Social engineering is one of the modern menaces of online life, and this has been demonstrated by a recent malware attack on a Swedish camera firm.
Axis Communications, who manufacture network and security cameras, are the company at the centre of this recent attack. The organization announced that they had been the victims of what they described as an “IT-related intrusion” and advised that, as a result, they had temporarily closed their public-facing services online. Naturally, the attack caused great disruption to Axis; it also brought to light a number of shortfalls in cyber-security, namely the impact of social engineering.
What is Social Engineering?
Social engineering is a form of hacking which involves using various methods of deception to glean information from the victims. So, for example, an employee who receives an email, from what appears to the organization’s IT department but is from a fake email address, asking for confirmation of their login credentials is a form of social engineering. And these incidents of social engineering don’t have to take place online, simply telling someone your mother’s maiden name – a popular choice for password recovery questions – is another example.
How The Axis Attack Happened
The exact details of the Axis attack are yet to be released as the company are conducting a forensic investigation intoexactly what happened. Nonetheless, they have revealed the following details:
- Several methods of social engineering were used in order to gain access to the Axis network, these were successful despite the presence of security procedures such as multi-factor authentication.
- Advanced hacking techniques were used by the hackers – once they had breached the network – to enhance their credentials and gain high-level access to restricted areas.
- Internal directory services were compromised by this unauthorized access.
- While no ransomware was detected, there was evidence that malware had been downloaded to the Axis network.
Following concerns of suspicious network activity, and the employment of IT security experts, all external connectivity to the Axis network was closed down.
How to Protect Yourself from Social Engineering
It can be difficult to tackle the highly polished social engineering methods employed by hackers, but following the practices below can make a real difference:
- Always Think: slowing down and assessing the situation is crucial when it comes to social engineering. If someone has asked you for sensitive information, such as password details, ask yourself why the need this and what could they do with it? Internal sources – such as managers and IT departments – will never ask for this, so guard your password carefully and, to clarify the situation, speak face-to face with the person who has apparently asked for it.
- Regular Staff Training: it’s important that your staff understand the tell-tale signs of social engineering, so make sure that you arrange regular training/refresher courses to keep their knowledge up to date. After all, social engineering is all about the deception, and identifying this can be difficult. But, with the correct knowledge, your staff should be able to protect themselves and your organization.
For more ways to secure and optimize your business technology, contact your local IT professionals.
Read More