Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,240 --> 00:00:03,691
Are you aware of the different methods of social engineering used by bad actors 2
2
00:00:03,691 --> 00:00:06,369
today to infiltrate multiple different kinds of networks? 3
3
00:00:06,369 --> 00:00:10,759
If not, well, good news is we're going to have that conversation starting right now. 4
4
00:00:10,759 --> 00:00:13,643
>> You're watching ITProTv. 5
5
00:00:13,643 --> 00:00:19,979
[MUSIC] 6
6
00:00:19,979 --> 00:00:23,283
>> Well, welcome back to Security+ here at ITProTV, and 7
7
00:00:23,283 --> 00:00:27,445
in today's episode we will be talking all about social engineering. 8
8
00:00:27,445 --> 00:00:30,720
This is the art of human hacking as they say. 9
9
00:00:30,720 --> 00:00:34,740
And Wes, you're going to definitely take us down the road because we think 10
10
00:00:34,740 --> 00:00:38,410
social engineering, it's one of those umbrella terms in a lot of ways. 11
11
00:00:38,410 --> 00:00:43,016
But there are many different ways and avenues in which this could be teased out, 12
12
00:00:43,016 --> 00:00:43,713
as it were. 13
13
00:00:43,713 --> 00:00:45,363
>> Definitely. >> Where do we begin when we start having 14
14
00:00:45,363 --> 00:00:46,891
this conversation on social engineering? 15
15
00:00:46,891 --> 00:00:50,910
>> When CompTIA puts the social engineering objectives together, 16
16
00:00:50,910 --> 00:00:55,230
they put it in an area called threats, vulnerabilities and attacks. 17
17
00:00:55,230 --> 00:00:59,160
So what I thought would be good is right before we dive into social engineering, 18
18
00:00:59,160 --> 00:01:02,975
we look at just some basic terminology that you really have to keep in your mind 19
19
00:01:02,975 --> 00:01:05,866
as we go through, really, the rest of the entire series. 20
20
00:01:05,866 --> 00:01:09,956
So how about we start with some of just the basic principles, if you will? 21
21
00:01:09,956 --> 00:01:10,630
>> Start at the beginning? 22
22
00:01:10,630 --> 00:01:11,981
>> That's right, Dan, that sounds good. 23
23
00:01:11,981 --> 00:01:14,973
So we're gonna go ahead, and what do you say we get started with a concept known as 24
24
00:01:14,973 --> 00:01:16,079
the principles of security? 25
25
00:01:16,079 --> 00:01:17,630
So let's dive right in and 26
26
00:01:17,630 --> 00:01:21,376
we're talking about here is something known as the CIA triad. 27
27
00:01:21,376 --> 00:01:24,090
You may have seen this before or maybe you're not aware of it, right? 28
28
00:01:24,090 --> 00:01:27,901
And the CIA triad is really about these three principles, right? 29
29
00:01:27,901 --> 00:01:29,267
It's our goals in security, 30
30
00:01:29,267 --> 00:01:31,844
I've heard people say the pillars of security as well. 31
31
00:01:31,844 --> 00:01:33,360
And that's confidentiality, 32
32
00:01:33,360 --> 00:01:36,961
making sure that only the authorized users have access to the information. 33
33
00:01:36,961 --> 00:01:40,723
Integrity, making sure that the information that they should have access 34
34
00:01:40,723 --> 00:01:42,470
to stays in its own state, right? 35
35
00:01:42,470 --> 00:01:46,964
It's what we expect, it hasn't been modified whether it's through transmission 36
36
00:01:46,964 --> 00:01:50,650
errors or malicious means, but it stays in the state that we expect. 37
37
00:01:50,650 --> 00:01:51,813
And then finally, 38
38
00:01:51,813 --> 00:01:56,111
one that might be forgotten as a principal security is availability. 39
39
00:01:56,111 --> 00:01:59,228
And that means that the authorized users have access to the data, 40
40
00:01:59,228 --> 00:02:03,381
the data maintains its integrity, but it's also available to them when they need it. 41
41
00:02:03,381 --> 00:02:06,900
So be aware of what's known as the CIA triad. 42
42
00:02:06,900 --> 00:02:10,136
Now, some of the other basic terms that we have are things like vulnerabilities. 43
43
00:02:10,136 --> 00:02:14,082
And a vulnerability, essentially, boil it down to just a weakness, it's a weakness. 44
44
00:02:14,082 --> 00:02:19,011
And that weakness can be in things like for instance, software bugs, it could 45
45
00:02:19,011 --> 00:02:23,864
be things like some of the default configurations, and we talk about later on 46
46
00:02:23,864 --> 00:02:28,887
in the series here, we'll talk more about some examples of vulnerabilities. 47
47
00:02:28,887 --> 00:02:33,013
But defaults, leaving the default configurations that can be checked on 48
48
00:02:33,013 --> 00:02:37,803
vendors' websites and then people can gain access to whatever it might be, a piece of 49
49
00:02:37,803 --> 00:02:42,352
software, a piece of network equipment, things like weak passwords, right? 50
50
00:02:42,352 --> 00:02:46,220
This is going to be all examples of vulnerability, right? 51
