The helpdesk’s phone rang. Someone needed help; they were new and didn’t understand how to get past the company portal, because they didn’t have a token code. “That’s fine,” said the helpdesk. “Just use ours.”
Why Social Engineering Attacks Work
Is it easier to break through a fortified wall, or to simply convince the guard to let you through the door? The latter has been a successful strategy since the dawn of humanity. People are way too flawed and way too swayed by emotion not to be a fruitful attack surface—so why do so many of us in cybersecurity still invest all resources into total prevention?
Chris Hadnagy, author of Social Engineering: The Art of Human Hacking, presents two case studies. The first subject was a CEO whose business partner claimed hacking him would be next to impossible. But Hadnagy learned via Facebook that the CEO had a family member battling cancer. He asked him to donate money to a cancer research fund and the CEO agreed to receive a PDF. The file, however, was malware that took control of his computer.
The second subject was a theme park. Hadnagy and his family entered the park, but “realized” that they had left their print-out coupon at home. Hadnagy asked employees if they could bring up the email with the coupon attached. Seeing his child was anxious to get into the park, they agreed despite going against policy. He pulled up a bad PDF, and from there quickly compromised the park’s computer system.
From these tests, a pattern emerges. Social engineers will try to position themselves either as a trustworthy ally of some kind, or as someone deserving of sympathy who needs your help. Everyone wants to be a good person, so it’s hard to say no to a seemingly harmless request.
By now, most people know not to give away login credentials on the phone or over email. But what about “harmless” requests, as in the above case studies? It’s easy to say you’ll just refuse everyone and everything in the name of security. But at some point, you start to look like a jerk to the people you have to work with.
You can’t count on every single one of your employees to say no to all requests, all the time.
Proactive Monitoring with NetFlow Analytics
Total prevention is impossible; breaches are inevitable. But it is possible to defend yourself against social engineering attacks. Shift away from a defensive mindset to an investigative one. If you can see every conversation that traverses your network and analyze those conversations for potentially malicious behavior, you can take steps to mitigate the threat immediately.
NetFlow analytics is one of the best ways to do this. It’s highly likely that your existing infrastructure is already capable of exporting flow data, as well as unique metadata. You just need to turn on that capability and send the data to a NetFlow analytics system. This way, your network acts as its own security camera. Whether you’re hit with social engineering attacks or another type of threat, you have the context you need to resolve the situation quickly.
If you’re interested in learning more about NetFlow analytics’ role in security, here are some more articles you may like: