Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,240 --> 00:00:03,691 Are you aware of the different methods of social engineering used by bad actors 2 2 00:00:03,691 --> 00:00:06,369 today to infiltrate multiple different kinds of networks? 3 3 00:00:06,369 --> 00:00:10,759 If not, well, good news is we're going to have that conversation starting right now. 4 4 00:00:10,759 --> 00:00:13,643 >> You're watching ITProTv. 5 5 00:00:13,643 --> 00:00:19,979 [MUSIC] 6 6 00:00:19,979 --> 00:00:23,283 >> Well, welcome back to Security+ here at ITProTV, and 7 7 00:00:23,283 --> 00:00:27,445 in today's episode we will be talking all about social engineering. 8 8 00:00:27,445 --> 00:00:30,720 This is the art of human hacking as they say. 9 9 00:00:30,720 --> 00:00:34,740 And Wes, you're going to definitely take us down the road because we think 10 10 00:00:34,740 --> 00:00:38,410 social engineering, it's one of those umbrella terms in a lot of ways. 11 11 00:00:38,410 --> 00:00:43,016 But there are many different ways and avenues in which this could be teased out, 12 12 00:00:43,016 --> 00:00:43,713 as it were. 13 13 00:00:43,713 --> 00:00:45,363 >> Definitely. >> Where do we begin when we start having 14 14 00:00:45,363 --> 00:00:46,891 this conversation on social engineering? 15 15 00:00:46,891 --> 00:00:50,910 >> When CompTIA puts the social engineering objectives together, 16 16 00:00:50,910 --> 00:00:55,230 they put it in an area called threats, vulnerabilities and attacks. 17 17 00:00:55,230 --> 00:00:59,160 So what I thought would be good is right before we dive into social engineering, 18 18 00:00:59,160 --> 00:01:02,975 we look at just some basic terminology that you really have to keep in your mind 19 19 00:01:02,975 --> 00:01:05,866 as we go through, really, the rest of the entire series. 20 20 00:01:05,866 --> 00:01:09,956 So how about we start with some of just the basic principles, if you will? 21 21 00:01:09,956 --> 00:01:10,630 >> Start at the beginning? 22 22 00:01:10,630 --> 00:01:11,981 >> That's right, Dan, that sounds good. 23 23 00:01:11,981 --> 00:01:14,973 So we're gonna go ahead, and what do you say we get started with a concept known as 24 24 00:01:14,973 --> 00:01:16,079 the principles of security? 25 25 00:01:16,079 --> 00:01:17,630 So let's dive right in and 26 26 00:01:17,630 --> 00:01:21,376 we're talking about here is something known as the CIA triad. 27 27 00:01:21,376 --> 00:01:24,090 You may have seen this before or maybe you're not aware of it, right? 28 28 00:01:24,090 --> 00:01:27,901 And the CIA triad is really about these three principles, right? 29 29 00:01:27,901 --> 00:01:29,267 It's our goals in security, 30 30 00:01:29,267 --> 00:01:31,844 I've heard people say the pillars of security as well. 31 31 00:01:31,844 --> 00:01:33,360 And that's confidentiality, 32 32 00:01:33,360 --> 00:01:36,961 making sure that only the authorized users have access to the information. 33 33 00:01:36,961 --> 00:01:40,723 Integrity, making sure that the information that they should have access 34 34 00:01:40,723 --> 00:01:42,470 to stays in its own state, right? 35 35 00:01:42,470 --> 00:01:46,964 It's what we expect, it hasn't been modified whether it's through transmission 36 36 00:01:46,964 --> 00:01:50,650 errors or malicious means, but it stays in the state that we expect. 37 37 00:01:50,650 --> 00:01:51,813 And then finally, 38 38 00:01:51,813 --> 00:01:56,111 one that might be forgotten as a principal security is availability. 39 39 00:01:56,111 --> 00:01:59,228 And that means that the authorized users have access to the data, 40 40 00:01:59,228 --> 00:02:03,381 the data maintains its integrity, but it's also available to them when they need it. 41 41 00:02:03,381 --> 00:02:06,900 So be aware of what's known as the CIA triad. 42 42 00:02:06,900 --> 00:02:10,136 Now, some of the other basic terms that we have are things like vulnerabilities. 43 43 00:02:10,136 --> 00:02:14,082 And a vulnerability, essentially, boil it down to just a weakness, it's a weakness. 44 44 00:02:14,082 --> 00:02:19,011 And that weakness can be in things like for instance, software bugs, it could 45 45 00:02:19,011 --> 00:02:23,864 be things like some of the default configurations, and we talk about later on 46 46 00:02:23,864 --> 00:02:28,887 in the series here, we'll talk more about some examples of vulnerabilities. 47 47 00:02:28,887 --> 00:02:33,013 But defaults, leaving the default configurations that can be checked on 48 48 00:02:33,013 --> 00:02:37,803 vendors' websites and then people can gain access to whatever it might be, a piece of 49 49 00:02:37,803 --> 00:02:42,352 software, a piece of network equipment, things like weak passwords, right? 50 50 00:02:42,352 --> 00:02:46,220 This is going to be all examples of vulnerability, right? 