51
00:02:46,220 --> 00:02:50,644
So be aware that vulnerability is typically some kind of weakness. 52
52
00:02:50,644 --> 00:02:54,274
>> Now that's not the only thing we got to be worried about, because a lot of times 53
53
00:02:54,274 --> 00:02:57,244
these two terms can get a little confused, and for good reason, 54
54
00:02:57,244 --> 00:03:00,491
they're very similar but there is a distinction that we need to make. 55
55
00:03:00,491 --> 00:03:03,540
So you've mentioned vulnerabilities, what I'm talking about are threats. 56
56
00:03:03,540 --> 00:03:06,156
Could you help us understand what the difference is there so 57
57
00:03:06,156 --> 00:03:07,685
that we don't make that mistake? 58
58
00:03:07,685 --> 00:03:08,787
>> Sure, absolutely. 59
59
00:03:08,787 --> 00:03:13,419
When it comes to something like a threat, a threat, you'll hear it formally 60
60
00:03:13,419 --> 00:03:17,580
saying any event or circumstance that violates the CIA, all right? 61
61
00:03:17,580 --> 00:03:21,410
It's any condition that leaves you open to some kind of attack. 62
62
00:03:21,410 --> 00:03:24,961
And you'll see that we'll talk about, in later episodes, things like threat 63
63
00:03:24,961 --> 00:03:28,201
hunting, we'll talk about vulnerabilities, threats and exposure. 64
64
00:03:28,201 --> 00:03:32,499
We'll talk about all of this stuff, but basically coming down to any kind of 65
65
00:03:32,499 --> 00:03:37,218
circumstance, a capability or an action that could lead to causing harm, right? 66
66
00:03:37,218 --> 00:03:40,580
And it's information technology, so a lot of times we say harm, 67
67
00:03:40,580 --> 00:03:44,801
it's harming your business's reputation through gaining access to your data, 68
68
00:03:44,801 --> 00:03:47,571
stealing your user credentials, things like that. 69
69
00:03:47,571 --> 00:03:51,966
So some examples, malware, we have phishing scams where people try to gain 70
70
00:03:51,966 --> 00:03:55,350
access to your sensitive information, hackers as well. 71
71
00:03:55,350 --> 00:03:59,766
All different potential threats that we would need to be aware of. 72
72
00:03:59,766 --> 00:04:03,607
>> Now all of these threats ultimately could make you, and 73
73
00:04:03,607 --> 00:04:07,378
I think you actually used the term of an attack as well. 74
74
00:04:07,378 --> 00:04:10,328
So define attack so we can make sure that when I say attack and 75
75
00:04:10,328 --> 00:04:12,697
you say attack were all meaning the same thing. 76
76
00:04:12,697 --> 00:04:14,014
>> Absolutely, we can do that. 77
77
00:04:14,014 --> 00:04:17,357
So a vulnerability is a weakness, all right, 78
78
00:04:17,357 --> 00:04:21,829
an attack is the technique that exploits the vulnerability. 79
79
00:04:21,829 --> 00:04:27,189
That's essentially an attempt to expose, if you will, alter, disable, 80
80
00:04:27,189 --> 00:04:31,981
destroy, steal or gain some kind of unauthorized access, right? 81
81
00:04:31,981 --> 00:04:35,902
Things like network based attacks, application attacks, right? 82
82
00:04:35,902 --> 00:04:42,297
Again, it's a technique that exploits a weakness or a vulnerability in a system. 83
83
00:04:42,297 --> 00:04:46,738
So, definitely be aware of some of the basic terminology as we move through 84
84
00:04:46,738 --> 00:04:47,600
Security+. 85
85
00:04:47,600 --> 00:04:49,077
>> All right, so this has been a really good primer, right? 86
86
00:04:49,077 --> 00:04:51,924
So, we've set up our idea of security as a philosophy, 87
87
00:04:51,924 --> 00:04:55,498
looked at some of the underlying terminology that goes along with it, 88
88
00:04:55,498 --> 00:04:58,890
as well as even an idea into the actual nuts and bolts of the things, 89
89
00:04:58,890 --> 00:05:02,640
that there are attacks and vulnerabilities and things of that nature. 90
90
00:05:02,640 --> 00:05:04,250
Typically very technical in nature. 91
91
00:05:04,250 --> 00:05:06,910
But this is about social engineering. 92
92
00:05:06,910 --> 00:05:10,990
Where does social engineering come into this arena? 93
93
00:05:10,990 --> 00:05:12,510
Well, social engineering, 94
94
00:05:12,510 --> 00:05:15,681
this can be something that is essentially an attack, right? 95
95
00:05:15,681 --> 00:05:18,762
If you think about it, it's attacking some kind of system, and let's go ahead and 96
96
00:05:18,762 --> 00:05:19,523
boil this one down. 97
97
00:05:19,523 --> 00:05:23,580
Social engineering, bad people tricking authorized users, right? 98
98
00:05:23,580 --> 00:05:27,783
It's usually for the purposes of trying to gain credentials, 99
99
00:05:27,783 --> 00:05:33,174
sensitive information that maybe can lead people, or bad actors, if you will, 100
100
00:05:33,174 --> 00:05:38,271
into having access to things that they normally shouldn't have access to. 101
