Название: Social Engineering Attack: Rethinking Responsibilities and Solutions Автор: Gunikhan Sonowal Издательство: Nova Science Publishers Год: 2023 Страниц: 284 Язык: английский Формат: pdf (true) Размер: 28.2 MB
The social engineering attack is presented in the first chapter of the book. It covers the definition, background, motives, and outcome of the social engineering attack. The life cycle of a social engineering attack is covered in the second chapter of the book. Attack formulation, information collecting, preparation, cultivating relationships, exploitation, and debriefing are the six phrases used by social engineering attackers throughout the life cycle. The basic concepts of social engineering attacks are covered in the third chapter of the book. The six principles of social engineering include scarcity, commitment, authority, social proof, reciprocity, social proof, and social proof. Various forms of social engineering attacks are discussed in the fourth chapter of the book. The physical method, social approach, reverse social engineering approach, technical approach, and socio-technical approach are the five main forms of social engineering attacks. Identity theft is discussed in five of the book's chapters. The purpose of the information that attackers stole from users is explained in this chapter. Social engineering tools are covered in the book's six chapters. Organizations deploy a variety of toolkits to informally teach their staff members and identify organizational weaknesses.
The seven chapter of the book covers the countermeasures for social engineering attacks. There are three ways to counter the social engineering attack includes policy and procedures, education, and technical. The eighth chapter of the book covers the laws that are related to social engineering attacks. Many governments proposed many laws which directly or indirectly related to social engineering attacks. The future of social engineering attacks is covered in the ninth chapter of the book. Some of the technology that will be utilized in the future for social engineering purposes is covered in this chapter.
Social engineering is an umbrella term for any security exploit, and the strategies used to carry out a social engineering attack vary based on the attacker’s point of view. It has been observed that many cyber attackers have a direct or indirect connection to social engineering strategies. Although technologies are constantly changing, attackers still employ similar tactics in social engineering attacks that are human feelings, which are still relevant today. Attackers use both technical and non-technical means to control human emotion.
An attacker might take somewhat physical activity to learn more about the victim. The one thing these methods have in common is that they cannot be done from a remote location which implies that the attackers physically present a particular location to collect information. Sometimes, it needs little equipment or technology knowledge about the organizations. It is sometimes called a low-tech cyber-attack. As an illustration, the attackers might enter the target firm using a fake employee ID or by using technology to open the security lock.
Although the social engineering attack is considered a non-technical attack, many attackers employ tools for collecting information or attacking the victims. These tools provide an easy way to collect information from the victims without much hard work. Generally, organizations utilize these tools to locate a loophole in their networks, and systems so that they can protect themselves from outside attacks. Many organizations hire penetration testers to test for vulnerabilities or unauthorized access to systems. Penetration testing commonly referred to as pen testing is the process of scanning a computer system, network, web application, or onsite perimeter to identify weaknesses that a malicious attacker could exploit. This chapter discusses the following key tools:
Внимание
Уважаемый посетитель, Вы зашли на сайт как незарегистрированный пользователь.
Мы рекомендуем Вам зарегистрироваться либо войти на сайт под своим именем.