51 51 00:02:46,220 --> 00:02:50,644 So be aware that vulnerability is typically some kind of weakness. 52 52 00:02:50,644 --> 00:02:54,274 >> Now that's not the only thing we got to be worried about, because a lot of times 53 53 00:02:54,274 --> 00:02:57,244 these two terms can get a little confused, and for good reason, 54 54 00:02:57,244 --> 00:03:00,491 they're very similar but there is a distinction that we need to make. 55 55 00:03:00,491 --> 00:03:03,540 So you've mentioned vulnerabilities, what I'm talking about are threats. 56 56 00:03:03,540 --> 00:03:06,156 Could you help us understand what the difference is there so 57 57 00:03:06,156 --> 00:03:07,685 that we don't make that mistake? 58 58 00:03:07,685 --> 00:03:08,787 >> Sure, absolutely. 59 59 00:03:08,787 --> 00:03:13,419 When it comes to something like a threat, a threat, you'll hear it formally 60 60 00:03:13,419 --> 00:03:17,580 saying any event or circumstance that violates the CIA, all right? 61 61 00:03:17,580 --> 00:03:21,410 It's any condition that leaves you open to some kind of attack. 62 62 00:03:21,410 --> 00:03:24,961 And you'll see that we'll talk about, in later episodes, things like threat 63 63 00:03:24,961 --> 00:03:28,201 hunting, we'll talk about vulnerabilities, threats and exposure. 64 64 00:03:28,201 --> 00:03:32,499 We'll talk about all of this stuff, but basically coming down to any kind of 65 65 00:03:32,499 --> 00:03:37,218 circumstance, a capability or an action that could lead to causing harm, right? 66 66 00:03:37,218 --> 00:03:40,580 And it's information technology, so a lot of times we say harm, 67 67 00:03:40,580 --> 00:03:44,801 it's harming your business's reputation through gaining access to your data, 68 68 00:03:44,801 --> 00:03:47,571 stealing your user credentials, things like that. 69 69 00:03:47,571 --> 00:03:51,966 So some examples, malware, we have phishing scams where people try to gain 70 70 00:03:51,966 --> 00:03:55,350 access to your sensitive information, hackers as well. 71 71 00:03:55,350 --> 00:03:59,766 All different potential threats that we would need to be aware of. 72 72 00:03:59,766 --> 00:04:03,607 >> Now all of these threats ultimately could make you, and 73 73 00:04:03,607 --> 00:04:07,378 I think you actually used the term of an attack as well. 74 74 00:04:07,378 --> 00:04:10,328 So define attack so we can make sure that when I say attack and 75 75 00:04:10,328 --> 00:04:12,697 you say attack were all meaning the same thing. 76 76 00:04:12,697 --> 00:04:14,014 >> Absolutely, we can do that. 77 77 00:04:14,014 --> 00:04:17,357 So a vulnerability is a weakness, all right, 78 78 00:04:17,357 --> 00:04:21,829 an attack is the technique that exploits the vulnerability. 79 79 00:04:21,829 --> 00:04:27,189 That's essentially an attempt to expose, if you will, alter, disable, 80 80 00:04:27,189 --> 00:04:31,981 destroy, steal or gain some kind of unauthorized access, right? 81 81 00:04:31,981 --> 00:04:35,902 Things like network based attacks, application attacks, right? 82 82 00:04:35,902 --> 00:04:42,297 Again, it's a technique that exploits a weakness or a vulnerability in a system. 83 83 00:04:42,297 --> 00:04:46,738 So, definitely be aware of some of the basic terminology as we move through 84 84 00:04:46,738 --> 00:04:47,600 Security+. 85 85 00:04:47,600 --> 00:04:49,077 >> All right, so this has been a really good primer, right? 86 86 00:04:49,077 --> 00:04:51,924 So, we've set up our idea of security as a philosophy, 87 87 00:04:51,924 --> 00:04:55,498 looked at some of the underlying terminology that goes along with it, 88 88 00:04:55,498 --> 00:04:58,890 as well as even an idea into the actual nuts and bolts of the things, 89 89 00:04:58,890 --> 00:05:02,640 that there are attacks and vulnerabilities and things of that nature. 90 90 00:05:02,640 --> 00:05:04,250 Typically very technical in nature. 91 91 00:05:04,250 --> 00:05:06,910 But this is about social engineering. 92 92 00:05:06,910 --> 00:05:10,990 Where does social engineering come into this arena? 93 93 00:05:10,990 --> 00:05:12,510 Well, social engineering, 94 94 00:05:12,510 --> 00:05:15,681 this can be something that is essentially an attack, right? 95 95 00:05:15,681 --> 00:05:18,762 If you think about it, it's attacking some kind of system, and let's go ahead and 96 96 00:05:18,762 --> 00:05:19,523 boil this one down. 97 97 00:05:19,523 --> 00:05:23,580 Social engineering, bad people tricking authorized users, right? 98 98 00:05:23,580 --> 00:05:27,783 It's usually for the purposes of trying to gain credentials, 99 99 00:05:27,783 --> 00:05:33,174 sensitive information that maybe can lead people, or bad actors, if you will, 100 100 00:05:33,174 --> 00:05:38,271 into having access to things that they normally shouldn't have access to. 101 101 00:05:38,271 --> 00:05:41,911 So bad people tricking the authorized users. 