SOCIAL ENGINEERING / CYBERATTACK SIMULATION

The term social engineering refers to the targeted manipulation of people with the aim of gaining access to certain computer systems. So-called phishing emails are a recurring social engineering attack. An attacker tries to trick a user into opening it by means of an email, often with malware as an attachment or a link to a fake website. If the attachment is opened, the attacker gains access to the affected system.

Social engineering is not limited to technical attacks, physical attacks are also possible. In the event of a physical attack, a social engineer tries to, for example, gain access to a building. For this purpose, he can appear as any person to overcome entry controls using psychological tricks. In this context, so-called tailgating (slipping through) is often used. An attacker waits until an authorized person opens a door and sneaks behind it. Access can take place via various entrances (garage, parking lot, rear exit, main entrance, etc.).

Whether technical, physical social engineering or a combination of both, you are in the right place with us. Benefit from the many years of experience of our technical experts (hackers) and our undercover agents (social engineers).

Technical social engineering

In technical social engineering, our experts use various technical means to infect one or more employees of the customer with modified malware (Trojans / Backdoor / RAT). As soon as the access attempts are successful, the attacker can spread further into the internal network, infect other systems and / or steal data.

Technical social engineering can be divided into two broad categories for the sake of simplicity:

Targeted attacks ("spear phishing")

Targeted attack on people
Target persons are written to directly
The attacker selectively collects personal information about the target person
The attack takes place on a digital level via social media, email, SMS and the like.
The malware infection can take place via various vectors such as phishing websites, e-mail attachments, etc.

Untargeted attacks ("dynamite phishing")

In this attack, a hacker is trying to attack as many targets as possible. In this approach quantity rules over quality.
There is no direct salutation in the news.
The content of the messages is arbitrary.
The attack takes place on a digital level via social media, email, SMS and the like.
The malware infection can take place via various vectors such as phishing websites, e-mail attachments, etc.

Physical social engineering

As mentioned above, the goal of a physical social engineering attack is to gain access to a building. A wide range of attacks is available to the social engineer to achieve this goal. A few examples can be found below.

Physical social engineering attacks

Tailgating (slip through)
Telephone attacks
Disguise as a technician, supplier, person of authority, etc.
Distribution of malware-infected USB sticks in parking lots, toilets, in front of the entrance, etc.
Picking locks and safes (lock picking)

Your benefit

In practice, social engineering attacks are often rejected with the argument that an attacker would gain access using this type of attack anyway. A social engineering attack is therefore not worthwhile. This attitude is dangerous because it ignores one of the most common attack vectors and you cannot be sure how your employees and your IT security organization will react in an emergency. As everywhere, the motto - practice makes perfect - applies here too.

In short, you can get the following benefits from this service:

1. Promotion of employee awareness

Regularly carried out social engineering attacks with subsequent awareness trainings increase the resilience of your employees towards this frequently occurring form of attack.

2. Attack simulation for training purposes

By repeatedly playing through processes / procedures to defend against attacks, your employees and your IT security team know how to deal with the threat in an emergency. This not only increases the efficiency of your IT security organization, but also your resilience to real attacks.

Numbers, facts and examples

The numbers below for the total number of phishing mails sent are a rough estimates from a well-known antivirus manufacturer.

Total phishing mails sent in Q1 2019 (estimate): 111,832,308 [1]

Total phishing mails sent in Q2 2019 (estimate): 129,933,555 [2]

Phishing variants Q1-Q2 2019

Below is a list of the most common phishing variants:

1. Phishing mails with links to fake websites

In this variant of the phishing attack, the attacker creates a fake website that looks like the original. In addition, a domain name is registered that looks as similar as possible to the original and appears confidential. For example, the domain https://www.cybersecng.ch (fake) could be registered instead of https://www.cybersec-ng.ch (original). Often the aim of this attack is to gain access to the victim's data. The fake website can also be used to distribute malware in the form of trojans or ransomware.

Examples of this attack variant from Q1-Q2 2019:

- Tinder (phishing website) [1]

- Apple (phishing website) [1]

- Instagram (phishing website) [1]

- Kaspersky (phishing website) [2]

- Microsoft (phishing website) [2]

2. Phishing mails with Trojans as attachments

In this variant of the phishing attack, the attacker sends an email with an attachment. The attachment can be of various file types (exe, docx, scr, hta, cab, etc.). In most cases, opening the attachment will infect the affected system with a trojan horse. The trojan horse gives the attacker full access to the system and can, for example, steal data or try to spread further into the internal network.

