Cybersecurity and Social Engineering Attacks

cybersecurity security and p4 programmable n.w
1 / 17
Embed
Share

"Exploring the dangers of social engineering attacks in cybersecurity, including phishing emails, credentials harvesting, and impersonation techniques used to deceive individuals. Learn how technology is not always necessary for these malicious tactics to succeed."

  • Cybersecurity
  • Social engineering
  • Phishing emails
  • Credentials harvesting
rayaanacharya
mbodn Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Cybersecurity (Security+) and P4 Programmable Switches Social Engineering Attacks Elie Kfoury, Jorge Crichigno University of South Carolina http://ce.sc.edu/cyberinfra Western Academy Support and Training Center (WASTC) University of South Carolina (USC) Energy Sciences Network (ESnet) June 20th, 2023 1

  2. Outline Social engineering attacks definition Social engineering techniques Phishing emails Credentials harvesting Reverse shell 2

  3. Social Engineering Technology is not always needed for attacks on IT Social engineering gathers information by relying on the weaknesses of individuals It relies on the psychological approaches to persuade a victim 3

  4. Social Engineering Technology is not always needed for attacks on IT Social engineering gathers information by relying on the weaknesses of individuals It relies on the psychological approaches to persuade a victim 4 Ciampa, Mark. CompTIA security+ guide to network security fundamentals. Cengage Learning, 2021.

  5. Social Engineering Impersonation Masquerade as a real or fictitious character Play out the role of that person on a victim Impersonated parties include IT support, manager, trusted third party Phishing Sending (millions) email claiming to be from legitimate source Trick user into giving private info: password, credit card number, etc. Variation of phishing attacks Pharming: automatically redirects the user to the fake site Spear phishing: targets only specific users; emails are customized Whaling: spear phishing targeting bigfish, (wealthy individuals) Vishing: Instead of using email, a phone call can be used instead (voice phishing) 5

  6. Phishing Emails Phishing emails are hard to distinguish from legitimate ones Attacker uses logos and colors identical to those provided by a legitimate entity 6 https://www.newcmi.com/blog/tips-for-detecting-a-phishing-email

  7. Credentials Harvesting Gathering sensitive user credentials, such as usernames and passwords, with the intent of unauthorized access to systems or accounts

  8. Credentials Harvesting Gathering sensitive user credentials, such as usernames and passwords, with the intent of unauthorized access to systems or accounts http://216.0.0.10 Host HTML on attacker s server www.facebook.com Clone HTML Attacker 8

  9. Credentials Harvesting Gathering sensitive user credentials, such as usernames and passwords, with the intent of unauthorized access to systems or accounts http://216.0.0.10 Host HTML on attacker s server www.facebook.com Victim Clone HTML Send phishing email containing a link to http://216.0.0.10 Attacker 9

  10. Credentials Harvesting Gathering sensitive user credentials, such as usernames and passwords, with the intent of unauthorized access to systems or accounts http://216.0.0.10 Host HTML on attacker s server www.facebook.com email password Credentials Victim Clone HTML Send phishing email containing a link to http://216.0.0.10 Attacker 10

  11. Credentials Harvesting Gathering sensitive user credentials, such as usernames and passwords, with the intent of unauthorized access to systems or accounts http://216.0.0.10 Host HTML on attacker s server www.facebook.com email Forward password email password Credentials Victim Clone HTML Send phishing email containing a link to http://216.0.0.10 Attacker 11

  12. Credentials Harvesting Gathering sensitive user credentials, such as usernames and passwords, with the intent of unauthorized access to systems or accounts http://216.0.0.10 Host HTML on attacker s server www.facebook.com email Forward password email password Credentials Victim Clone HTML Send phishing email containing a link to http://216.0.0.10 Attacker 12

  13. Reverse Shell Attacker establishes a connection from the victim to their own system Gain full shell access to the victim s machine Create malicious payload / Trojan Attacker 13

  14. Reverse Shell Attacker establishes a connection from the victim to their own system Gain full shell access to the victim s machine Create malicious payload / Trojan Attacker Starts listener 216.0.0.10:4444 14

