Social engineering and software-based threats

Social engineering is a term used to cover all scenarios where a user is being tricked into handing over access credentials, or performing actions that assist an attacker.

Some examples of social engineering include:

• Phishing attacks – an attacker sends emails purporting to originate from a legitimate business, usually requiring the user to verify account details or log in to a site in order to view some action that has been flagged up; however, the links in these emails direct the victim to a copy of the real website, and their credentials are simply harvested when they attempt to sign in
• Spear phishing attacks – these are similar to the above, except that they are highly targetted. They include information that the victim assumes only privileged users know – maybe recent order details, their address or some other identifying information. These are especially dangerous as users tend to believe the emails because they contain personalised information. The personalised nature of these attacks also helps them evade traditional security measures, such as email scanners.

Software-based threats are those that are the result of malware infection. Malware is malicious software that serves to steal, monitor, spread and inconvenience users. Some example categories are:

• Viruses – software that inserts its code into other programs, and when run, spreads to infect other programs/executes its payload
• Trojans – software that is disguised to look like something beneficial to the user, whereas in reality it is software that causes damage to the user’s system; this could be providing a backdoor to access the machine, to download further malware
• Ransomware – software that encrypts a user’s data and requires the user to purchase a decryption key in order to retrieve their data. The only mitigation against this is to maintain regular backups
• Spyware – software that records what a user is doing and then sends this information on to a third party. It could be recording and monitoring their web-browsing history, key strokes, what software is being used and so on
• Adware – software that bombards the user with pop-up adverts. Whilst not immediately dangerous, the adverts displayed could link to malicious websites or attempt to encourage the user to download and run potentially dangerous software
• Rootkits – rootkits are pieces of software that run with ‘root’ privileges; this typically means they are granted the same priority level as the kernel of the operating system (ring 0). This is problematic as anti-virus software typically runs on ring 1, and therefore is not permitted to view the kernel, as this is protected. The effect of this is that AV software is unable to detect or remove malware running in ring 0. Special tools are required that scan the drive without booting into Windows.