101
00:05:38,271 --> 00:05:41,911
So bad people tricking the authorized users. 102
102
00:05:41,911 --> 00:05:46,376
Now, there are several different types of social engineering scams that we have to 103
103
00:05:46,376 --> 00:05:48,499
worry about, techniques if you will. 104
104
00:05:48,499 --> 00:05:52,740
And probably one of the most prevalent on the block today is something known as 105
105
00:05:52,740 --> 00:05:53,670
phishing. 106
106
00:05:53,670 --> 00:05:57,054
Now I will tell you there are a lot of forms of phishing and 107
107
00:05:57,054 --> 00:06:01,170
it's really just slight variations on the term phishing, right? 108
108
00:06:01,170 --> 00:06:04,021
Phishing is an email based scam, right? 109
109
00:06:04,021 --> 00:06:08,234
This is where somebody sends you an email that says, 110
110
00:06:08,234 --> 00:06:14,359
hey you need to have some kind of, I don't know, I'm trying to think here, 111
111
00:06:14,359 --> 00:06:18,885
we need you to send us money for Apple Pay cards, right? 112
112
00:06:18,885 --> 00:06:19,877
>> That's a popular one there. 113
113
00:06:19,877 --> 00:06:24,370
>> And it's a very, very popular one, just send us four or five of those $500 Apple 114
114
00:06:24,370 --> 00:06:28,140
cards, right, and we can get whatever it is that we need to get done. 115
115
00:06:28,140 --> 00:06:29,941
Now there are some other ones like vishing. 116
116
00:06:29,941 --> 00:06:31,416
Vishing is a form of phishing, 117
117
00:06:31,416 --> 00:06:34,437
the difference is it's typically with a voice over IP system. 118
118
00:06:34,437 --> 00:06:36,469
Smishing, we'll talk about that one coming up. 119
119
00:06:36,469 --> 00:06:38,890
Spear fishing, we also have whaling. 120
120
00:06:38,890 --> 00:06:42,614
And then finally just some of the ways that phishing scams can be successful, 121
121
00:06:42,614 --> 00:06:46,050
it's typically through things like spam, as well as things that can be 122
122
00:06:46,050 --> 00:06:49,141
sent through an instant messenger, I wish I was making this up, 123
123
00:06:49,141 --> 00:06:52,845
but there's a spim, and that's a spam essentially of instant messaging. 124
124
00:06:52,845 --> 00:06:56,080
So let's dive into these a little bit more, because I couldn't for 125
125
00:06:56,080 --> 00:06:59,170
the life of me think about the Apple Pay phishing example [LAUGH]. 126
126
00:06:59,170 --> 00:07:02,149
>> [LAUGH] I love when your brain goes, I'm going on a break. 127
127
00:07:02,149 --> 00:07:03,194
>> That's right. 128
128
00:07:03,194 --> 00:07:05,357
I don't care where you're going but I won't be there when you get there [LAUGH]. 129
129
00:07:05,357 --> 00:07:06,868
>> I'll be here cooking with a smile out. 130
130
00:07:06,868 --> 00:07:08,498
>> [LAUGH] That's right. 131
131
00:07:08,498 --> 00:07:11,241
So you've probably seen one of these before, right? 132
132
00:07:11,241 --> 00:07:14,586
This is a typical type of phishing scam where somebody sends you something that 133
133
00:07:14,586 --> 00:07:17,788
looks like it's coming from an authorized or an authoritative location. 134
134
00:07:17,788 --> 00:07:21,247
We just used an example of iTunes, and by the way, iTunes, it's safe, 135
135
00:07:21,247 --> 00:07:24,766
we're not picking on Apple, these are just the avenues and the methods, 136
136
00:07:24,766 --> 00:07:25,921
right, that they use. 137
137
00:07:25,921 --> 00:07:29,952
The attack vector, if you will, being, hey, this is coming in via email, right? 138
138
00:07:29,952 --> 00:07:34,841
And we're basically trying to trick you into giving us credentials 139
139
00:07:34,841 --> 00:07:37,077
to your cloud based platform. 140
140
00:07:37,077 --> 00:07:41,412
>> Yeah, back when I worked Helpdesk, back when dinosaurs roamed the earth, I had 141
141
00:07:41,412 --> 00:07:45,836
a guy, he was getting a malware installed, my antivirus system was going crazy. 142
142
00:07:45,836 --> 00:07:48,892
He said, yeah, I got this email from DHL that said I had a package ready. 143
143
00:07:48,892 --> 00:07:51,494
I said, do you have a package that you're expecting from DHL? 144
144
00:07:51,494 --> 00:07:52,302
He said, no. 145
145
00:07:52,302 --> 00:07:53,876
>> [LAUGH] >> So 146
146
00:07:53,876 --> 00:07:57,155
why would they be telling you that you have a package ready if you don't? 147
147
00:07:57,155 --> 00:07:59,412
>> He said, I don't know, but I wanted to see what it was. 148
148
00:07:59,412 --> 00:08:01,591
And it was just a fishing length and [CROSSTALK] You click the link, 149
149
00:08:01,591 --> 00:08:02,551
it was installing malware. 150
150
00:08:02,551 --> 00:08:08,340
So you might not be itunes, you might not be DHL you might not be Fedex. 151
151
00:08:08,340 --> 00:08:09,561
That's the whole idea behind this. 152
152
00:08:09,561 --> 00:08:11,084
Right? It's [CROSSTALK] Absolutely use it as 153
153
00:08:11,084 --> 00:08:11,591
camouflage. 154
154
00:08:11,591 --> 00:08:12,290
Get somebody click on. 155
155
00:08:12,290 --> 00:08:13,071
That's right. 156
156
00:08:13,071 --> 00:08:14,924
A lot of people don't hover over these links and 157
157
00:08:14,924 --> 00:08:17,251
realize that these links don't lead to anywhere in Apple. 158
158
00:08:17,251 --> 00:08:19,231
They lead to some other Gmail account or 159
159
00:08:19,231 --> 00:08:22,111
some kind of just recently made yahoo account right now. 160
160
00:08:22,111 --> 00:08:27,351
So when we look at vishing alright vishing is just again this is a voice over IP. 161
161
00:08:27,351 --> 00:08:28,271
Type of attack right? 162
162
00:08:28,271 --> 00:08:30,801
We're trying to gain information out of a voice over IP. 163
163
00:08:30,801 --> 00:08:32,176
Or even by phone. 164
164
00:08:32,176 --> 00:08:33,611
It could be a hoax right? 165
165
00:08:33,611 --> 00:08:35,482
Somebody calling you on the phone saying hey and 166
166
00:08:35,482 --> 00:08:38,617
unfortunately this does happen saying hey your relative just got in an accident 167
167
00:08:38,617 --> 00:08:40,131
there sitting in the emergency room. 168
168
00:08:40,131 --> 00:08:43,710
They need 1200 bucks to be able to take care of them, right? 169
169
00:08:43,710 --> 00:08:47,670
They play on the urgency, they play on your heart, pull your heart strings and 170
170
00:08:47,670 --> 00:08:49,637
try to get money out of you that way. 171
171
00:08:49,637 --> 00:08:53,171
We talked about smashing, right, skirmishing again. 172
172
00:08:53,171 --> 00:08:54,580
Think of SmS. 173
173
00:08:54,580 --> 00:08:57,940
It's a phishing scam, but it's through SMS text messages, right? 174
174
00:08:57,940 --> 00:09:02,604
In fact, one of our entertainers about a couple weeks back received a text message 175
175
00:09:02,604 --> 00:09:06,933
from the United States Postal Service saying there was something wrong with 176
176
00:09:06,933 --> 00:09:11,194
the shipment and they needed to contact or get some contact information and 177
177
00:09:11,194 --> 00:09:12,640
click the link. 178
178
00:09:12,640 --> 00:09:16,164
The United States Postal Service is not gonna be emailing or texting you 179
179
00:09:16,164 --> 00:09:20,217
personally to let you know that they've done something wrong with your package or 180
180
00:09:20,217 --> 00:09:21,821
something that's happening. 181
181
00:09:21,821 --> 00:09:24,910
So that should be a clear indicator that it might seem urgent. 182
182
00:09:24,910 --> 00:09:28,611
You might trust it the authority over it, but it's not valid. 183
183
00:09:28,611 --> 00:09:31,531
>> I mean, the United States Postal Service is a hard time just getting you 184
184
00:09:31,531 --> 00:09:32,172
your package. 185
185
00:09:32,172 --> 00:09:34,386
>> [LAUGH] >> They're not going out of their 186
186
00:09:34,386 --> 00:09:37,030
way to text you personally, you know, something's ready. 187
187
00:09:37,030 --> 00:09:37,711
>> Yeah, sure. 188
188
00:09:37,711 --> 00:09:41,555
And you know, it goes back to the end user that you were supporting dan, you know, 189
189
00:09:41,555 --> 00:09:44,789
they just don't know that's why users on awareness is one of the very 190
190
00:09:44,789 --> 00:09:46,580
first methods and layer of defense. 191
191
00:09:46,580 --> 00:09:51,612
I know dan's done some security user awareness training here, I know helped set 192
192
00:09:51,612 --> 00:09:56,348
that up and we do it here to make people aware that this is a very real threat and 193
193
00:09:56,348 --> 00:10:00,070
it's a very real attack vector that you need to be aware of. 194
194
00:10:00,070 --> 00:10:03,750
Now, spearfishing, you're going to notice something that looks the same, right? 195
195
00:10:03,750 --> 00:10:05,001
It's a phishing scam. 196
196
00:10:05,001 --> 00:10:09,704
But now who we're going after is a little bit different in a phishing scam, 197
197
00:10:09,704 --> 00:10:11,890
it's spam, it's just blanket. 198
198
00:10:11,890 --> 00:10:13,900
We're just gonna throw a big old net out there. 199
199
00:10:13,900 --> 00:10:16,870
I think I got that, I'm gonna steal dance term here, 200
200
00:10:16,870 --> 00:10:19,261
throw that net out there as wide as you can. 201
201
00:10:19,261 --> 00:10:21,270
Just get as many people as you can. 202
202
00:10:21,270 --> 00:10:24,269
All right, spear phishing attack is a little bit different because now it's 203
203
00:10:24,269 --> 00:10:25,061
a targeted attack. 204
204
00:10:25,061 --> 00:10:29,551
Now we know that dan works for X, y, Z company and he's the admin and we also 205
205
00:10:29,551 --> 00:10:34,115
see some other people here that are having to log into the specific portal and 206
