Page 104 - Cyber Defense eMagazine October 2023
P. 104

Other technical cyber-attack techniques may include website attacks which redirect traffic away from a
            legitimate website to a malicious one. This is referred to as pharming. Typo squatting is another common
            website  attack.  This  attack  relies  on  a  user  misspelling  a  URL  and  ending  up at  a  similarly  named
            malicious  site.  For  example,  a  social  engineer  may  deploy  a  website  named  googl.com,  attacking
            individuals who have accidentally misspelled the popular website google.com.

            Nontechnical Techniques

            Tailgating is a common physical entry attack that relies on following someone into a building or restricted
            area after they have opened the door. In some cases, unsuspecting employees may even hold the door
            open for the individual walking behind them. Much like phishing, tailgating is best prevented through
            awareness training as well as through implementing security measures such as requiring each employee
            to use their own badge or credentials to access protected facilities.

            Similarly,  shoulder  surfing  is  the  process  of  looking  over  a  person’s  shoulder  to  view  and  capture
            credentials being entered. Contrary to its name, it is important to note that attackers may use a variety of
            methods, other than simply peering over someone’s shoulder, when deploying this technique. Instead,
            they may also look in mirrors or through windows. To safeguard against this technique organizations
            should consider installing privacy screens in addition to encouraging employees to stay vigilant of their
            surroundings when entering sensitive information.



            Social Engineering Training

            Social engineering is one of the most challenging cybersecurity threats to protect against, as it targets
            individual reasoning. The best way an organization can fortify against these attacks is through conducting
            comprehensive, periodic social engineering training. This training should not only educate employees on
            the common social engineering principles, techniques, and attacks covered in this article, but also equip
            them with the necessary tools and knowledge to identify and proactively avert potential attacks.



            About the Author


            Brendan Horton is an analyst in the FoxPointe Solutions Information Risk
            Management Division of The Bonadio Group. As part of the IRM division,
            Brendan provides services in internal and external auditing of information
            technology and information security practices and controls. He provides
            services  across  multiple  industries,  including  both  public  and  private
            companies, healthcare organizations, tech companies, and school districts
            to  ensure  that  client  controls  are  functioning.  Brendan  engages  in
            consulting  services,  conducts  audits  and  information  technology
            assessments in accordance with regulatory compliance standards.

            Brendan can be reached online at [email protected] and at
            our company website https://www.foxpointesolutions.com/






            Cyber Defense eMagazine – October 2023 Edition                                                                                                                                                                                                          104
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   99   100   101   102   103   104   105   106   107   108   109