Trick me if you can: what is social engineering?

[Father]

The number of cyber attacks on individuals in Russia is growing every year. In 93% of cases, scammers use social engineering methods. Such data for 2022 provided by Positive Technologies analysts.

What is social engineering and how is it evolving? Which of its technologies are particularly popular today? Answers and case studies from Cyber Media experts can be found in this article.

What is social engineering?​

Sudden requests to borrow money can alert anyone. Especially if they come from "friends" who have previously been silent for many years. Every third Russian citizen faced such fraud last year. In all cases, the potential victim was approached by a criminal who works according to the canons of social engineering.

Social engineering is a technology of deception of an individual. As a rule, criminals use it to obtain confidential information. And it becomes the key to a person's finances or data that can be used in an attack on the company.

Popular social engineering techniques include phishing, trojan, quid pro quo, pretexting, and reverse social engineering. The list remains unchanged for many years, but the same cannot be said about the technical tools of a fraudster.

A New Era of Deception: AI on both Fronts​

Today, social engineering is strongly linked to online crime. But the visionaries here were not cyber scammers, but villains with a handset in their hands. They earned on the trust of citizens half a century ago.

Phone scammers, of course, have not gone away. But today they are more likely to use IP telephony, instant messenger calls, and AI products rather than push-button devices. Other social engineers are also looking at AI.

Dmitry Burmashov
Information Security Engineer at R-Vision

One of the fastest growing technologies today is artificial intelligence and, in particular, language models. In addition to the well-known ChatGPT, many other AI-based models are being widely developed.

At the same time, not only cloud-based models are starting to appear, but also so-called On-Premise models that can be installed locally. They don't have any restrictions, so phishing messages are generated easily and quickly. In fact, attackers can generate almost unique text for each message and not even know the Russian language.

However, so far, as experts assure, language models write more artificial text. It doesn't look like the words of an ordinary person, especially if the Russian language is used. That is why the sign of social engineering now often serves as a strained text.

It's not just criminals who follow trends. New technologies are also used on the other side of the barricades – in software development and in the information security departments of companies.

Dmitry Pudov
CEO of NGR Softlab

According to the Verizon Data Breach Investigations Report, at least 60% of successful attacks involved an element of social engineering. Voice deepfake, generative AI technologies, social mining and new attack vectors may well be a challenge for information security specialists in the fight against this threat.

At the same time, AI is actively used to protect IT infrastructure today, and this trend will continue to develop. Special algorithms are integrated into solutions to increase the likelihood of attacks using social engineering.

Such algorithms, according to the expert, analyze the content and attributes of communication. They can also detect anomalies in user behavior that may indicate that their accounts have been compromised.

In parallel, companies are developing technologies for detecting deepfake. The first in this race for user safety were social networks. And this is logical – today an impressive proportion of attacks on a person begin with messages in them.

Reached the messengers section​

Dmitry Ovchinnikov
Chief Specialist of the Integrated Information Security Systems Department of Gazinformservis

In recent years, the distribution channels of attacks have changed significantly. First of all, the spam flow in users ' mailboxes has noticeably decreased. Free mail services and enterprise administrators have learned how to protect mail servers efficiently.

At the same time, social networks, phone calls, WhatsApp groups, and Telegram channels have become popular distribution channels. And now social engineering is actively used in conjunction with such purely hacker techniques as hacking accounts, stealing TG channels, and stealing databases.

Phishing is still one of the most relevant methods of social engineering for attackers. And it also works in a new way - in the most popular communication apps.

Dmitry Burmashov
Information Security Engineer at R-Vision

If 10 years ago phishing was mainly messages in social networks, mail, banners on pirate sites, now a large percentage of phishing is found in instant messengers-Telegram and WhatsApp. In a corporate environment, the primary entry point for a phishing attack is email.

The goals of criminals have also changed. Previously, they hacked only email accounts and forum accesses, and social engineering methods were used mainly to steal payment information, but now criminals usually target the victim's mobile and online banking systems.

Cyber Media's interlocutors add that the quality of phishing and social engineering attacks in general has changed significantly over the past 10 years. Among the main reasons are the growing cybercrime of the population and the development of neural networks.

Dmitry Burmashov
Information Security Engineer at R-Vision

Modern users have become more aware of the methods of fraud and, as a result, are less trusting to various tricks, so attackers have to come up with more sophisticated methods to deceive.

At the same time, creating high-quality phishing has become much easier thanks to AI tools that now allow you to automate the creation of convincing messages containing malicious links or attachments.

As Dmitry Burmashov reminds us, not only the defending side renders services to each other. This also happens among intruders. And it is the development of the CaaS (Crime as a Service) trend that is the third factor that has affected the quality of attacks.

Stories with a sad ending​

Social engineering technologies are changing, but the three main weapons remain the same – fear, greed, and vanity have been working flawlessly for many years.

If a person is afraid of something, then they are vulnerable and risk becoming one of the first victims of a fraudster. Even if it's fear of a potential employer.

Dmitry Ovchinnikov
Chief Specialist of the Integrated Information Security Systems Department of Gazinformservis

I recall the case with the installation of software for remote control of the victim's smartphone, which occurred during the interview. The attackers convinced the victim to install the app on their smartphone, and then gained access to an online bank and robbed the victim's bank account.

Another example is the storyUbiquiti Networks, where 40 million US dollars were lost in Russia. This was due to the fault of financiers who are afraid of their superiors. The scammers sent them a letter in which the CEO asks them to transfer funds to the specified account.

Another victim of social engineers in 2019 was the company Armorblox. The ruse caught the head of the company, who was ruined by vanity. He opened the attachment in the email of intruders. The text reported that Armorblox was included in the top list of innovative companies in the world.

Conclusions​

Social engineering has been among the leaders of cyber fraud technologies for many years. It is easy to explain this fact – people become victims of attacks.

You can't strip them of their weaknesses; it's easier to strengthen protection at the software and company level. The main thing here is to stay ahead of the enemy in their technology and remember that any known successful attack by a cyber fraudster plays against them. The more news about such crimes, the higher the chance that a potential victim will be more vigilant and not fall for the criminal's tricks.