Dear Social Engineering Diary March 3, 2016
Dear Social Engineering Diary,
Social Engineering attempts are not going to diminish in their numbers any time soon. This will be a persistent threat indefinitely. It used to be in the early days (I am able to use this term as my first experience was coding in BASIC and C in the 1980’s) that “hackers” would work to breach a system as a badge earned and to build credibility among peers. The attackers have been viewing this more as a business and using social engineering for financial gain. Recently over $50M was stolen from the aircraft manufacturer FACC. On January 19th it was reported the Crela Bank, a Belgium bank, has a $75.8M claim due to the same type of CEO fraud scam earlier reported on. In mid-February a hospital in Hollywood paid $17K to receive the key for the encryption on their servers. The hospital had to stop using their electronic medical records/electronic health records (EMR/HER) and was using pen and paper due to the issue. These are not the only high dollar incidents, but only the recent occurrences. As long as money can be made, the social engineering will continue to be operationalized as a business. This will also draw others to this nefarious line of work.
Hacktivists may also be involved as a method to embarrass people or agencies, or to bring the facts to the forefront. The hacktivists may be of any age and skill level. In early October 2015, teen-age attacker(s) breached the CIA Director’s email. Recently, the Director of National
Intelligence email was breached. The breaches were a product of social engineering third parties, e.g. Verizon, and not the directly affected person.
One lesson to be learned from this involves being vigilant, watching your accounts, and authenticating people that call you claiming to be from a business. If the users continue to be lackadaisical, there will continue to be issues. The issues or lessons to learn from can be expensive and others yet more expensive.
Charles Parker, II, has been coding since the mid-1980’s, and has been working in the finance, auto manufacturer, and health industries seeking secure solutions for issues for over 17 years. Charles has an MBA, MSA, JD, LLM, and is a doctoral candidate for a PhD in Information Assurance and Security.