102 102 00:05:41,911 --> 00:05:46,376 Now, there are several different types of social engineering scams that we have to 103 103 00:05:46,376 --> 00:05:48,499 worry about, techniques if you will. 104 104 00:05:48,499 --> 00:05:52,740 And probably one of the most prevalent on the block today is something known as 105 105 00:05:52,740 --> 00:05:53,670 phishing. 106 106 00:05:53,670 --> 00:05:57,054 Now I will tell you there are a lot of forms of phishing and 107 107 00:05:57,054 --> 00:06:01,170 it's really just slight variations on the term phishing, right? 108 108 00:06:01,170 --> 00:06:04,021 Phishing is an email based scam, right? 109 109 00:06:04,021 --> 00:06:08,234 This is where somebody sends you an email that says, 110 110 00:06:08,234 --> 00:06:14,359 hey you need to have some kind of, I don't know, I'm trying to think here, 111 111 00:06:14,359 --> 00:06:18,885 we need you to send us money for Apple Pay cards, right? 112 112 00:06:18,885 --> 00:06:19,877 >> That's a popular one there. 113 113 00:06:19,877 --> 00:06:24,370 >> And it's a very, very popular one, just send us four or five of those $500 Apple 114 114 00:06:24,370 --> 00:06:28,140 cards, right, and we can get whatever it is that we need to get done. 115 115 00:06:28,140 --> 00:06:29,941 Now there are some other ones like vishing. 116 116 00:06:29,941 --> 00:06:31,416 Vishing is a form of phishing, 117 117 00:06:31,416 --> 00:06:34,437 the difference is it's typically with a voice over IP system. 118 118 00:06:34,437 --> 00:06:36,469 Smishing, we'll talk about that one coming up. 119 119 00:06:36,469 --> 00:06:38,890 Spear fishing, we also have whaling. 120 120 00:06:38,890 --> 00:06:42,614 And then finally just some of the ways that phishing scams can be successful, 121 121 00:06:42,614 --> 00:06:46,050 it's typically through things like spam, as well as things that can be 122 122 00:06:46,050 --> 00:06:49,141 sent through an instant messenger, I wish I was making this up, 123 123 00:06:49,141 --> 00:06:52,845 but there's a spim, and that's a spam essentially of instant messaging. 124 124 00:06:52,845 --> 00:06:56,080 So let's dive into these a little bit more, because I couldn't for 125 125 00:06:56,080 --> 00:06:59,170 the life of me think about the Apple Pay phishing example [LAUGH]. 126 126 00:06:59,170 --> 00:07:02,149 >> [LAUGH] I love when your brain goes, I'm going on a break. 127 127 00:07:02,149 --> 00:07:03,194 >> That's right. 128 128 00:07:03,194 --> 00:07:05,357 I don't care where you're going but I won't be there when you get there [LAUGH]. 129 129 00:07:05,357 --> 00:07:06,868 >> I'll be here cooking with a smile out. 130 130 00:07:06,868 --> 00:07:08,498 >> [LAUGH] That's right. 131 131 00:07:08,498 --> 00:07:11,241 So you've probably seen one of these before, right? 132 132 00:07:11,241 --> 00:07:14,586 This is a typical type of phishing scam where somebody sends you something that 133 133 00:07:14,586 --> 00:07:17,788 looks like it's coming from an authorized or an authoritative location. 134 134 00:07:17,788 --> 00:07:21,247 We just used an example of iTunes, and by the way, iTunes, it's safe, 135 135 00:07:21,247 --> 00:07:24,766 we're not picking on Apple, these are just the avenues and the methods, 136 136 00:07:24,766 --> 00:07:25,921 right, that they use. 137 137 00:07:25,921 --> 00:07:29,952 The attack vector, if you will, being, hey, this is coming in via email, right? 138 138 00:07:29,952 --> 00:07:34,841 And we're basically trying to trick you into giving us credentials 139 139 00:07:34,841 --> 00:07:37,077 to your cloud based platform. 140 140 00:07:37,077 --> 00:07:41,412 >> Yeah, back when I worked Helpdesk, back when dinosaurs roamed the earth, I had 141 141 00:07:41,412 --> 00:07:45,836 a guy, he was getting a malware installed, my antivirus system was going crazy. 142 142 00:07:45,836 --> 00:07:48,892 He said, yeah, I got this email from DHL that said I had a package ready. 143 143 00:07:48,892 --> 00:07:51,494 I said, do you have a package that you're expecting from DHL? 144 144 00:07:51,494 --> 00:07:52,302 He said, no. 145 145 00:07:52,302 --> 00:07:53,876 >> [LAUGH] >> So 146 146 00:07:53,876 --> 00:07:57,155 why would they be telling you that you have a package ready if you don't? 147 147 00:07:57,155 --> 00:07:59,412 >> He said, I don't know, but I wanted to see what it was. 148 148 00:07:59,412 --> 00:08:01,591 And it was just a fishing length and [CROSSTALK] You click the link, 149 149 00:08:01,591 --> 00:08:02,551 it was installing malware. 150 150 00:08:02,551 --> 00:08:08,340 So you might not be itunes, you might not be DHL you might not be Fedex. 