Category: Social Engineering

Social engineering, a technique involving manipulation to gain confidential information, has seen a significant rise in recent years. As of Q3 2023, it emerged as a preferred method of “human hacking” by threat actors. This escalation, covering various tactics like phishing, smishing (SMS phishing), voice phishing (vishing), along with others, highlights the urgent need for robust mitigation strategies. 

Some Recent Trends in Social Engineering Attacks include:

Malicious QR Codes:

What are Malicious QR Codes?

• A cyberattack where an initially innocent QR code leads to a harmful website or even downloads malware onto your device. Threat actors tend to post these heinous QR codes in various places such as public advertisements, emails, and even physical objects such as public transportation benches, etc.

How do you mitigate against them?

• Be Paranoid: Avoid scanning QR codes from unknown sources.
• Verify the URL: If possible, hover over the QR code with your scanner without clicking the link. Once you see the URL, manually type in that URL using a tool like urlscan in your browser to ensure its legitimacy. 
• Keep Software Updated: Always keep your device’s operating system and security software up to date to assist in protecting against the latest threats posed towards said software.
• Enable MFA: Utilizing multi-factor authentication will add additional layers of security to your online accounts making it less attractive for threat actors to obtain your information.
  • Monitoring your MFA logs and performing quarterly simulated phishing campaigns are some best practices to utilize in your environment.
  • As a SecurIT360 SOC MDR client, we can add this particular log source type in our SIEM solution to best accommodate your environment’s real-time monitoring.

Deepfake Recordings:

What are Deepfake Recordings?

• As the hype of Artificial Intelligence continues to rise, Threat Actors are rapidly finding ways to manipulate this technology for malicious gain as well. Deepfake recordings are artificially generated audio or video files that convincingly mimic the voice or video recordings of a specific person saying or doing things that they never actually have. This technological advancement has made it increasingly difficult to distinguish real from fake.
• Deepfakes are generated from collecting large datasets from the targeted individual. The audio data is then fed into a machine learning model to train it into recognizing the speech patterns along with other vocal characteristics of the target.
• As a Security professional, you can see the dangers of deep fakes and how a Threat Actor can utilize them to social engineer their way into breaching a company’s data.

How do you mitigate against them?

• User Education: Staying up to date on the latest TTPs (Tactics, Techniques, and Procedures) especially as technology is forever changing will assist in keeping your data safe. As we all know, Companies are only as strong as their weakest link. Keeping your company’s employees educated can be the difference between a Data Breach and Data Security.
• Stay Vigilant & Verify Sources:  Be skeptical of audio messages that seem out of character for the speaker. “When in doubt, shout it out” meaning if you get an unexpected message from someone always verify it came from the source before acting on the message.
• Critical Analysis of Media: Pay attention to the context of the video or image. Often, deepfakes are used in implausible scenarios.
• Use Technology to your advantage: There are plenty of deepfake detection tools available that one can use to assist in distinguishing manipulated content. Additionally, regularly updating your cybersecurity software can defend against malware that could be used to produce deepfakes.
• Legal and Policy Awareness: Stay informed about deepfake regulations in your jurisdiction. Support laws and policies aimed at preventing the misuse of deepfake technology.
• Use of Code Words: Create a unique, private code phrase with your family and close contacts. This phrase should be used as a verification method during unexpected calls to prevent falling victim to scams. 

Typesquatting:

What is Typosquatting?

• A cybercrime where attackers register domain names that are very similar to legitimate websites (often with just a single letter or character difference).
  • Example: “Gooogle.com” instead of “Google.com”
• The goal is to deceive users who make typos when entering a website address. The fake website is often designed for credential phishing, where the user connects to the fake website and then inputs their username and password.

How do you mitigate against it?

• Utilize URL registration tools: As mentioned earlier in this article, tools such as URLVOID.com or urlscan.io can be used to verify if a URL was recently registered (a clear indicator of malicious activity). See the reference list at the bottom of this post for links to the suggested tools.
• Double-check URLs: Always verify the website address before entering sensitive information. A tool you can use to verify the legitimacy of a URL is ANY RUN Sandbox. This a tool where you can type in the suspect URL into a virtual environment and see where it leads to without risking harm to your physical device.
• Use Bookmarks: Save your frequently visited websites as bookmarks or favorites to avoid typing the incorrect URL.
• Educate Yourself and Your Organization: Stay informed about the latest cyber threats and how to properly protect yourself. Perform regular phishing simulations in your environment to ensure your users are always prepared.
  • As a company, your best line of defense is your employees. Making sure they are aware of the latest TTPs will make your defense strategies unquestionably better.
  • The SecurIT360 SOC Team can assist with this through our KnowBe4 managed services. Through this service, we can set up Phishing Simulations along with Awareness Training.

Targeted Industries: Professional services, particularly legal firms, manufacturing, and construction, have been prime targets of these type of attacks. These sectors often face Business Email Compromise (BEC) and Ransomware threats that all stem from Social Engineering. 

Notable Attack Groups: Groups like LOCKBIT, BLACKCAT, and newer entities like CACTUS and RHYSIDA have been active recently. RHYSIDA has been known to target the healthcare sector specifically. 

The continuous evolution of social engineering tactics demands a multi-faceted approach to security. By combining policy enforcement, employee education, technological safeguards, and robust response plans, organizations can significantly reduce the risk and impact of these types of attacks. As these threats become more sophisticated, staying vigilant and proactive instead of reactive is the key to safeguarding valuable data and resources. 

Tools Referenced:

• Check if a Website is Malicious/Scam or Safe/Legit | URLVoid
• URL and website scanner – urlscan.io
• Interactive Online Malware Analysis Sandbox – ANY.RUN