206
00:10:34,115 --> 00:10:36,271
we know they work for this company. 207
207
00:10:36,271 --> 00:10:39,108
So we're gonna set just the people within that company, 208
208
00:10:39,108 --> 00:10:43,021
a bunch of these type of phishing attacks and again, it's a targeted attack. 209
209
00:10:43,021 --> 00:10:47,271
It's really the only thing they're going after that specific company instead of 210
210
00:10:47,271 --> 00:10:50,430
just saying, hey, whatever I get his grades, I like them. 211
211
00:10:50,430 --> 00:10:53,440
I think they got some money or they gotta something I'm going to go after. 212
212
00:10:53,440 --> 00:10:57,049
Absolutely target the most, definitely not just blanketing the entire email 213
213
00:10:57,049 --> 00:11:00,231
infrastructure, but an actual attack against a specific company. 214
214
00:11:00,231 --> 00:11:02,260
Now you're gonna notice whaling here? 215
215
00:11:02,260 --> 00:11:02,981
Well, that's a boy. 216
216
00:11:02,981 --> 00:11:06,061
We're getting a lot of re use out of this phishing email here because the difference 217
217
00:11:06,061 --> 00:11:07,741
between this, it's still a phishing scam. 218
218
00:11:07,741 --> 00:11:10,101
But now what you're doing is you are targeting the big fish. 219
219
00:11:10,101 --> 00:11:11,210
Hence the term whaling. 220
220
00:11:11,210 --> 00:11:15,209
We're looking for the people that most or probably have some of the higher level 221
221
00:11:15,209 --> 00:11:18,441
of authority within their company and we're going after them. 222
222
00:11:18,441 --> 00:11:22,552
So for instance, somebody doing an attack that a phishing attack that here at I 223
223
00:11:22,552 --> 00:11:25,792
t pro TV, that's maybe targeting things like for instance, 224
224
00:11:25,792 --> 00:11:28,431
maybe Tim broom our owner or don possessed right? 225
225
00:11:28,431 --> 00:11:29,570
Our co founder, right? 226
226
00:11:29,570 --> 00:11:34,077
The higher ups in the organization because they have a potential to have access to 227
227
00:11:34,077 --> 00:11:36,480
maybe more than the average user, right? 228
228
00:11:36,480 --> 00:11:40,540
Imagine getting access to as ceos inbox, right? 229
229
00:11:40,540 --> 00:11:42,945
You're going to have probably a plethora, 230
230
00:11:42,945 --> 00:11:47,041
I just want to be able to say platform, great information as a hacker. 231
231
00:11:47,041 --> 00:11:50,170
You see this a lot with business email compromise or B E C. 232
232
00:11:50,170 --> 00:11:54,170
They go after the whales because they do have that authority and access. 233
233
00:11:54,170 --> 00:11:58,079
Now if I can take over their account or maybe impersonate them in some way, 234
234
00:11:58,079 --> 00:12:01,986
shape or form that I can say, hey, transfer some funds to such and such and 235
235
00:12:01,986 --> 00:12:04,281
whomever just goes, it's the boss. 236
236
00:12:04,281 --> 00:12:04,950
Just do it. 237
237
00:12:04,950 --> 00:12:06,330
Yeah. And there You go. 238
238
00:12:06,330 --> 00:12:07,228
Yeah. And you know, 239
239
00:12:07,228 --> 00:12:09,270
we're mentioning some of these terms they call that. 240
240
00:12:09,270 --> 00:12:11,381
Is that the principles for success? 241
241
00:12:11,381 --> 00:12:13,189
Right? Why are these phishing scams 242
242
00:12:13,189 --> 00:12:14,500
success successful? 243
243
00:12:14,500 --> 00:12:15,730
Well, there's urgency. 244
244
00:12:15,730 --> 00:12:16,950
You gotta do it now. 245
245
00:12:16,950 --> 00:12:19,816
They're scarcity 30 seconds before it times out and 246
246
00:12:19,816 --> 00:12:22,340
you're never gonna have access to it again. 247
247
00:12:22,340 --> 00:12:25,647
I don't know if I mentioned authority coming from somebody that looks like 248
248
00:12:25,647 --> 00:12:26,441
the ceo, man. 249
249
00:12:26,441 --> 00:12:29,623
You know what tim's telling me, I need to send him my some information or 250
250
00:12:29,623 --> 00:12:31,961
credit card number because he needs to buy something. 251
251
00:12:31,961 --> 00:12:33,301
Well, that's authority, Right? 252
252
00:12:33,301 --> 00:12:34,100
That's trust. 253
253
00:12:34,100 --> 00:12:34,650
Right? And 254
254
00:12:34,650 --> 00:12:38,398
that's one of the reasons, one of quite a few reasons really 255
255
00:12:38,398 --> 00:12:42,170
that these social engineering attacks are are successful. 256
256
00:12:42,170 --> 00:12:46,731
>> Let's move on to some other types of techniques that we might see when it 257
257
00:12:46,731 --> 00:12:48,800
comes to using social engines. 258
258
00:12:48,800 --> 00:12:49,361
Sure. 259
259
00:12:49,361 --> 00:12:53,089
So we did mention there was a couple more and you ladies and gentlemen out there, 260
260
00:12:53,089 --> 00:12:57,001