151 151 00:08:08,340 --> 00:08:09,561 That's the whole idea behind this. 152 152 00:08:09,561 --> 00:08:11,084 Right? It's [CROSSTALK] Absolutely use it as 153 153 00:08:11,084 --> 00:08:11,591 camouflage. 154 154 00:08:11,591 --> 00:08:12,290 Get somebody click on. 155 155 00:08:12,290 --> 00:08:13,071 That's right. 156 156 00:08:13,071 --> 00:08:14,924 A lot of people don't hover over these links and 157 157 00:08:14,924 --> 00:08:17,251 realize that these links don't lead to anywhere in Apple. 158 158 00:08:17,251 --> 00:08:19,231 They lead to some other Gmail account or 159 159 00:08:19,231 --> 00:08:22,111 some kind of just recently made yahoo account right now. 160 160 00:08:22,111 --> 00:08:27,351 So when we look at vishing alright vishing is just again this is a voice over IP. 161 161 00:08:27,351 --> 00:08:28,271 Type of attack right? 162 162 00:08:28,271 --> 00:08:30,801 We're trying to gain information out of a voice over IP. 163 163 00:08:30,801 --> 00:08:32,176 Or even by phone. 164 164 00:08:32,176 --> 00:08:33,611 It could be a hoax right? 165 165 00:08:33,611 --> 00:08:35,482 Somebody calling you on the phone saying hey and 166 166 00:08:35,482 --> 00:08:38,617 unfortunately this does happen saying hey your relative just got in an accident 167 167 00:08:38,617 --> 00:08:40,131 there sitting in the emergency room. 168 168 00:08:40,131 --> 00:08:43,710 They need 1200 bucks to be able to take care of them, right? 169 169 00:08:43,710 --> 00:08:47,670 They play on the urgency, they play on your heart, pull your heart strings and 170 170 00:08:47,670 --> 00:08:49,637 try to get money out of you that way. 171 171 00:08:49,637 --> 00:08:53,171 We talked about smashing, right, skirmishing again. 172 172 00:08:53,171 --> 00:08:54,580 Think of SmS. 173 173 00:08:54,580 --> 00:08:57,940 It's a phishing scam, but it's through SMS text messages, right? 174 174 00:08:57,940 --> 00:09:02,604 In fact, one of our entertainers about a couple weeks back received a text message 175 175 00:09:02,604 --> 00:09:06,933 from the United States Postal Service saying there was something wrong with 176 176 00:09:06,933 --> 00:09:11,194 the shipment and they needed to contact or get some contact information and 177 177 00:09:11,194 --> 00:09:12,640 click the link. 178 178 00:09:12,640 --> 00:09:16,164 The United States Postal Service is not gonna be emailing or texting you 179 179 00:09:16,164 --> 00:09:20,217 personally to let you know that they've done something wrong with your package or 180 180 00:09:20,217 --> 00:09:21,821 something that's happening. 181 181 00:09:21,821 --> 00:09:24,910 So that should be a clear indicator that it might seem urgent. 182 182 00:09:24,910 --> 00:09:28,611 You might trust it the authority over it, but it's not valid. 183 183 00:09:28,611 --> 00:09:31,531 >> I mean, the United States Postal Service is a hard time just getting you 184 184 00:09:31,531 --> 00:09:32,172 your package. 185 185 00:09:32,172 --> 00:09:34,386 >> [LAUGH] >> They're not going out of their 186 186 00:09:34,386 --> 00:09:37,030 way to text you personally, you know, something's ready. 187 187 00:09:37,030 --> 00:09:37,711 >> Yeah, sure. 188 188 00:09:37,711 --> 00:09:41,555 And you know, it goes back to the end user that you were supporting dan, you know, 189 189 00:09:41,555 --> 00:09:44,789 they just don't know that's why users on awareness is one of the very 190 190 00:09:44,789 --> 00:09:46,580 first methods and layer of defense. 191 191 00:09:46,580 --> 00:09:51,612 I know dan's done some security user awareness training here, I know helped set 192 192 00:09:51,612 --> 00:09:56,348 that up and we do it here to make people aware that this is a very real threat and 193 193 00:09:56,348 --> 00:10:00,070 it's a very real attack vector that you need to be aware of. 194 194 00:10:00,070 --> 00:10:03,750 Now, spearfishing, you're going to notice something that looks the same, right? 195 195 00:10:03,750 --> 00:10:05,001 It's a phishing scam. 196 196 00:10:05,001 --> 00:10:09,704 But now who we're going after is a little bit different in a phishing scam, 197 197 00:10:09,704 --> 00:10:11,890 it's spam, it's just blanket. 198 198 00:10:11,890 --> 00:10:13,900 We're just gonna throw a big old net out there. 199 199 00:10:13,900 --> 00:10:16,870 I think I got that, I'm gonna steal dance term here, 200 200 00:10:16,870 --> 00:10:19,261 throw that net out there as wide as you can. 201 201 00:10:19,261 --> 00:10:21,270 Just get as many people as you can. 202 202 00:10:21,270 --> 00:10:24,269 All right, spear phishing attack is a little bit different because now it's 203 203 00:10:24,269 --> 00:10:25,061 a targeted attack. 204 204 00:10:25,061 --> 00:10:29,551 Now we know that dan works for X, y, Z company and he's the admin and we also 205 205 00:10:29,551 --> 00:10:34,115 see some other people here that are having to log into the specific portal and 206 206 00:10:34,115 --> 00:10:36,271 we know they work for this company. 