According to the Cyber Threats Report, social engineering was one of the most commonly used attack vectors in the first half of this year. Before examining some of the most significant examples and the techniques used in these cases, let’s take a look at the term “social engineering” itself.
The concept of social engineering was originally intended to be something entirely positive. The Austrian-born British philosopher Karl Popper, who formulated the principle in 1945, understood it as the possibility of systematically improving society using psychological and sociological methods. However, this idea of optimisation (which is certainly not without its problems) has now been entirely turned on its head. These days, social engineering is associated with a deceitful and subtle form of manipulation used to obtain confidential information, such as passwords etc.
The best known form of social engineering is phishing – a method used by cyber criminals to portray themselves as trustworthy communication partners by means of fraudulent e mails, messages or websites. In the first half of the year, Acronis registered global phishing attacks in which companies were attacked using highly personalised e mails and previously unknown malware variants. Proven methods such as JavaScript-based downloaders and attached Excel documents were then used to distribute the malicious software. These attacks had a shockingly high success rate – 30% of the phishing e mails were opened and, in 12% of these cases, people clicked on the malicious links contained in the messages they received. The level of damage caused amounted to 1.6 million US dollars on average.
But it wasn’t just companies that were targeted by these attacks, as is highlighted by the following two examples: Firstly, in the early months of 2021, cyber criminals used fake, personalised LinkedIn job offers in an attempt to infect their victims’ devices with the More_Eggs backdoor. This malware then downloaded additional malware, such as banking Trojans, credential stealers that steal login data and ransomware.
Secondly, a separate attack was aimed at the many millions of people in the US who submit their tax returns electronically – making them an ideal target for phishing e mails. This attack used document macros that download the information-stealing malware NetWire and Remcos, which can be stored by legitimate cloud providers when hidden in image files.
Even though security companies and Computer Emergency Response Teams actively combat phishing attacks, this infection vector remains one of the greatest global threats for the remainder of this year and beyond. While the annual Active Cyber Defence Report published by the British National Cyber Security Centre indicates that over 1.4 million URLs connected with more than 700,000 online scams have been removed, it also reveals that the sheer number of phishing attacks is continuing to increase substantially.
With its global Cyber Protection Operation Centers (CPOCs) and the security mechanisms implemented in the Acronis Cyber Protect Cloud and Acronis Cyber Protect Home Office, Acronis is playing an important role in disarming this threat. For example, over half a million malicious URLs were blocked on end devices equipped with Acronis solutions in June 2021 alone. The fact that these threats were “on end devices” effectively means that they had already succeeded in bypassing all e mail filters and proxy blocklists…