Wednesday, September 2, 2015

Social Engineering and Malware: The perfect combination.

The objective of most cybercriminals is to get something from an attack to our digital services.
To achieve it they use many rare techniques, from the classical social engineering or the installation of trojans and malware to the abuse of 0days in the system.

The gold nugget of anyone interested in others business is allocated in Banks. It is better to say the accounts that we have in Banks. They are the main objective for cybercriminals and they do not hesitate in spending much money and guile on reaching them. The top 5 strategies for the attackers are social engineering, the installation of harmful programs, trojans, traffic interference and the vulnerability of operating systems.

Malware set in our devices from the origin

That happens when work is not entirely done by the cybercriminal. As the German security enterprise GData has proven for second consecutive year, it has found more than 20 smart phones within the market, which had some type of malware installed at the start of the production chain. Some of the devices found were property of top-notch brands such as Huawei, Lenovo o Xiaomi. Terrifying right?

The health sector does not work apart 

In fact it is, with the banking sector, the main bulls eye of the cybercriminal world. The last study by the auditing firm KPMG, Health Care and Cyber Security (PDF), shows that approximately 300 surgical devices are vulnerable to external attacks. This becomes a problem when 23% of organizations do not have a security department for information, and 4 out of 5 medical attention dealers executives assure that their organization has suffered from some type of attack.

Solution? Test the “system”

What can we do to protect ourselves? As you can see in the next video, AVA, one of the systems launched in the last BlackHat points towards a continuous pentesting challenging the human defenses of our organization. After all, Social Engineering will be automatically thrown to members of the enterprise in order to see if the weakest link of the chain is strong enough to prevent a crisis.

Is it your enterprise ready? Make sure it is. :)


Post a Comment