207 207 00:10:36,271 --> 00:10:39,108 So we're gonna set just the people within that company, 208 208 00:10:39,108 --> 00:10:43,021 a bunch of these type of phishing attacks and again, it's a targeted attack. 209 209 00:10:43,021 --> 00:10:47,271 It's really the only thing they're going after that specific company instead of 210 210 00:10:47,271 --> 00:10:50,430 just saying, hey, whatever I get his grades, I like them. 211 211 00:10:50,430 --> 00:10:53,440 I think they got some money or they gotta something I'm going to go after. 212 212 00:10:53,440 --> 00:10:57,049 Absolutely target the most, definitely not just blanketing the entire email 213 213 00:10:57,049 --> 00:11:00,231 infrastructure, but an actual attack against a specific company. 214 214 00:11:00,231 --> 00:11:02,260 Now you're gonna notice whaling here? 215 215 00:11:02,260 --> 00:11:02,981 Well, that's a boy. 216 216 00:11:02,981 --> 00:11:06,061 We're getting a lot of re use out of this phishing email here because the difference 217 217 00:11:06,061 --> 00:11:07,741 between this, it's still a phishing scam. 218 218 00:11:07,741 --> 00:11:10,101 But now what you're doing is you are targeting the big fish. 219 219 00:11:10,101 --> 00:11:11,210 Hence the term whaling. 220 220 00:11:11,210 --> 00:11:15,209 We're looking for the people that most or probably have some of the higher level 221 221 00:11:15,209 --> 00:11:18,441 of authority within their company and we're going after them. 222 222 00:11:18,441 --> 00:11:22,552 So for instance, somebody doing an attack that a phishing attack that here at I 223 223 00:11:22,552 --> 00:11:25,792 t pro TV, that's maybe targeting things like for instance, 224 224 00:11:25,792 --> 00:11:28,431 maybe Tim broom our owner or don possessed right? 225 225 00:11:28,431 --> 00:11:29,570 Our co founder, right? 226 226 00:11:29,570 --> 00:11:34,077 The higher ups in the organization because they have a potential to have access to 227 227 00:11:34,077 --> 00:11:36,480 maybe more than the average user, right? 228 228 00:11:36,480 --> 00:11:40,540 Imagine getting access to as ceos inbox, right? 229 229 00:11:40,540 --> 00:11:42,945 You're going to have probably a plethora, 230 230 00:11:42,945 --> 00:11:47,041 I just want to be able to say platform, great information as a hacker. 231 231 00:11:47,041 --> 00:11:50,170 You see this a lot with business email compromise or B E C. 232 232 00:11:50,170 --> 00:11:54,170 They go after the whales because they do have that authority and access. 233 233 00:11:54,170 --> 00:11:58,079 Now if I can take over their account or maybe impersonate them in some way, 234 234 00:11:58,079 --> 00:12:01,986 shape or form that I can say, hey, transfer some funds to such and such and 235 235 00:12:01,986 --> 00:12:04,281 whomever just goes, it's the boss. 236 236 00:12:04,281 --> 00:12:04,950 Just do it. 237 237 00:12:04,950 --> 00:12:06,330 Yeah. And there You go. 238 238 00:12:06,330 --> 00:12:07,228 Yeah. And you know, 239 239 00:12:07,228 --> 00:12:09,270 we're mentioning some of these terms they call that. 240 240 00:12:09,270 --> 00:12:11,381 Is that the principles for success? 241 241 00:12:11,381 --> 00:12:13,189 Right? Why are these phishing scams 242 242 00:12:13,189 --> 00:12:14,500 success successful? 243 243 00:12:14,500 --> 00:12:15,730 Well, there's urgency. 244 244 00:12:15,730 --> 00:12:16,950 You gotta do it now. 245 245 00:12:16,950 --> 00:12:19,816 They're scarcity 30 seconds before it times out and 246 246 00:12:19,816 --> 00:12:22,340 you're never gonna have access to it again. 247 247 00:12:22,340 --> 00:12:25,647 I don't know if I mentioned authority coming from somebody that looks like 248 248 00:12:25,647 --> 00:12:26,441 the ceo, man. 249 249 00:12:26,441 --> 00:12:29,623 You know what tim's telling me, I need to send him my some information or 250 250 00:12:29,623 --> 00:12:31,961 credit card number because he needs to buy something. 251 251 00:12:31,961 --> 00:12:33,301 Well, that's authority, Right? 252 252 00:12:33,301 --> 00:12:34,100 That's trust. 253 253 00:12:34,100 --> 00:12:34,650 Right? And 254 254 00:12:34,650 --> 00:12:38,398 that's one of the reasons, one of quite a few reasons really 255 255 00:12:38,398 --> 00:12:42,170 that these social engineering attacks are are successful. 256 256 00:12:42,170 --> 00:12:46,731 >> Let's move on to some other types of techniques that we might see when it 257 257 00:12:46,731 --> 00:12:48,800 comes to using social engines. 