Social Engineering Attacks in an Age of Artificial Intelligence:

Advances in AI and Software Engineering will force cyber-criminals to focus on "soft skills' attacks, here are a few ways to mitigate those risks.

Social Engineering

  2018-12-13 07:10:00

  ,

Originally posted By Scott Wightman

As advanced technologies like artificial intelligence and machine learning become more mainstream, it is inevitable that security software will start leveraging these technologies to better learn and adapt to counteract the efforts of those that spread malware.  

This is likely in my view to force them into using some of the more “soft skills” approaches to try and get around the technology. This is commonly called social engineering and has been around in one form or another for as long as mankind has been civilized. One of the most famous acts of social engineering was so effective it is remembered to this day and even has a whole class of malware named after it – Odysseus’ Trojan Horse. Confidence tricksters and con men still use these kinds of techniques to fool people into trusting them with their money today. 

 

Some common social approaches that are likely to be used to try and sidestep advanced technology defenses are:  

  1. Impersonation
  • It is well known within security circles that there are few effective defenses against an attacker that has physical access to servers or network equipment.  
  • This may well lead to people attempting to impersonate authorized IT service staff to gain access. This kind of attack is perhaps more likely in a more remote branch site where staff may be less aware and vigilant.  
  • The attacker is bound to behave confidently and sound like they are supposed to be there.  

How to mitigate the risk: Staff training is key to make sure they verify the identity of anyone wanting to access IT equipment.  

  1. Support Phone Calls
  • We have all experienced the fake “Microsoft Support” calls that come out of the blue telling us there is something wrong with our PC and we need to let them help us out. 
  • This is a surprisingly effective social engineering attack on the unwary and has been used in one form or another for many years. I expect there will be a noticeable rise in this kind of approach in the coming years.  

How to mitigate the risk: Staff training is key here to make sure they do not give out any sensitive information to callers that may be leveraged in an attack or allow callers to access their computer without verifying who they are.  

  1. Tailgating
  • Similar to the first point when getting physical access is the goal, tailgating refers to a method of gaining access to restricted areas by quickly following someone who does have access through a controlled door.  
  • These people may be strangers with a gift for talking to people and putting them at ease, appearing to be just another employee, or may even be an actual employee who is up to no good. 

How to mitigate the risk: Awareness and a protocol for access.   

  1. Quid Pro Quo
  • Another method that we may well see a lot of more is efforts to entice employees on the inside of a company into doing something for the attacker by making them some kind of offer in return.  
  • This is most likely to be effective against disgruntled employees but anyone could be fooled into thinking this is some kind of free gift and not realize what they are really doing for the attacker.  

How to mitigate the risk: Again, as always it is training and awareness that will be the best defense. 

 

Protect your business with Advantech Total Shield™

 

Start Here

Posted in Tech Blog and tagged , .