The short answer is: YES. Social engineering attacks are on the rise, and these attacks from bad actors could threaten your organization.
Social engineers use manipulation tactics to obtain and use cybersecurity information from individuals within an organization. These tactics range from spear phishing to using fake WiFi connections to trick or otherwise confuse their way into your private data.
While it may seem like social engineering is the “long way” around for bad actors, 98% of cyber attacks rely on social engineering in some capacity. Here, we’ll discuss how and why social engineering is on the rise, and why you need to protect your organization from these attacks.
Social Engineering Trends On the Rise
There are several go-to types of social engineering that are frequently used to target the people within your organization.
These social engineering schemes may include:
- Spear Phishing Emails.
- Baiting.
- Quid Pro Quo.
However, there are three specific areas that social engineers are increasingly using to manipulate individuals with ease: social media, deepfakes, and web applications.
Social Engineers and Social Media
Social media platforms, like Facebook and LinkedIn, are filled with useful information social engineers can use to pick out their victims and obtain personal details which can later be used in a cyberattack. Plus, the addition of virtual reality and augmented reality elements across social media may provide more opportunities for social engineers to interact with their targets.
The number of attacks that use social media platforms to obtain necessary information has drastically increased. Social media attacks doubled in 2021, with financial institutions being targeted for 68% of those attacks.
This increase could have been accelerated by the devastating success of the 2020 Twitter Bitcoin Scam when the Twitter accounts of several users were targeted, causing theft of reportedly over $100k in Bitcoin. This was accomplished through social engineering attacks where bad actors exploited Twitter employees to gain administrative access to accounts.
The Increased Use of Deepfakes
Deepfakes are images, videos, and more that are created by artificial intelligence (AI) to manipulate the target into doing exactly what the social engineer wants. With the improvement of technology, these simulated forms of communication are very convincing.
As a light-hearted example, Queen Elizabeth dancing on a tabletop is obviously a deepfake and is not that difficult to create. However, it’s believed that social engineers will use deepfakes, including deep fakes of voices, with far more malicious intent and precision this year.
In fact, in 2020, an AI created voice of a bank director was used to trick a bank manager in Hong Kong into transferring $35 million dollars to the threat actors. The FBI has predicted that the use of deepfakes such as this is increasing and that more organizations will fall prey to these traps.
Social Engineering With Web Applications
Now that you can use your social media login information to sign in to web applications, social engineers only need that info to infiltrate all of your connected web application accounts.
Since many web applications are prone to vulnerabilities as their website counterparts, it’s no wonder that CBS News reported in 2021 that web applications were the target for 39% of all data breaches.
We can expect an increase in social engineering attacks that target your web applications because the average social media user is on over 6 different social media platforms. With this much crossover, it would only make sense for unsuspecting individuals to use the same login information across multiple web applications, thus becoming easy targets for social engineers.
Who Can Be a Victim of Social Engineering Attacks?
Any organization that has employees untrained in cybersecurity is at risk of a social engineering attack. Realistically, even well-trained individuals can still fall for social engineering tactics because threat actors evolve with the tech and are constantly attempting new ways to appear legitimate.
In 2021, the JBS Foods Group was the victim of a ransomware attack. As a form of malware that locks users out or bars access to an organization’s data, ransomware is usually a byproduct of social engineering — cyber criminals manipulate employees to get useful information such as login credentials to launch their attack.
The JBS Foods Group cybercrime was just one of many in 2021. Kaseya, another ransomware attack victim, was blackmailed by cybercriminals and asked to pay $70 million dollars in Bitcoin before their compromised data would be decrypted. Although it has been confirmed that Kaseya did not have to pay the ransom, 60 direct customers of Kaseya experienced a breach with thousands more potentially affected.
With even large-scale corporations falling victim to social engineering, it’s crucial that you take measures to protect your employees and your organization.
How Can You Prevent Social Engineering Attacks?
While it’s true that knowledge is power, that knowledge must be shared to keep your organization safe. Training your employees and maintaining vigilance against social engineering attacks can go a long way toward protecting your business. Additionally, having your organization routinely tested against social engineering can give you peace of mind.
Mitnick Security Is Here To Help
Kevin Mitnick and his Global Ghost Team are experts in identifying cyber threats, including those made possible by social engineering. Mitnick Security also provides unique security training opportunities to keep everyone safe from traditional cybersecurity threats and social engineering tactics.
Learn how to protect your organization with this free guide and find out what our Social Engineering Testing Service can do to keep you one step ahead of the latest social engineering trends.