258 258 00:12:48,800 --> 00:12:49,361 Sure. 259 259 00:12:49,361 --> 00:12:53,089 So we did mention there was a couple more and you ladies and gentlemen out there, 260 260 00:12:53,089 --> 00:12:57,001 you're smart crowd, you've seen this probably if even if you haven't been in I. 261 261 00:12:57,001 --> 00:12:59,029 T. You've probably opened email once or 262 262 00:12:59,029 --> 00:13:00,451 twice and you've seen the span. 263 263 00:13:00,451 --> 00:13:01,891 So we're not gonna harp on that one too much. 264 264 00:13:01,891 --> 00:13:05,433 But understand that in a phishing attack where they're blanketing everybody, 265 265 00:13:05,433 --> 00:13:08,973 they're casting the net spam is typically going to be the way that they're going 266 266 00:13:08,973 --> 00:13:09,511 to do that. 267 267 00:13:09,511 --> 00:13:11,541 And again remember spam and spam. 268 268 00:13:11,541 --> 00:13:13,527 Right. One is just gonna be a flooding of emails, 269 269 00:13:13,527 --> 00:13:16,523 the other one's just gonna be a flooding of sMS messages, right? 270 270 00:13:16,523 --> 00:13:22,150 You know, just to try to again scrape some of that, that very important information. 271 271 00:13:22,150 --> 00:13:23,061 But what about farming? 272 272 00:13:23,061 --> 00:13:26,342 This this seems to have gone up in populated here in the recent past and 273 273 00:13:26,342 --> 00:13:28,120 explain a little bit about farming. 274 274 00:13:28,120 --> 00:13:31,920 Sure farming is typically there's gonna be some kind of manipulation of the DNS 275 275 00:13:31,920 --> 00:13:34,940 infrastructure and we'll talk about DNS a little bit later. 276 276 00:13:34,940 --> 00:13:40,590 Just bear, just real basically remember what DNS does I type in a name, www. 277 277 00:13:40,590 --> 00:13:43,760 My website dot com and it goes over to the internet. 278 278 00:13:43,760 --> 00:13:45,401 DNS resolves it to an I. 279 279 00:13:45,401 --> 00:13:46,931 P. Address and my browser connection. 280 280 00:13:46,931 --> 00:13:48,540 That's all I have to do. 281 281 00:13:48,540 --> 00:13:50,341 If I can put a bad response. 282 282 00:13:50,341 --> 00:13:51,411 Let me show you what I mean here. 283 283 00:13:51,411 --> 00:13:58,450 If I can put a bad response in that with that DNS request and I can tell you that. 284 284 00:13:58,450 --> 00:14:01,691 Yeah my website goes to and it's a malicious I. 285 285 00:14:01,691 --> 00:14:02,510 P. 286 286 00:14:02,510 --> 00:14:05,180 Then what we can do is we can tell all of the people for 287 287 00:14:05,180 --> 00:14:07,680 instance that are logging into this web site. 288 288 00:14:07,680 --> 00:14:10,540 They think they're logging into my bank dot net. 289 289 00:14:10,540 --> 00:14:12,495 Right. Some kind of banking application, 290 290 00:14:12,495 --> 00:14:16,140 they're actually being redirected to a malicious website that may be spoofed it. 291 291 00:14:16,140 --> 00:14:18,421 And what they're doing is they're farming. 292 292 00:14:18,421 --> 00:14:22,552 If you can see it's kind of like bringing everybody in to try to gain all of 293 293 00:14:22,552 --> 00:14:26,520 their gain, a whole bunch of just sensitive information from them. 294 294 00:14:26,520 --> 00:14:30,944 Watering hole attacks and another one that has come up quite recently, actually very, 295 295 00:14:30,944 --> 00:14:31,731 very popular. 296 296 00:14:31,731 --> 00:14:33,440 If you can pull it off, it's very devastating. 297 297 00:14:33,440 --> 00:14:33,991 Sure. 298 298 00:14:33,991 --> 00:14:37,671 So, you know, the waterhole attack again, when we talk about farming, right? 299 299 00:14:37,671 --> 00:14:41,254 One of the things that you might do in a farming attack, as you might find out by, 300 300 00:14:41,254 --> 00:14:42,830 hey, where's everybody going? 301 301 00:14:42,830 --> 00:14:45,651 If I can spoof one website, what should I spoof? 302 302 00:14:45,651 --> 00:14:48,140 Well, let's look at where all the employees are going. 303 303 00:14:48,140 --> 00:14:50,151 That's where, where they're all coming to. 304 304 00:14:50,151 --> 00:14:54,918 And if we can make, you know, exploit some vulnerability in that web application 305 305 00:14:54,918 --> 00:14:59,300 then, since everybody's going there, take of a watering hole, right? 306 306 00:14:59,300 --> 00:15:01,216 Think about the watering hole attack, 307 307 00:15:01,216 --> 00:15:03,847 where they always think of the Nile crocs, right? 308 308 00:15:03,847 --> 00:15:07,561 Everybody all the wildebeest, they're all coming down to one location. 309 309 00:15:07,561 --> 00:15:09,720 Well why are the Nile crocs there? 310 310 00:15:09,720 --> 00:15:11,923 They know everybody is going to have to come down and get a drink and 311 311 00:15:11,923 --> 00:15:13,901 when they mount an attack, it's going to be successful. 312 312 00:15:13,901 --> 00:15:16,540 And for them it's gonna be lunch for our Attackers. 