9 2 2024 - rtji0/Arthur-Tech-Journal GitHub Wiki

9/2/2024

Social Engineering Attacks

  • Manipulating a user to take actions that compromise themselves or their security
  • Often by deception online
  • Human vectors attack surface
  • Various methods to gain trust of user

Phishing Attacks

  • Sending an email message that pretends to be something related to the user in order for them to take actions to compromise their security
  • Often preys on a sense of urgency (short deadlines, threat of immediate harm if ignored)
  • Spear Phishing - targeted phishing campaigns (companies, family, etc.)
  • Whaling - targeting authorities in organizations; could just be for fun hehe
  • Vishing - AI voice cloned message
  • Smishing - SMS based phishing attack, because phones listen to you
  • Business Email Compromise - takes advantage of electronic payments, false requests for funds appearing legitimate
  • Phishing is the largest and most consequential cyber threat for both enterprise and individuals

Impersonation

  • Masquerading as a legitimate person or website in order to steal information and money from individuals
  • Brand impersonation, posing as a reputable business (Lookalike sites, etc.)

Misinformation

  • Misinfo - false or inaccurate info
  • Disinfo - intentionally false or inaccurate info for malicious purposes
  • Hoax/False warning attack
  • Watering Hole Attack - targeted attack at a small group of individuals - often execs using the same website - can be infected with malware

Other Types of Social Engineering Attacks

  • Dumpster Diving - physically digging through trach bins to find receipts and other info
  • Google Dorking - advanced google search techniques to find info on victims
  • Shoulder Surfing - physically watching a person enter info such as passwords, which they can use later

Perimeter Defenses

  • "Industrial Camouflage" - basically making a building look uninteresting and nondescript
  • Physical perimeter defenses must be used to restrict access
  • Barriers, guards, sensors, security buffers, locks, etc.
  • Fences and bollards to keep people from entering without access

Guarding

  • Human guards - probably good idea for multiple (two person integrity)
  • Limited authorization (log book, open hours, designated persons entering only)
  • Video surveillance - face recognition- hotspots for cameras to focus on
  • HVAC systems to keep the area cool so that no machines overheat
  • Drones

Sensors

  • IR sensors
  • Microwave sensor
  • Ultrasonic sensors to determine distance of a target (Not susceptible to smoke, gas, or other vison obscuring particles)
  • Pressure sensors to determine if someone has entered a restricted area

Security Buffers

  • Additional layers of security to keep intruders from entering while not deterring authorized persons
  • Mantrap - first door opens, second door does not
  • Reception area
  • Waiting room for low security