Page 104 - Cyber Defense eMagazine October 2023
P. 104
Other technical cyber-attack techniques may include website attacks which redirect traffic away from a
legitimate website to a malicious one. This is referred to as pharming. Typo squatting is another common
website attack. This attack relies on a user misspelling a URL and ending up at a similarly named
malicious site. For example, a social engineer may deploy a website named googl.com, attacking
individuals who have accidentally misspelled the popular website google.com.
Nontechnical Techniques
Tailgating is a common physical entry attack that relies on following someone into a building or restricted
area after they have opened the door. In some cases, unsuspecting employees may even hold the door
open for the individual walking behind them. Much like phishing, tailgating is best prevented through
awareness training as well as through implementing security measures such as requiring each employee
to use their own badge or credentials to access protected facilities.
Similarly, shoulder surfing is the process of looking over a person’s shoulder to view and capture
credentials being entered. Contrary to its name, it is important to note that attackers may use a variety of
methods, other than simply peering over someone’s shoulder, when deploying this technique. Instead,
they may also look in mirrors or through windows. To safeguard against this technique organizations
should consider installing privacy screens in addition to encouraging employees to stay vigilant of their
surroundings when entering sensitive information.
Social Engineering Training
Social engineering is one of the most challenging cybersecurity threats to protect against, as it targets
individual reasoning. The best way an organization can fortify against these attacks is through conducting
comprehensive, periodic social engineering training. This training should not only educate employees on
the common social engineering principles, techniques, and attacks covered in this article, but also equip
them with the necessary tools and knowledge to identify and proactively avert potential attacks.
About the Author
Brendan Horton is an analyst in the FoxPointe Solutions Information Risk
Management Division of The Bonadio Group. As part of the IRM division,
Brendan provides services in internal and external auditing of information
technology and information security practices and controls. He provides
services across multiple industries, including both public and private
companies, healthcare organizations, tech companies, and school districts
to ensure that client controls are functioning. Brendan engages in
consulting services, conducts audits and information technology
assessments in accordance with regulatory compliance standards.
Brendan can be reached online at [email protected] and at
our company website https://www.foxpointesolutions.com/
Cyber Defense eMagazine – October 2023 Edition 104
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.