Feb 22, 2013
Strategy: Heading Off Advanced Social Engineering Attacks
During the last few years, security researchers have uncovered malware that could have been developed only by incredibly well-resourced and skilled programmers. Take the Stuxnet worm, for example. Designed to specifically target and subvert Siemens supervisory control and data acquisition systems that control and monitor industrial processes, it included a highly specialized payload — a programmable logic controller rootkit. But creating such an advanced program is only one phase of an attack.
To be of any use, the program or payload has to be installed on the victim’s network or device. Those behind Stuxnet initially relied on USB drives to infect their intended targets. However, more and more attacks are duping targeted individuals into inadvertently installing malware or providing confidential information by using sophisticated social engineering techniques — often getting the victim to break security procedures or to ignore common sense. In this Dark Reading report, we examine some of the current methods of fooling users, from next-generation phishing attacks to “watering holes” that trick unsuspecting Web surfers into giving up critical information. (S6590213)