Information systems infrastructure

profileashok.af806
ISSDiscussion2_responses.docx

Information systems infrastructure:

POST 1: Introduction:  Social Engineering Attacks or Reverse Engineering Attack are a type of attack methods that are used to steal confidential information and or individual’s personal data using psychological manipulation techniques to trick people into giving out sensitive information. These techniques can include attacker impersonating as a different person or using fake schemes tricking people to give out critical information. 

1.     Phishing Attacks:

These attacks are the most common type of attacks that are taking place nowadays, attackers use Emails or Social Media or other platforms to send out malicious Links that will either plant a virus or fake users in to believing to be a bank website and stealing the information.

Incident:

-       Ubiquiti Networks was attacked by Phishing attacks and it lost 39 million Dollars as a result of this incident.

-       Incident was a result of a top executive clicking on a malicious Email Link and the using these attackers were impersonating this user and made fraudulent transfers to outside accounts.

How to Avoid:

-       Using Better Spam Filters to filter out malicious Emails.

-       Training Employees for not to click on Links on emails and be careful in doing so.

-       Making users changing key credentials often to keep their accounts safer.

2.     Vishing Attacks:

Vishing is Voice Phishing where attackers contacts victims on telephone systems and confuses users to give out personal information.

Incident:

o   FCC has identified that about half the telephone calls would be phishing calls.

o   The most common type of Vishing attacks are scammer posing to be calling from IRS and scare people to transfer unpaid tax money into unknown bank accounts.

How to Avoid:

o   Educate people of the organizations and their duties and explain government agencies or law enforcement will not ask for Information through Phones.

o   The telephone Carriers need to provide methodologies to put out potential attackers that are using No Caller ID’s and blocking them.

References:

Gupta, S., & Kumaraguru, P. (2014). Emerging phishing trends and effectiveness of the anti-phishing landing page. 2014 APWG Symposium on Electronic Crime Research (eCrime). doi:10.1109/ecrime.2014.6963163

York, D. (2010). Identity, Spoofing, and Vishing. Seven Deadliest Unified Communications Attacks,117-136. doi:10.1016/b978-1-59749-547-9.00006-5

POST 2:

Reverse Social Engineering Attack:

A Reverse engineering attack is a person to person to attach in which an attacker convinces the target that he has a problem in future and that he, the attacker, is ready to help solve the problems. Reverse social engineering is performed through the following steps:

· An attacker first damages the target's equipment.

· He next advertises himself as a person of authority, ably skilled in solving that problem.

· In this step, he gains the trust of the target and obtains access to sensitive information

RSE is classified into two main characteristics.

1.       Targeted/Untargeted : In this type the attackers focuses on only one user and they are targeted attackers and they should know some kind of information whereas untargeted attackers reach out too many users. 

2.       Direct/Medicated: The baiting action of the attacker is visible to targeted victims. They can publish pictures on website or post on public forums. The medicated attacks follow a two-step approach where there will be a intermediate agent collecting baiting and then propagates to the targeted users.

Recent issue:

2016: United States Department of Justice:

In 2016, the United States Department of Justice fell for a social engineering attack that resulted in the leak of personal details of 20,000 FBI and 9,000 DHS employees. The hacker claimed that he downloaded 200 GB of sensitive government files out of a terabyte of the data to which he had access.

Prevention:

 This issue is caused due to negligence of institution in giving training to employees. This can be easily prevented if employees have been proper training on security measures. Each and every employee must be compliant and adhere to security rules. The security guidelines should be sorted out and it must be spread across employees.

References:

Irani, Danesh & Balduzzi, Marco & Balzarotti, Davide & Kirda, Engin & Pu, Calton. (2011). Reverse Social Engineering Attacks in Online Social Networks. 

Preeti Jain, Assistant Professor (2012), Reverse Social Engineering and its impact on Oraganizational Digital 

https://resources.infosecinstitute.com/the-top-ten-most-famous-social-engineering-attacks/#gref