Triskele Labs Blog

Recent developments in social engineering attacks you need to know

Written by Nick Morgan | Apr 21, 2021 4:05:19 AM

According to recent statistics, more than 98% of cyber attacks are based on social engineering; a tactic that manipulates the human tendency to help people or exploits innate fears through various ransoms and threats. 

It’s no surprise, then, that most cyber attacks are based on this type of manipulation because, as we know, the human factor is the weakest element in any cybersecurity infrastructure.

Contrary to what many people believe, large organisations with stringent cybersecurity measures are not immune to these kinds of threats. In fact, even IT professionals have reported being successful targets of these hacks.

In recent years, these attacks have become more common, largely due to the increased use of the internet and the concurrent lack of safety precautions being practised to protect our data. Cybercriminals have also learned how to manipulate human biases, largely thanks to the wealth of personal information available on our social media feeds.

Our posts on social media sometimes include tidbits of insights like our values, our political standpoints, our likes and dislikes, among other things. Cybercriminals use this information very successfully to stage attacks.

When it comes to how we work with our clients, we believe that being informed about the latest methods used to infiltrate systems, and more specifically, launch social engineering attacks, can help businesses avoid becoming victims.

Let’s explore some of the more recent trends in this area of cybersecurity.

Deepfakes

The technology capable of launching deepfakes first surfaced in 2017 primarily to edit explicit images with the faces of celebrities. Today, deepfaking also works on audio clips and video clips.

Although the technology is being used for many non-threatening purposes like movie production, cybercriminals are using it to execute sophisticated social engineering schemes, which raises concerns about how secure our businesses really are against this new form of attack. 

Specifically, cybercriminals are using this technology to create doctored video and audio clips of public authorities or celebrities in a bid to manipulate individuals to divulge critical information or to transfer funds.

Phishing attacks have also become more sophisticated with the use of voice or audio phishing, which uses doctored audio clips in conjunction with emails to prompt unauthorised fund transfers.

SIM swapping

Cybersecurity experts have always been major advocates of two-factor authentication as a bid to improve security. Cybercriminals, however, have found ways to nullify the protection of two-factor authentication, using what is known as SIM swapping.

Rather than guessing the OTP code using brute force methods or other password cracking measures, SIM swapping works by manipulating the user to provide the OTP sent to their phone, which can be used to access user accounts and critical data. 

That said, we still recommend using two-factor authentication whenever possible, despite the growing use of SIM swapping in manipulative attacks. 

Here, active effort must be taken to avoid sharing these codes with anyone, even family members or close colleagues.

Personalised attacks

As highlighted above, it’s normal these days to use our social media platforms to share information, no matter how personal or sensitive it is.

Sometimes, we even share the names of relatives, loved ones, kids and pets. Certain individuals use these names as the passwords for their accounts—sometimes even multiple accounts. 

The problem is that determined cybercriminals can use this information to gain access to your social media profiles. What’s worse, is that this is often just a getaway to your other accounts and data. 

Understand the latest trends in cyber attacks to bolster social engineering prevention 

With its exploitation of human biases and weaknesses, social engineering has become one of the greatest security risks we’re facing today. 

This is the case despite our best efforts to safeguard our data and systems. Cybercriminals are using newer and more sophisticated methods to stage these attacks.

By gaining knowledge through security awareness training, specifically on social manipulation tactics, it may be easier to keep business systems and data secure.