you're smart crowd, you've seen this probably if even if you haven't been in I. 261
261
00:12:57,001 --> 00:12:59,029
T. You've probably opened email once or 262
262
00:12:59,029 --> 00:13:00,451
twice and you've seen the span. 263
263
00:13:00,451 --> 00:13:01,891
So we're not gonna harp on that one too much. 264
264
00:13:01,891 --> 00:13:05,433
But understand that in a phishing attack where they're blanketing everybody, 265
265
00:13:05,433 --> 00:13:08,973
they're casting the net spam is typically going to be the way that they're going 266
266
00:13:08,973 --> 00:13:09,511
to do that. 267
267
00:13:09,511 --> 00:13:11,541
And again remember spam and spam. 268
268
00:13:11,541 --> 00:13:13,527
Right. One is just gonna be a flooding of emails, 269
269
00:13:13,527 --> 00:13:16,523
the other one's just gonna be a flooding of sMS messages, right? 270
270
00:13:16,523 --> 00:13:22,150
You know, just to try to again scrape some of that, that very important information. 271
271
00:13:22,150 --> 00:13:23,061
But what about farming? 272
272
00:13:23,061 --> 00:13:26,342
This this seems to have gone up in populated here in the recent past and 273
273
00:13:26,342 --> 00:13:28,120
explain a little bit about farming. 274
274
00:13:28,120 --> 00:13:31,920
Sure farming is typically there's gonna be some kind of manipulation of the DNS 275
275
00:13:31,920 --> 00:13:34,940
infrastructure and we'll talk about DNS a little bit later. 276
276
00:13:34,940 --> 00:13:40,590
Just bear, just real basically remember what DNS does I type in a name, www. 277
277
00:13:40,590 --> 00:13:43,760
My website dot com and it goes over to the internet. 278
278
00:13:43,760 --> 00:13:45,401
DNS resolves it to an I. 279
279
00:13:45,401 --> 00:13:46,931
P. Address and my browser connection. 280
280
00:13:46,931 --> 00:13:48,540
That's all I have to do. 281
281
00:13:48,540 --> 00:13:50,341
If I can put a bad response. 282
282
00:13:50,341 --> 00:13:51,411
Let me show you what I mean here. 283
283
00:13:51,411 --> 00:13:58,450
If I can put a bad response in that with that DNS request and I can tell you that. 284
284
00:13:58,450 --> 00:14:01,691
Yeah my website goes to and it's a malicious I. 285
285
00:14:01,691 --> 00:14:02,510
P. 286
286
00:14:02,510 --> 00:14:05,180
Then what we can do is we can tell all of the people for 287
287
00:14:05,180 --> 00:14:07,680
instance that are logging into this web site. 288
288
00:14:07,680 --> 00:14:10,540
They think they're logging into my bank dot net. 289
289
00:14:10,540 --> 00:14:12,495
Right. Some kind of banking application, 290
290
00:14:12,495 --> 00:14:16,140
they're actually being redirected to a malicious website that may be spoofed it. 291
291
00:14:16,140 --> 00:14:18,421
And what they're doing is they're farming. 292
292
00:14:18,421 --> 00:14:22,552
If you can see it's kind of like bringing everybody in to try to gain all of 293
293
00:14:22,552 --> 00:14:26,520
their gain, a whole bunch of just sensitive information from them. 294
294
00:14:26,520 --> 00:14:30,944
Watering hole attacks and another one that has come up quite recently, actually very, 295
295
00:14:30,944 --> 00:14:31,731
very popular. 296
296
00:14:31,731 --> 00:14:33,440
If you can pull it off, it's very devastating. 297
297
00:14:33,440 --> 00:14:33,991
Sure. 298
298
00:14:33,991 --> 00:14:37,671
So, you know, the waterhole attack again, when we talk about farming, right? 299
299
00:14:37,671 --> 00:14:41,254
One of the things that you might do in a farming attack, as you might find out by, 300
300
00:14:41,254 --> 00:14:42,830
hey, where's everybody going? 301
301
00:14:42,830 --> 00:14:45,651
If I can spoof one website, what should I spoof? 302
302
00:14:45,651 --> 00:14:48,140
Well, let's look at where all the employees are going. 303
303
00:14:48,140 --> 00:14:50,151
That's where, where they're all coming to. 304
304
00:14:50,151 --> 00:14:54,918
And if we can make, you know, exploit some vulnerability in that web application 305
305
00:14:54,918 --> 00:14:59,300
then, since everybody's going there, take of a watering hole, right? 306
306
00:14:59,300 --> 00:15:01,216
Think about the watering hole attack, 307
307
00:15:01,216 --> 00:15:03,847
where they always think of the Nile crocs, right? 308
308
00:15:03,847 --> 00:15:07,561
Everybody all the wildebeest, they're all coming down to one location. 309
309
00:15:07,561 --> 00:15:09,720
Well why are the Nile crocs there? 310
310
00:15:09,720 --> 00:15:11,923
They know everybody is going to have to come down and get a drink and 311
311
00:15:11,923 --> 00:15:13,901
when they mount an attack, it's going to be successful. 312
312
00:15:13,901 --> 00:15:16,540
And for them it's gonna be lunch for our Attackers. 313
313
00:15:16,540 --> 00:15:20,136
It means that they're gonna probably do something like maybe even credential 314
