Page 54 - Cyber Defense eMagazine December 2022 Edition

P. 54

• Social Engineering Attacks

Malicious actors launch social engineering attacks to bypass verification and authorization security
protocols. It is a widely used method for getting access to a network.

'Social engineering' can be defined as all the malicious activities that are done through human
interactions. It is done by psychological manipulation to trick web users into making security mistakes or
accidentally sharing confidential data.

In the last five years, the network vulnerability has significantly increased, making it a lucrative business
for hackers. Since Internet users are not quite aware of internet security, they (though not deliberately)
can pose a security risk to an organization. They accidentally download malicious files, and as a result,
they cost significant damage.

Some of the common social engineering attacks include:

• Phishing emails
• Spear phishing
• Whaling
• Vishing
• Smishing
• Spam
• Pharming
• Tailgating
• Shoulder surfing
• Dumpster diving

• System Misconfigurations

Accidentally exposing an organization's internal servers or network to the Internet has proven to be one
of the most significant threats to an organization. Upon exposure, threat actors can spy on the company's
web traffic, risk their network, or steal data for malicious purposes.

Network assets with vulnerable settings or contrasting security controls can result in system
misconfigurations. Cybercriminals usually check networks to find system misconfigurations and leverage
them to exploit data. As the digital transformation progresses, network misconfigurations have also
increased.

To eliminate this, organizations often leverage 'firewalls' in the demilitarized zone. It acts as a buffer
between the internal network and the Internet, thus acting as the first line of defense. So, it tracks all the
outbound and inbound traffic and decides to limit or allow traffic depending on a set of rules.

49 50 51 52 53 54 55 56 57 58 59