targets of Massive Locky Spear-Phishing Campaign Retrieved from https://threatpost.com/amazon-users-targets-of-massive-locky-spear-phishing-campaign/118323/ (2016) 

Waters, Matthew D. “Identifying and Preventing Insider Threats.” (2016). 

Xiangyu, Liu, Li Qiuyang, and Sonali Chandel. “Social engineering and Insider threats.” 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). IEEE, 2017.