314
00:15:20,136 --> 00:15:23,132
harvesting, where they're gonna get all of this information, 315
315
00:15:23,132 --> 00:15:26,455
start out with a waterhole watering hole attack, bring everybody in and 316
316
00:15:26,455 --> 00:15:30,017
as everybody starts logging into what they think is the legitimate website. 317
317
00:15:30,017 --> 00:15:34,315
It's actually a malicious website and they're storing all those credentials may 318
318
00:15:34,315 --> 00:15:38,051
be to sell them later on the dark web, and make some money on them dan you, 319
319
00:15:38,051 --> 00:15:41,271
I think you were telling me that that's become quite a trend. 320
320
00:15:41,271 --> 00:15:44,178
Almost like hacking as a service where hey, if I can get in and 321
321
00:15:44,178 --> 00:15:47,826
get these large pools of credentials, we go out to the dark web and we can just 322
322
00:15:47,826 --> 00:15:51,722
sell the credentials and make money and I don't even have to attack anything. 323
323
00:15:51,722 --> 00:15:54,257
>> Yeah. Hey, if you get people want something, 324
324
00:15:54,257 --> 00:15:57,572
there's gonna be a supply and demand kind of thing going on and 325
325
00:15:57,572 --> 00:16:01,674
people will be able to make a little bit of money off that now that being said. 326
326
00:16:01,674 --> 00:16:05,799
There are some really tricky mechanisms that are being used by these threat actors 327
327
00:16:05,799 --> 00:16:07,790
to pull off these social engineering. 328
328
00:16:07,790 --> 00:16:11,118
Because we all know you look at links, you verify that email, 329
329
00:16:11,118 --> 00:16:12,400
are their U R L address. 330
330
00:16:12,400 --> 00:16:14,987
Should I say before you click on those links and 331
331
00:16:14,987 --> 00:16:18,520
if you click on them at all right, that might not be a good idea. 332
332
00:16:18,520 --> 00:16:24,130
How do they get away with clicking or making it look legitimate for an end user? 333
333
00:16:24,130 --> 00:16:27,409
>> Well, one of the ways I think of Don here is something that you've probably 334
334
00:16:27,409 --> 00:16:29,349
seen and maybe even done if you type like me. 335
335
00:16:29,349 --> 00:16:32,558
And as you follow us along through this series, you'll see how bad I type and 336
336
00:16:32,558 --> 00:16:34,490
that's something known as typo squatting. 337
337
00:16:34,490 --> 00:16:37,694
If you've ever typed maybe something like this where 338
338
00:16:37,694 --> 00:16:40,130
you typed google quite a little bit off. 339
339
00:16:40,130 --> 00:16:43,363
Well, google's got really good at a lot of the major websites that you go 340
340
00:16:43,363 --> 00:16:45,961
to have got a really good about buying these names as well. 341
341
00:16:45,961 --> 00:16:48,687
But earlier on there was no guarantee that when you typed 342
342
00:16:48,687 --> 00:16:51,761
something like google with too many os that it would take you and 343
343
00:16:51,761 --> 00:16:54,261
redirect you to an actual legitimate google site. 344
344
00:16:54,261 --> 00:16:57,878
It could redirect you to somebody's malicious website where they can do for 345
345
00:16:57,878 --> 00:17:00,093
whatever nefarious purpose they're doing. 346
346
00:17:00,093 --> 00:17:03,939
But they could maybe do drive by, download and get some malicious code on your 347
347
00:17:03,939 --> 00:17:07,271
network or on your devices and maybe your network by association. 348
348
00:17:07,271 --> 00:17:11,075
So type of squatting is exactly what it sounds like, it's a little, 349
349
00:17:11,075 --> 00:17:12,670
spelling errors on the U R L. 350
350
00:17:12,670 --> 00:17:16,641
Also U R L squatting if you will to that leads you to a malicious site when you 351
351
00:17:16,641 --> 00:17:20,119
think you were gonna supposed to go to some legitimate website. 352
352
00:17:20,119 --> 00:17:24,204
>> Awesome, now, I know you've got a few other techniques for us really quickly, 353
353
00:17:24,204 --> 00:17:25,145
like physical >> Sure 354
354
00:17:25,145 --> 00:17:26,891
>> Of social engineering techniques. 355
355
00:17:26,891 --> 00:17:27,470
What were they? 356
356
00:17:27,470 --> 00:17:30,481
>> Absolutely, so I know we're running a little bit short on time here. 357
357
00:17:30,481 --> 00:17:33,459
So let's just talk about some of the physical techniques that he Don 358
358
00:17:33,459 --> 00:17:34,304
mentioning here. 359
359
00:17:34,304 --> 00:17:36,923
I mentioned or I think about things like dumpster diving, 360
360
00:17:36,923 --> 00:17:38,540
you have to be in the physical area. 361
361
00:17:38,540 --> 00:17:41,933
We think of those desk calendars, any calendar gets thrown away, 362
362
00:17:41,933 --> 00:17:45,388
little post it notes that end up in the dumpster people go through and 363
