Social engineering heats up
A new underground market of information brokers has emerged where one broker can earn £50 000 a month from a client for tracing and selling sensitive information, and often these broker have many 'clients'.
This is according to Raj Samani, CTO of McAfee EMEA, speaking at the ITWeb Security Summit today. He said that while social engineering itself isn't new, what is new is how these techniques are being used in modern threats.
“The extraction of intellectual property and personal information is an industry and has been going on for much longer than the information security industry.”
He pointed out that social engineering tactics to steal personal information have become much easier to execute over the years.
“A long time ago research was a lot of work, but today it's a very easy process. Farming as a method to hunt for information is deep-rooted and can bleed information out of an organisation for years.”
“Farming as a method to hunt for information is deep-rooted and can bleed information out of an organisation for years.”Raj Samani, McAfee
According to Samani, targeted attacks are focused on obtaining specific information, usually from a specific individual, while opportunistic attacks search for generic information from anyone in a position to give it, often with the intent to assemble it into a bigger picture.
The data cyber criminals attempt to exploit can range from personal data to commercial information such as trade secrets, commercial contracts, sales and financial information.
Samani pointed out that the number of information brokers is increasing due to the fact that social engineering attacks can be automated, and the financial value for stolen information is rising exponentially.
He concluded by saying that the Internet and social media have opened up a massive market for potential targets of social engineering attacks and this problem is only expected to worsen over time.
Security is a big data problem