  15. Reverse Shell Attacker establishes a connection from the victim to their own system Gain full shell access to the victim s machine Create malicious payload / Trojan Send email containing malicious payload Attacker Victim Starts listener 216.0.0.10:4444 15

  16. Reverse Shell Attacker establishes a connection from the victim to their own system Gain full shell access to the victim s machine Create malicious payload / Trojan Send email containing malicious payload Attacker Victim Execute payload Starts listener Reverse TCP shell opened to Attacker s machine 216.0.0.10:4444 16

  17. Reverse Shell Attacker establishes a connection from the victim to their own system Gain full shell access to the victim s machine Create malicious payload / Trojan Send email containing malicious payload Attacker Victim Execute payload Starts listener Reverse TCP shell opened to Attacker s machine Execute remote commands on victim s machine (e.g., install backdoor, keylogger, spyware, etc.) 216.0.0.10:4444 17

Related


Types Cyber Attacks: Cyber Security Training Workshop

Types Cyber Attacks: Cyber Security Training Workshop

anara
Adversarial Machine Learning in Cybersecurity: Challenges and Defenses

Adversarial Machine Learning in Cybersecurity: Challenges and Defenses

thirza
Adversarial Machine Learning in Cybersecurity

Adversarial Machine Learning in Cybersecurity

bartholomew
Cybersecurity Career Path Overview

Cybersecurity Career Path Overview

rusty
Managing Covid-19 Cyber and Data Protection Risks

Managing Covid-19 Cyber and Data Protection Risks

kaisen
Mitigation of DMA-based Rowhammer Attacks on ARM

Mitigation of DMA-based Rowhammer Attacks on ARM

baylee
Comprehensive Airport Cybersecurity Quick Guide and Assessment Tool

Comprehensive Airport Cybersecurity Quick Guide and Assessment Tool

emmitt
Cybersecurity Challenges: Attacks on Web Applications and Cost of Security Breaches

Cybersecurity Challenges: Attacks on Web Applications and Cost of Security Breaches

hari
Ensuring Business Security: Cybersecurity Webinar Insights

Ensuring Business Security: Cybersecurity Webinar Insights

amelia
Denial-of-Service Attacks and Defense Strategies

Denial-of-Service Attacks and Defense Strategies

delphi
Network Denial of Service (DoS) Attacks

Network Denial of Service (DoS) Attacks

zahra
Preventing Active Timing Attacks in Low-Latency Anonymous Communication

Preventing Active Timing Attacks in Low-Latency Anonymous Communication

kmike
Strategies to Protect School Systems from Cyber Attacks

Strategies to Protect School Systems from Cyber Attacks

alins
Cybersecurity Workforce Management: Engage, Empower, Elevate

Cybersecurity Workforce Management: Engage, Empower, Elevate

dena835
Cybersecurity and Computer Science Education Projects at UH Maui College

Cybersecurity and Computer Science Education Projects at UH Maui College

karm_14
Shovel-Ready Projects Initiative for Cybersecurity Innovation in Canada

Shovel-Ready Projects Initiative for Cybersecurity Innovation in Canada

aberm
Automated Signature Extraction for High Volume Attacks in Cybersecurity

Automated Signature Extraction for High Volume Attacks in Cybersecurity

klos_k
Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses

Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses

jmora
Network Security Vulnerabilities and Attacks

Network Security Vulnerabilities and Attacks

leyo_5
Machine Learning for Cybersecurity Challenges: Addressing Adversarial Attacks and Interpretable Models

Machine Learning for Cybersecurity Challenges: Addressing Adversarial Attacks and Interpretable Models

mall221
IRIS H2020 Project - Enhancing Cybersecurity for SMART CITIES

IRIS H2020 Project - Enhancing Cybersecurity for SMART CITIES

airt550
Cybersecurity Strategy in Japan - Roles of NISC and Basic Act Overview

Cybersecurity Strategy in Japan - Roles of NISC and Basic Act Overview

athie

More Related Content