Preventing Social Engineering Attacks in IT Networking Designing
Added on 2023-06-13
6 Pages779 Words218 Views
Running head: IT NETWORKING DESIGNING
IT NETWORKING DESIGNING
Name of Student
Name of University
Author Note
IT NETWORKING DESIGNING
Name of Student
Name of University
Author Note
1IT NETWORKING DESIGNING
TASK 1
Ubiquiti Networks case
A famous case of social engineering is the Ubiquiti networks case which is a USA
based company dealing with high performance networks. The company lost 39.1 million
dollars due to social engineering attack. Cybercriminals sent some emails to the company’s
employees claiming themselves to be executive members of the organization and asked them
to send huge amount of money to a particular bank account of the cybercriminals. Social
engineering takes advantages of human weakness to execute the hacking attempt.
RSA secure ID breach
The RSA secureID breach occurred in the year 2011 when cybercriminals sent a
couple of phishing type of emails to some small groups of employees. The emails contained
a MS excel sheets type of document named “2011 recruitment plan” which had a zero-day
exploit that installed a backdoor foot-printing mechanism through an Adobe Flash related
vulnerability. The two factor authentication of RSA was compromised and the company lost
$66 million dollars to recover from the social engineering attack.
Hidden Lynx Watering Hole on Bit9
The attack occurred in the year 2013 when a Chinese hacker group named “Hidden
lynx” used hacking technique named “water holing technique” to attack the security firm Bit9
and compromised their digital code signing certificates which, at later stage targeted some
Bit9 customers. By the water hole technique malware was injected within the legitimate
website which was used by the organization. The cybercriminal group accessed the Bit9’s file
signing infrastructure so that they could sign malware and make it appear authenticated.
TASK 1
Ubiquiti Networks case
A famous case of social engineering is the Ubiquiti networks case which is a USA
based company dealing with high performance networks. The company lost 39.1 million
dollars due to social engineering attack. Cybercriminals sent some emails to the company’s
employees claiming themselves to be executive members of the organization and asked them
to send huge amount of money to a particular bank account of the cybercriminals. Social
engineering takes advantages of human weakness to execute the hacking attempt.
RSA secure ID breach
The RSA secureID breach occurred in the year 2011 when cybercriminals sent a
couple of phishing type of emails to some small groups of employees. The emails contained
a MS excel sheets type of document named “2011 recruitment plan” which had a zero-day
exploit that installed a backdoor foot-printing mechanism through an Adobe Flash related
vulnerability. The two factor authentication of RSA was compromised and the company lost
$66 million dollars to recover from the social engineering attack.
Hidden Lynx Watering Hole on Bit9
The attack occurred in the year 2013 when a Chinese hacker group named “Hidden
lynx” used hacking technique named “water holing technique” to attack the security firm Bit9
and compromised their digital code signing certificates which, at later stage targeted some
Bit9 customers. By the water hole technique malware was injected within the legitimate
website which was used by the organization. The cybercriminal group accessed the Bit9’s file
signing infrastructure so that they could sign malware and make it appear authenticated.
2IT NETWORKING DESIGNING
Task 2
Ways to prevent social engineering
Beware of unscheduled inspections
The social engineers often pretend to be inspectors at first place to gain access to enter
any restricted place(Krombholz et al., 2015). They install software such as key loggers onto
computers to gain data from the computer. To prevent this cross checking should be done by
employees to authenticate identity of the outsider.
Do not follow false urgency request
Any type of urgency request should be first verified and then replied. The scammers
use this to gain private data or passwords and steal money(Bullée et al., 2015). This is a
common process of credit card information stealing.
Beware of the tactics of “Boss might get angry”
This is a case where the fraudstars take advantage of the fear factor of any employee
related to their boss and gains crucial information from them. Fear coupled with false
urgency is the reason behind this(Mouton et al., 2014).
Ways to prevent social engineering
My company has proper procedure and policy to stay safe from social engineering
attack.
One of the most common attack is email from a friend in which a social engineer
hacks email id of a friend and sends request to send money to an account of the
hacker(Krombholz et al., 2013). This type of request can be verified first before acting.
Phishing attack can be stopped by carefully seeing the link before entering any personal data.
Task 2
Ways to prevent social engineering
Beware of unscheduled inspections
The social engineers often pretend to be inspectors at first place to gain access to enter
any restricted place(Krombholz et al., 2015). They install software such as key loggers onto
computers to gain data from the computer. To prevent this cross checking should be done by
employees to authenticate identity of the outsider.
Do not follow false urgency request
Any type of urgency request should be first verified and then replied. The scammers
use this to gain private data or passwords and steal money(Bullée et al., 2015). This is a
common process of credit card information stealing.
Beware of the tactics of “Boss might get angry”
This is a case where the fraudstars take advantage of the fear factor of any employee
related to their boss and gains crucial information from them. Fear coupled with false
urgency is the reason behind this(Mouton et al., 2014).
Ways to prevent social engineering
My company has proper procedure and policy to stay safe from social engineering
attack.
One of the most common attack is email from a friend in which a social engineer
hacks email id of a friend and sends request to send money to an account of the
hacker(Krombholz et al., 2013). This type of request can be verified first before acting.
Phishing attack can be stopped by carefully seeing the link before entering any personal data.
End of preview
Want to access all the pages? Upload your documents or become a member.