The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/448505
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA BEST PRACTICES 8 One of the more interesting cases might be the much-publicized eBay breach. What makes this especially interesting is that the company may have been the victim of a social engineering attack. How does that happen, and how can you avoid a social engineering attack? HOW SOCIAL ENGINEERING ATTACKS OCCUR To execute a social engineering attack, hackers troll company employee lists and target individuals with very personalized emails, constructed from a plethora of data gathered from their Facebook, Twitter and YouTube accounts. The chosen employees are sent emails which disarm them by forming instant familiarity and directing the victims to click on embedded links. The links are filled with malware that enters the firm's network and slowly extracts and exports credit card numbers, passwords, social security numbers or financial-related information. The hackers then follow up the email with a phone call. The victims already have a false sense of security because the hackers know the information contained in the recently sent email. The call is used to persuade the employees to click on the malware-filled link, which then silently installs the virus. The attackers' goal is to move through the network without creating an event which would send red flags that could get them extracted from the network before the code can accomplish its intended task. The pattern is for hackers to penetrate networks only a few times a day until they get in. This avoids triggering noticeable data anomalies or events that alert IT administrators. In too many situations, once the employees have clicked on the malware links, the targeted organization has no idea the malicious code is siphoning vital information. It takes a typical company 229 days to discover a malware attack. LAYERS OF SECURITY How can your organization quickly diagnose and prevent breaches originating from social engineering attacks? A proper defense About the Author Tommy Curb is the Executive Vice President of Business Development and General Counsel at Venyu, where he leads business development initiatives (strategic partnerships and licensing opportunities) that are consistent with the company's overall strategy and leads the day-to-day legal affairs of the company. Tommy was formerly assistant general counsel with Anthelio Healthcare Solutions, and he spent 12 years holding different positions within Verizon Communications marketing and public policy and external affairs groups. Contact him at tcurb@venyu.com. Defend Against Social Engineering Attacks strategy involves the use of multiple tools on different network layers that can help identify and prevent breaches at various points during an intrusion attempt. • The host layer can include malware- specific software, file integrity management, Web browser protection and more • The server layer can have its own centralized log management solution, password rotation on a regular basis and antivirus protection for all servers • The network layer can include a centralized patch management solution, the ability to utilize a security scanner regularly and a firewall with tight access controls • The security layer can include deep packet forensics collection, forensics solutions for investigations, security incident event monitoring and more It is common to wake up and read about yet another huge data breach. Home Depot confirmed a six-month breach of its payment system that affected 53 million credit and debit cards. JP Morgan confirmed that cybercriminals had obtained customer names, addresses, phone numbers and email addresses for 76 million households.