313 313 00:15:16,540 --> 00:15:20,136 It means that they're gonna probably do something like maybe even credential 314 314 00:15:20,136 --> 00:15:23,132 harvesting, where they're gonna get all of this information, 315 315 00:15:23,132 --> 00:15:26,455 start out with a waterhole watering hole attack, bring everybody in and 316 316 00:15:26,455 --> 00:15:30,017 as everybody starts logging into what they think is the legitimate website. 317 317 00:15:30,017 --> 00:15:34,315 It's actually a malicious website and they're storing all those credentials may 318 318 00:15:34,315 --> 00:15:38,051 be to sell them later on the dark web, and make some money on them dan you, 319 319 00:15:38,051 --> 00:15:41,271 I think you were telling me that that's become quite a trend. 320 320 00:15:41,271 --> 00:15:44,178 Almost like hacking as a service where hey, if I can get in and 321 321 00:15:44,178 --> 00:15:47,826 get these large pools of credentials, we go out to the dark web and we can just 322 322 00:15:47,826 --> 00:15:51,722 sell the credentials and make money and I don't even have to attack anything. 323 323 00:15:51,722 --> 00:15:54,257 >> Yeah. Hey, if you get people want something, 324 324 00:15:54,257 --> 00:15:57,572 there's gonna be a supply and demand kind of thing going on and 325 325 00:15:57,572 --> 00:16:01,674 people will be able to make a little bit of money off that now that being said. 326 326 00:16:01,674 --> 00:16:05,799 There are some really tricky mechanisms that are being used by these threat actors 327 327 00:16:05,799 --> 00:16:07,790 to pull off these social engineering. 328 328 00:16:07,790 --> 00:16:11,118 Because we all know you look at links, you verify that email, 329 329 00:16:11,118 --> 00:16:12,400 are their U R L address. 330 330 00:16:12,400 --> 00:16:14,987 Should I say before you click on those links and 331 331 00:16:14,987 --> 00:16:18,520 if you click on them at all right, that might not be a good idea. 332 332 00:16:18,520 --> 00:16:24,130 How do they get away with clicking or making it look legitimate for an end user? 333 333 00:16:24,130 --> 00:16:27,409 >> Well, one of the ways I think of Don here is something that you've probably 334 334 00:16:27,409 --> 00:16:29,349 seen and maybe even done if you type like me. 335 335 00:16:29,349 --> 00:16:32,558 And as you follow us along through this series, you'll see how bad I type and 336 336 00:16:32,558 --> 00:16:34,490 that's something known as typo squatting. 337 337 00:16:34,490 --> 00:16:37,694 If you've ever typed maybe something like this where 338 338 00:16:37,694 --> 00:16:40,130 you typed google quite a little bit off. 339 339 00:16:40,130 --> 00:16:43,363 Well, google's got really good at a lot of the major websites that you go 340 340 00:16:43,363 --> 00:16:45,961 to have got a really good about buying these names as well. 341 341 00:16:45,961 --> 00:16:48,687 But earlier on there was no guarantee that when you typed 342 342 00:16:48,687 --> 00:16:51,761 something like google with too many os that it would take you and 343 343 00:16:51,761 --> 00:16:54,261 redirect you to an actual legitimate google site. 344 344 00:16:54,261 --> 00:16:57,878 It could redirect you to somebody's malicious website where they can do for 345 345 00:16:57,878 --> 00:17:00,093 whatever nefarious purpose they're doing. 346 346 00:17:00,093 --> 00:17:03,939 But they could maybe do drive by, download and get some malicious code on your 347 347 00:17:03,939 --> 00:17:07,271 network or on your devices and maybe your network by association. 348 348 00:17:07,271 --> 00:17:11,075 So type of squatting is exactly what it sounds like, it's a little, 349 349 00:17:11,075 --> 00:17:12,670 spelling errors on the U R L. 350 350 00:17:12,670 --> 00:17:16,641 Also U R L squatting if you will to that leads you to a malicious site when you 351 351 00:17:16,641 --> 00:17:20,119 think you were gonna supposed to go to some legitimate website. 352 352 00:17:20,119 --> 00:17:24,204 >> Awesome, now, I know you've got a few other techniques for us really quickly, 353 353 00:17:24,204 --> 00:17:25,145 like physical >> Sure 354 354 00:17:25,145 --> 00:17:26,891 >> Of social engineering techniques. 355 355 00:17:26,891 --> 00:17:27,470 What were they? 356 356 00:17:27,470 --> 00:17:30,481 >> Absolutely, so I know we're running a little bit short on time here. 357 357 00:17:30,481 --> 00:17:33,459 So let's just talk about some of the physical techniques that he Don 358 358 00:17:33,459 --> 00:17:34,304 mentioning here. 359 359 00:17:34,304 --> 00:17:36,923 I mentioned or I think about things like dumpster diving, 360 360 00:17:36,923 --> 00:17:38,540 you have to be in the physical area. 361 361 00:17:38,540 --> 00:17:41,933 We think of those desk calendars, any calendar gets thrown away, 362 362 00:17:41,933 --> 00:17:45,388 little post it notes that end up in the dumpster people go through and 363 363 00:17:45,388 --> 00:17:47,713 they can actually scrape that information. 