Название: Social Engineering in Cybersecurity: Threats and Defenses Автор: Gururaj H L, Janhavi V, Ambika V Издательство: CRC Press Год: 2024 Страниц: 241 Язык: английский Формат: pdf (true), epub Размер: 10.1 MB
In today’s digitally interconnected world, the threat landscape has evolved to include not just sophisticated technical exploits but also the art of human manipulation. Social engineering attacks have emerged as a formidable and often underestimated threat to information security. The primary aim of this textbook is to provide a comprehensive and in-depth exploration of social engineering attacks. The book seeks to equip cybersecurity professionals, IT practitioners, students, and anyone concerned with information security with the knowledge and tools needed to recognize, prevent, and mitigate the risks posed by social engineering. The scope of this textbook is broad and multifaceted. It covers a wide range of social engineering attack vectors, including phishing, vishing, pretexting, baiting, tailgating, impersonation, and more. Each attack vector is dissected, with detailed explanations of how they work, real-world examples, and countermeasures.
A packet sniffer is a technique for intercepting network packets or a type of spyware that hackers use to track individuals connected to a network. Although packet sniffing technologies are used by network administrators to monitor and verify network traffic, hackers may employ similar tools for unethical objectives. A WIFI adapter with monitor mode and packet sniffing capability is the most crucial item for packet sniffing. It is recommended to use a guest operating system, such as Kali Linux, to carry out packet sniffing.
For packet sniffing, a person must be familiar not only with using terminals and sniffer tools such as Wireshark, Ettercap, Driftnet, etc. but also with network layer protocols. There are both ethical and unethical uses for packet sniffing. Network vulnerabilities, for instance, can be found by both monitoring network traffic and detecting network problems. For unethical purposes, packet sniffing could allow the theft of sensitive data, including login information, the list of websites visited, and the information accessed.
Open-source intelligence (OSINT) has emerged as a prevalent and growing tactic employed by attackers in their efforts to target organizations and their personnel. OSINT involves the collection of data from publicly accessible sources, including social media, news articles, government reports, and academic papers. Attackers leverage this wealth of information to craft convincing social engineering campaigns that instantly resonate with their intended targets.
Numerous open-source channels serve as valuable resources for OSINT, encompassing the internet (via search engines), social media platforms, blog posts, online forums, video sharing sites (such as YouTube), magazines, newspapers, radio, TV, and maps. Attackers utilize an array of tools and websites for OSINT gathering, such as Google dorking, namechk.com, and Glassdoor, which we delve into in subsequent sections. Once they amass this information, attackers construct tailored attack vectors aimed at organizations or individual employees. In the sections that follow, we elaborate on the methodologies that attackers employ in OSINT collection and the potential ramifications of this gathered intelligence.
The authors of Chapter 1 introduce the concept of social engineering and emphasise its role in hacking. This sets the stage for exploring how human psychology can be exploited for cyberattacks. Chapter 2 delves into the critical initial phase of social engineering, which is information gathering. It explores the techniques and methods that attackers use to collect data about their targets. The authors of Chapter 3 discuss the cybersecurity risks and vulnerabilities associated with social engineering. The chapter also presents countermeasures and strategies to prevent and mitigate these types of attacks. Chapter 4 focuses on packet sniffers and presents a case study that examines the tools, techniques, and tactics employed by attackers to intercept network traffic for malicious purposes. Chapter 5 explores the broader impact of social engineering attacks on organisations. It delves into the financial, reputational, and operational consequences of successful social engineering attacks. Chapter 6, “Impacts of Social Engineering in E-Banking”, specifically targets e-banking and investigates the unique impacts of social engineering attacks on the financial sector while highlighting the vulnerabilities and potential consequences. Chapters 7 and 8 unveil the tools and psychological principles behind social engineering, providing insights into how attackers manipulate human behaviour to achieve their goals. The authors of Chapter 9 focus on machine learning and introduce an algorithm designed to address social engineering attempts within chat messages to enhance security in online communication. Chapter 10 conducts a survey of security models tailored for the Internet of Things (IoT) and highlights the importance of safeguarding IoT ecosystems from social engineering threats. In Chapter 11, a study is conducted on image detection and extraction techniques that utilises Convolutional Neural Networks (CNN) and IoT to estimate distracted drivers, emphasising safety and security concerns in the automotive industry. The authors of Chapter 12 focus on cyberattacks, countermeasures, and their conclusions.
Key Features:
• Comprehensive Coverage: Thorough exploration of various social engineering attack vectors, including phishing, vishing, pretexting, baiting, quid pro quo, tailgating, impersonation, and more.
• Psychological Insights: In-depth examination of the psychological principles and cognitive biases that underlie social engineering tactics. • Real-World Case Studies: Analysis of real-world examples and high-profile social engineering incidents to illustrate concepts and techniques.
• Prevention and Mitigation: Practical guidance on how to recognize, prevent, and mitigate social engineering attacks, including security best practices.
• Ethical Considerations: Discussion of ethical dilemmas and legal aspects related to social engineering that emphasizes responsible use of knowledge.
This comprehensive textbook on social engineering attacks provides a deep and practical exploration of this increasingly prevalent threat in cybersecurity. It covers a wide array of attack vectors, including phishing, vishing, pretexting, and more, offering readers an in-depth understanding of how these attacks work. The book delves into the psychology behind social engineering and examines the cognitive biases and emotional triggers that make individuals susceptible. Real-world case studies illustrate concepts and techniques while practical guidance equips readers with the knowledge to recognize, prevent, and mitigate social engineering threats.
Скачать Social Engineering in Cybersecurity: Threats and Defenses
Навигация
Вход на сайт
Реклама
Social Engineering in Cybersecurity: Threats and Defenses 