363
00:17:45,388 --> 00:17:47,713
they can actually scrape that information. 364
364
00:17:47,713 --> 00:17:49,555
And maybe maybe gain things like P Ii or 365
365
00:17:49,555 --> 00:17:51,820
use that information to attack your network. 366
366
00:17:51,820 --> 00:17:53,474
Other things are shoulder surfing, 367
367
00:17:53,474 --> 00:17:55,722
shoulder surfing is exactly what it sounds like. 368
368
00:17:55,722 --> 00:17:59,648
Looking over your shoulder maybe to try to glean what you're typing into, whatever it 369
369
00:17:59,648 --> 00:18:03,384
is that you're working on, whatever application it is that you're working on. 370
370
00:18:03,384 --> 00:18:06,892
Tailgating or piggyback attack is where you have one authorized person that 371
371
00:18:06,892 --> 00:18:10,040
authenticates and two people make their way through the entry. 372
372
00:18:10,040 --> 00:18:13,455
That's where we have, you probably see things like man traps and 373
373
00:18:13,455 --> 00:18:14,521
turnstiles right? 374
374
00:18:14,521 --> 00:18:16,137
Where it rotates and locks and 375
375
00:18:16,137 --> 00:18:19,660
the next person's gotta authenticate that it rotates again. 376
376
00:18:19,660 --> 00:18:22,261
Well that's a way to prevent these tailgating attacks. 377
377
00:18:22,261 --> 00:18:26,688
So tailgating attacks again are just those attacks where one authentication, 378
378
00:18:26,688 --> 00:18:30,796
two people are making their way through, usually an unauthorized user. 379
379
00:18:30,796 --> 00:18:35,249
And then pretexting, pretexting is one of these things where it's more of a, hey, 380
380
00:18:35,249 --> 00:18:39,472
we're gonna have some kind of pre thought of story and we're going to tell you. 381
381
00:18:39,472 --> 00:18:42,245
For instance when we say hey your son Bill, 382
382
00:18:42,245 --> 00:18:47,111
whatever was just in a car accident, right and you need to send this money. 383
383
00:18:47,111 --> 00:18:49,701
I've already come up with that story in my mind and 384
384
00:18:49,701 --> 00:18:53,781
kind of again pretext it pre scripted it if you will before I even talked to you. 385
385
00:18:53,781 --> 00:18:55,781
So those are some of the physical techniques and 386
386
00:18:55,781 --> 00:18:58,531
there's just a couple of little outliers that I want to mention. 387
387
00:18:58,531 --> 00:19:02,462
Things like invoice scams that make it look like you've purchased something and 388
388
00:19:02,462 --> 00:19:03,228
you haven't. 389
389
00:19:03,228 --> 00:19:07,386
And they want you to click on a link there if you will to try to solve the problem by 390
390
00:19:07,386 --> 00:19:10,734
entering your credentials and now they scrape those from you. 391
391
00:19:10,734 --> 00:19:11,574
And then a hoax, 392
392
00:19:11,574 --> 00:19:15,534
hoax if you will is again just like any misleading information sometimes maybe 393
393
00:19:15,534 --> 00:19:19,270
doesn't directly cause harm but can be more of a nuisance than anything. 394
394
00:19:19,270 --> 00:19:23,000
And the last one I would say is gonna be prepending and prepending attack. 395
395
00:19:23,000 --> 00:19:26,694
Some of the examples that I've seen before is where you modify and 396
396
00:19:26,694 --> 00:19:30,601
put information in front of URL and it modifies where it takes you to. 397
397
00:19:30,601 --> 00:19:33,498
So again just other types of attacks that you need to be aware of 398
398
00:19:33,498 --> 00:19:35,300
when it comes to Social Engineering. 399
399
00:19:35,300 --> 00:19:39,320
>> Well there you go now you can understand why social engineering might be 400
400
00:19:39,320 --> 00:19:43,078
such a popular avenue of attack for those threat actors out there. 401
401
00:19:43,078 --> 00:19:46,780
Because well it gets to this machine and not this machine so much. 402
402
00:19:46,780 --> 00:19:50,265
And we are unfortunately a lot of times the weakest links in and 403
403
00:19:50,265 --> 00:19:54,085
that's just because we need to understand how these things work and 404
404
00:19:54,085 --> 00:19:56,242
a lot of times is just all down to that. 405
405
00:19:56,242 --> 00:19:58,908
That being said great stuff here learned all about Social 406
406
00:19:58,908 --> 00:20:02,641
engineering physical social engineering attacks, principles of security. 407
407
00:20:02,641 --> 00:20:05,610
Great stuff more to come in the Security Plus series though. 408
408
00:20:05,610 --> 00:20:08,639
So be sure to stick around for that, as for this episode we're gonna 409
409
00:20:08,639 --> 00:20:11,471
call it a day, thanks for watching, we'll see you next time. 410
410
00:20:13,160 --> 00:20:15,852
Thank you for watching, IT Pro Tv. 411
411
00:20:15,852 --> 00:20:16,881
[BLANK_AUDIO]40507
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.