364 364 00:17:47,713 --> 00:17:49,555 And maybe maybe gain things like P Ii or 365 365 00:17:49,555 --> 00:17:51,820 use that information to attack your network. 366 366 00:17:51,820 --> 00:17:53,474 Other things are shoulder surfing, 367 367 00:17:53,474 --> 00:17:55,722 shoulder surfing is exactly what it sounds like. 368 368 00:17:55,722 --> 00:17:59,648 Looking over your shoulder maybe to try to glean what you're typing into, whatever it 369 369 00:17:59,648 --> 00:18:03,384 is that you're working on, whatever application it is that you're working on. 370 370 00:18:03,384 --> 00:18:06,892 Tailgating or piggyback attack is where you have one authorized person that 371 371 00:18:06,892 --> 00:18:10,040 authenticates and two people make their way through the entry. 372 372 00:18:10,040 --> 00:18:13,455 That's where we have, you probably see things like man traps and 373 373 00:18:13,455 --> 00:18:14,521 turnstiles right? 374 374 00:18:14,521 --> 00:18:16,137 Where it rotates and locks and 375 375 00:18:16,137 --> 00:18:19,660 the next person's gotta authenticate that it rotates again. 376 376 00:18:19,660 --> 00:18:22,261 Well that's a way to prevent these tailgating attacks. 377 377 00:18:22,261 --> 00:18:26,688 So tailgating attacks again are just those attacks where one authentication, 378 378 00:18:26,688 --> 00:18:30,796 two people are making their way through, usually an unauthorized user. 379 379 00:18:30,796 --> 00:18:35,249 And then pretexting, pretexting is one of these things where it's more of a, hey, 380 380 00:18:35,249 --> 00:18:39,472 we're gonna have some kind of pre thought of story and we're going to tell you. 381 381 00:18:39,472 --> 00:18:42,245 For instance when we say hey your son Bill, 382 382 00:18:42,245 --> 00:18:47,111 whatever was just in a car accident, right and you need to send this money. 383 383 00:18:47,111 --> 00:18:49,701 I've already come up with that story in my mind and 384 384 00:18:49,701 --> 00:18:53,781 kind of again pretext it pre scripted it if you will before I even talked to you. 385 385 00:18:53,781 --> 00:18:55,781 So those are some of the physical techniques and 386 386 00:18:55,781 --> 00:18:58,531 there's just a couple of little outliers that I want to mention. 387 387 00:18:58,531 --> 00:19:02,462 Things like invoice scams that make it look like you've purchased something and 388 388 00:19:02,462 --> 00:19:03,228 you haven't. 389 389 00:19:03,228 --> 00:19:07,386 And they want you to click on a link there if you will to try to solve the problem by 390 390 00:19:07,386 --> 00:19:10,734 entering your credentials and now they scrape those from you. 391 391 00:19:10,734 --> 00:19:11,574 And then a hoax, 392 392 00:19:11,574 --> 00:19:15,534 hoax if you will is again just like any misleading information sometimes maybe 393 393 00:19:15,534 --> 00:19:19,270 doesn't directly cause harm but can be more of a nuisance than anything. 394 394 00:19:19,270 --> 00:19:23,000 And the last one I would say is gonna be prepending and prepending attack. 395 395 00:19:23,000 --> 00:19:26,694 Some of the examples that I've seen before is where you modify and 396 396 00:19:26,694 --> 00:19:30,601 put information in front of URL and it modifies where it takes you to. 397 397 00:19:30,601 --> 00:19:33,498 So again just other types of attacks that you need to be aware of 398 398 00:19:33,498 --> 00:19:35,300 when it comes to Social Engineering. 399 399 00:19:35,300 --> 00:19:39,320 >> Well there you go now you can understand why social engineering might be 400 400 00:19:39,320 --> 00:19:43,078 such a popular avenue of attack for those threat actors out there. 401 401 00:19:43,078 --> 00:19:46,780 Because well it gets to this machine and not this machine so much. 402 402 00:19:46,780 --> 00:19:50,265 And we are unfortunately a lot of times the weakest links in and 403 403 00:19:50,265 --> 00:19:54,085 that's just because we need to understand how these things work and 404 404 00:19:54,085 --> 00:19:56,242 a lot of times is just all down to that. 405 405 00:19:56,242 --> 00:19:58,908 That being said great stuff here learned all about Social 406 406 00:19:58,908 --> 00:20:02,641 engineering physical social engineering attacks, principles of security. 407 407 00:20:02,641 --> 00:20:05,610 Great stuff more to come in the Security Plus series though. 408 408 00:20:05,610 --> 00:20:08,639 So be sure to stick around for that, as for this episode we're gonna 409 409 00:20:08,639 --> 00:20:11,471 call it a day, thanks for watching, we'll see you next time. 410 410 00:20:13,160 --> 00:20:15,852 Thank you for watching, IT Pro Tv. 411 411 00:20:15,852 --> 00:20:16,881 [BLANK_AUDIO]40507