It Networking Designing-Samples for Students-Myassignmenthelp.com

Questions: 1.Use any Internet browser to research incidents of social engineering. Summarize three examples found in your research. 2.Research ways to recognize social engineering. Describe three examples found in your research. Answers: Ubiquiti Networks case A famous case of social engineering is the Ubiquiti networks case which is a USA based company dealing with high performance networks. The company lost 39.1 million dollars due to social engineering attack. Cybercriminals sent some emails to the companys employees claiming themselves to be executive members of the organization and asked them to send huge amount of money to a particular bank account of the cybercriminals. Social engineering takes advantages of human weakness to execute the hacking attempt. RSA secure ID breach The RSA secureID breach occurred in the year 2011 when cybercriminals sent a couple of phishing type of emails to some small groups of employees. The emails contained a MS excel sheets type of document named 2011 recruitment plan which had a zero-day exploit that installed a backdoor foot-printing mechanism through an Adobe Flash related vulnerability. The two factor authentication of RSA was compromised and the company lost $66 million dollars to recover from the social engineering attack. Hidden Lynx Watering Hole on Bit9 The attack occurred in the year 2013 when a Chinese hacker group named Hidden lynx used hacking technique named water holing technique to attack the security firm Bit9 and compromised their digital code signing certificates which, at later stage targeted some Bit9 customers. By the water hole technique malware was injected within the legitimate website which was used by the organization. The cybercriminal group accessed the Bit9s file signing infrastructure so that they could sign malware and make it appear authenticated. 2.Ways to prevent social engineering Beware of unscheduled inspections The social engineers often pretend to be inspectors at first place to gain access to enter any restricted place(Krombholz et al., 2015). They install software such as key loggers onto computers to gain data from the computer. To prevent this cross checking should be done by employees to authenticate identity of the outsider. Do not follow false urgency request Any type of urgency request should be first verified and then replied. The scammers use this to gain private data or passwords and steal money(Bulle et al., 2015). This is a common process of credit card information stealing. Beware of the tactics of Boss might get angry This is a case where the fraudstars take advantage of the fear factor of any employee related to their boss and gains crucial information from them. Fear coupled with false urgency is the reason behind this(Mouton et al., 2014). Ways to prevent social engineering My company has proper procedure and policy to stay safe from social engineering attack. One of the most common attack is email from a friend in which a social engineer hacks email id of a friend and sends request to send money to an account of the hacker(Krombholz et al., 2013). This type of request can be verified first before acting. Phishing attack can be stopped by carefully seeing the link before entering any personal data. Baiting schemes is another type which can be stopped by only buying a product from official website of an e commerce site. References Bulle, J.W.H., Montoya, L., Pieters, W., Junger, M. and Hartel, P.H., 2015. The persuasion and security awareness experiment: reducing the success of social engineering attacks.Journal of experimental criminology,11(1), pp.97-115. Krombholz, K., Hobel, H., Huber, M. and Weippl, E., 2013, November. Social engineering attacks on the knowledge worker. InProceedings of the 6th International Conference on Security of Information and Networks(pp. 28-35). ACM. Krombholz, K., Hobel, H., Huber, M. and Weippl, E., 2015. Advanced social engineering attacks.Journal of Information Security and applications,22, pp.113-122. Mouton, F., Malan, M.M., Leenen, L. and Venter, H.S., 2014, August. Social engineering attack framework. InInformation Security for South Africa (ISSA), 2014(pp. 1-9). IEEE.