Examples of this attack variant from Q1-Q2 2019:

- Emotet (Microsoft Office document) [3]

- One RAT (Microsoft Office document, EXE file) [4]

3. Phishing mails with ransomware as an attachment:

In this variant of the phishing attack, the attacker sends an email with ransomware as an attachment. In this case, opening the attachment leads to parts or the entire system of the victim being encrypted. Since the victim cannot decrypt the files, they are unusable. The attacker then demands a ransom from the victims in order to decrypt the files.

Examples of this attack variant from Q1-Q2 2019:

- Ryuk [5]

- GrandCrab [5]

- Dharma [5]

- LockerGoga [5]

- MegaCortex [5]

- RobbinHood [5]

Swell:

[1] https://securelist.com/spam-and-phishing-in-q1-2019/90795/

[2] https://securelist.com/spam-and-phishing-in-q2-2019/92379/

[3] https://www.melani.admin.ch/melani/de/home/dokumentation/newsletter/Trojaner-Emotet-gifft-Untern Firmennetzwerke-an.html

[4] https://www.pcrisk.de/ratgeber-zum-entfernen/8942-we-have-installed-one-rat-software-email-scam

[5] https://www.melani.admin.ch/dam/melani/de/dokumente/2019/10/MELANI-Halbjahresbericht_2019-1_DE.pdf.download.pdf/MELANI-Halbjahresbericht_2019-1_DE.pdf

SOCIAL ENGINEERING / CYBERATTACK SIMULATION

​

Whether technical, physical social engineering or a combination of both, you are in the right place with us. Benefit from the many years of experience of our technical experts (hackers) and our undercover agents (social engineers).

​

Technical social engineering

Technical social engineering can be divided into two broad categories for the sake of simplicity:

​

Targeted attacks ("spear phishing")

​

Untargeted attacks ("dynamite phishing")

Physical social engineering

As mentioned above, the goal of a physical social engineering attack is to gain access to a building. A wide range of attacks is available to the social engineer to achieve this goal. A few examples can be found below.

Physical social engineering attacks

Your benefit

In short, you can get the following benefits from this service:

1. Promotion of employee awareness

Regularly carried out social engineering attacks with subsequent awareness trainings increase the resilience of your employees towards this frequently occurring form of attack.

2. Attack simulation for training purposes

By repeatedly playing through processes / procedures to defend against attacks, your employees and your IT security team know how to deal with the threat in an emergency. This not only increases the efficiency of your IT security organization, but also your resilience to real attacks.

Numbers, facts and examples

Total phishing mails sent in Q1 2019 (estimate): 111,832,308 [1]

Total phishing mails sent in Q2 2019 (estimate): 129,933,555 [2]

Phishing variants Q1-Q2 2019

Below is a list of the most common phishing variants:

1. Phishing mails with links to fake websites

​

Examples of this attack variant from Q1-Q2 2019:

- Tinder (phishing website) [1]

- Apple (phishing website) [1]

- Instagram (phishing website) [1]

- Kaspersky (phishing website) [2]

- Microsoft (phishing website) [2]

2. Phishing mails with Trojans as attachments

​

Examples of this attack variant from Q1-Q2 2019:

- Emotet (Microsoft Office document) [3]

- One RAT (Microsoft Office document, EXE file) [4]

3. Phishing mails with ransomware as an attachment:

Examples of this attack variant from Q1-Q2 2019:

- Ryuk [5]

- GrandCrab [5]

- Dharma [5]

- LockerGoga [5]

- MegaCortex [5]

- RobbinHood [5]

Swell:

[1] https://securelist.com/spam-and-phishing-in-q1-2019/90795/

[2] https://securelist.com/spam-and-phishing-in-q2-2019/92379/

[3] https://www.melani.admin.ch/melani/de/home/dokumentation/newsletter/Trojaner-Emotet-gifft-Untern Firmennetzwerke-an.html

[4] https://www.pcrisk.de/ratgeber-zum-entfernen/8942-we-have-installed-one-rat-software-email-scam

[5] https://www.melani.admin.ch/dam/melani/de/dokumente/2019/10/MELANI-Halbjahresbericht_2019-1_DE.pdf.download.pdf/MELANI-Halbjahresbericht_2019-1_DE.pdf