2022-11-03 00:00:00

Securitycrime|cyber|engineering|hacker|phishing|social

The most successful cyber attack method is triggered by victims themselves

The nasty thing with social engineering is that the victim falls for a scam, and ultimately helps cyber criminals to achieve their goal. Typically they want to break into a large computer system or simply access the victim's bank account. While computer systems are protected with advanced technology, social engineering has become the most successful method of breaking into mobile devices, computers, and networks.

Recently, Sans Institute and Bishop Fox conducted an insightful survey on cyber security from a fresh perspective. The researchers asked about 300 ethical hackers - security professionals who work as consultants, inspectors and security testers - about their favorite methods and tools for finding problems in clients' computer networks. 83.4% of respondents were based in the US.

I focus on a few key findings of the survey, but you can find the entire report here.

Which attack method is the most likely to succeed?

  • Two attack techniques are clear winners: 32.1% of social engineering attacks succeed and phishing 17.2%.
  • Zero day attacks get plenty of publicity but only 3.8% are successful, but man-in-the-middle attacks are even worse with only 1.4% success rate.
  • So, the easiest way to break into computer systems according to cybersecurity experts is social engineering (phishing is a social engineering technique, after all).
  • The high success rate of social engineering inevitably means that we are going to encounter ever more attempts that try to lure us to do something we shouldn't do. A consequence may be that quite soon we may have to stop clicking all links that we receive via email or a messaging app. Clicking links posted by users on social media services must be avoided as well. It really means that all links must be avoided. Only if we can verify that the content was published by a publication we trust we can follow the link.
  • Another consequence is that we may have stop downloading phone apps that come from sources we don't know or can't verify. Google Play Store and Apple App Store can include tested and verified apps that still feature malware. Recently, security experts discovered 16 apps featuring malware at Google Play that had been downloaded 20 million times.

How long does it take to break in to a target system?

  • About 25% of experts said they can enter a victim's system in 3 or 5 hours.
  • 57% said they can break in within 10 hours.
  • This is good news for individuals and small businesses who are not high profile targets. If your phone, PCs, and routers have solid basic protection up-to-date and active, hackers won't spend much time knocking on your door. They will quickly move on to the next target. Here are more tips for securing the basic things.
  • I have followed on a server console when hackers are trying to break in to our content management system where we publish our articles. A typical scenario is that they try to break in for a few minutes, maximum for an hour, and move on. Even though the attacks tend to be automated, they don't last long once they realize it won't be easy to get in.

64% of experts say they can quietly hoover data from the victim's system in less than five hours after they have managed to break in. 41% only need two hours or even shorter time to access the data.


In a fast attack scenario, cyber criminals may break in, copy the data, and perhaps lock it down for ransom in a couple of hours. Other type of attackers may choose to stay in a target system quietly, waiting for commands to be executed later. So, not to let anyone in is the objective for every organization and individual who is planning to protect data and devices.

The internet, email or social media is not going away because of serious cyber crime problems. What is going to end is our current careless behavior in the digital world. Too many cyber attacks succeed because victims help attackers to get in. Social engineering works. It has to end. We have to learn safer ways to behave in the digital world.

The Register reported about the research.

Header image by Gerd Altmann.

News

2025-01-15 08:59:00

Not to mention travel – when real life experiences in a destination don’t match the expectations and everything that can go wrong, goes wrong. Well, that’s the beauty of #travel. #Europehttps://klaava.com/nitpickers-travel-journal-travel-lessons-learned-in-2024/


News

2025-01-11 13:25:00

A conclusion from the Traffic Scorecard 2024 results is it takes about double the time to drive along the streets of London (the most congested city in #Europe) than the streets of Munich, which is ranked the 21st most congested European city. #traffic #travelhttps://klaava.com/the-cities-in-europe-where-people-are-stuck-in-traffic-most-often/


A shop dedicated to tasty juice

2025-01-09 14:04:10

arihak

A shop dedicated to tasty juice


in the busy old town center.

2025-01-08 16:16:08

in the busy old town center.


News

2025-01-07 14:56:00

A reminder for keeping your data safe when traveling. Why? It is likely that you have to access your most critical data in risky situations on the road.https://cybernews.com/privacy/how-to-protect-your-sensitive-information-while-traveling/


News

2025-01-02 16:33:00

What about the scenery, you who are hurrying to the other side?#streetphotography#streetphoto


News

2025-01-01 16:06:00

According to a survey, third of travelers are victims of online booking scams. Since it is so convenient to make travel reservations online, that’s what we do. The problem is that we haven’t adopted new methods to avoid online scams. #travel #scamhttps://klaava.com/a-traveler-is-more-likely-to-get-scammed-when-booking-a-trip-than-being-robbed-in-a-destination/


Perhaps road builders had too much time?

2024-12-29 15:19:44

Perhaps road builders had too much time?


News

2024-12-27 18:25:00

#Photography is full of so-called “rules” that can feel overwhelming. However, some of these “rules” are downright myths.https://www.diyphotography.net/debunking-seven-common-myths-photographers-still-believe-in/


What should I read next?

2024-12-25 15:18:22

arihak

What should I read next?


News

2024-12-23 11:34:00

Since #EU #DMA has specified #Apple as a #gatekeeper in #mobile devices, EU considers Apple should implement several iOS connectivity features, predominantly used for and by connected devices. For instance, notifications, automatic Wi-Fi connection, AirPlay, AirDrop, or Bluetooth audio switching.https://digital-markets-act.ec.europa.eu/commission-seeks-feedback-measures-apple-should-take-ensure-interoperability-under-digital-markets-2024-12-19_en


News

2024-12-21 14:51:00

Smartphone users in the US are not impressed with the latest artificial intelligence features on their devices with 73 percent of Apple users and 87 percent of Samsung users unsatisfied, according to a new study. #phone #AIhttps://petapixel.com/2024/12/19/majority-of-smartphone-users-are-unimpressed-with-ai-features-study-finds/


There should be enough ice already to open the hotel

2024-12-20 16:40:17

There should be enough ice already to open the hotel


Hiking on a mountain experience: the end of an ancient tunnel

2024-12-09 14:12:31

arihak

Hiking on a mountain experience: the end of an ancient tunnel


on a hot summer day

2024-12-02 18:47:01

on a hot summer day


Cloudy day in a valley

2024-11-25 16:31:59

arihak

Cloudy day in a valley


In the shade of a lone palm tree

2024-11-25 15:46:29

In the shade of a lone palm tree


an abandoned town?

2024-11-07 18:35:22

an abandoned town?


A quiet moment between heavy rain

2024-10-24 17:34:45

A quiet moment between heavy rain


Everyone loves a pretty mountain scenery

2024-10-24 16:54:02

arihak

Everyone loves a pretty mountain scenery