The Science and Methodology Behind Social Engineering – Social Engineering getting stronger and being exploited at larger scale compare to time before AI & ML (Jargons for Artificial Intelligence & Machine Learning). With the help of ML social engineering is now becoming super easy as machines are doing all the dirty work to serve the phishing and learn back again from the behaviour. By using big jargons like AI (Artificial Intelligence) and ML(Machine Learning) of today’s time smartness getting turned to evil mindset.
Social Engineering is now the ability to build to meet the needs of dark world at a rapid pace. Over the last few years, we have witnessed an unprecedented change in how the world interacts with internet and how frauds occurs. This change has been led by the ability to take and make phishing at an unprecedented speed and scale.
Social Engineering – The actual meaning of this jargon in the dictionary is this “the use of centralized planning in an attempt to manage social change and regulate the future development and behavior of a society”. But in todays time the cyber world has changed it total in the context of information security. In InfoSec it’s more of deception to manipulate individuals. Promoting ill intent contents to divulge confidential and personal information and use the information for personal gain. Be aware it can come as Phishing direct or spear phishing, sms channel called as smishing, msm- mining social media, voice channel vishing, and many more. Even a voice call can drag you to payment counter to pay the fraudster.
InfoSecurity awareness advocates trying hard to shares insights and examples of mental manipulation in everyday life, at the same time threat hunting professionals are still not able to arrest enough. As the tactics used by tricky and sophisticated social engineers in online scams ascending at large scale. Privacy and Information security in innovative digital era is becoming almost impossible. Some of the reasons info-security is becoming more important includes; card fraud losses incurred by banks worldwide runs into billions of dollars with estimates of over US$15billion. E-Commerce growth with Card Not Present (CNP) transactions now exceed $2 trillion and rapidly increasing and average costs of Data Breach is increasing.
Each time there is a breach, the direct and indirect loss of affected financial institution is increasing and it starts with just clicking a wrong email or icon. How can we make sure that social engineering does not become an art of manipulating people to gain their confidential information, rather make it a tool to prevent the same. We should know who and what to trust in a crystal clear manner. So let’ make sure we get email from friend and not from foe.
What is Important – Security OR Innovation
People who take the innovation at higher level then security always get infected with malicious software attacks at all times. Social engineering experts knows very well, how to exploits such groups and their contacts. Some one getting email from friend who has lost the wallet and a baggage and needs money from you , what would you do?
- Information security should be a culture across the Organization, not an add-on requirement.
- Strong security culture is both a mindset and mode of operation. One that’s integrated into day-to-day thinking and decision-making can make for a near-impenetrable operation. Conversely, a security culture that’s absent will facilitate uncertainty and, ultimately, lead to security incidents that likely can’t afford to take on.
- It all starts at the top. Executive management that’s interested in fostering a positive security culture — and does so without fail — is mandatory if the risks of a breach are to be minimised.
- Innovation starts in a secure environment and not the other way round.
There are literally millions of flavors of social engineering attacks and same numbers get added everyday.. The only way to limit the these evil intent socially engineer is through exploiting the criminal’s imaginations in an ethical way.
AI Capability for CyberSecurity – As a Guard and a Terminator
In this era of artificial intelligence, Social engineering professional have become more smarter and throw open challenge to any cybersecurity state as on date which is too much vulnerable. Now when Artificial Intelligence powers the social engineering it gets to a real turning point.
Deploy AI and machine learning-based tech to help comes with a number of substantial benefits. These benefits help and prepare cybersecurity professionals for taking on attacks and safeguarding the enterprise.. With these helps tasks like policy enforcement, blocking malicious files and IPs, and protecting against phishing attacks. Machine learning won’t replace human intelligence rather should not be aimed for as well. These technologies can be used to automate and speed up security operations and repetitive tasks, according to the release.
Data Mining for Intrusion prevention and action in real time can be done to avoid misuse detection. Predictive models should be built from labelled data sets i.e for instance labelling data as “normal” or “intrusive”. Action required on top of these rules.
Catch my NI (natural intelligence)
or catch meis now a old phenomena , the new one Catch my AI (artificial intelligence) or catch my links is the new challenge
These models can deliver more sophisticated and precise solutions than manually created signatures based rules. Then challenge our self where we are unable to detect attacks whose instances have not yet been observed should become part of machine learning and on the fly building the same.
Food for Thought
In order to not to be a victim of such social engineering deals the solution is simple (upto big extent), – Slow down, remember every offer from a foreigner or foreign companies are scam (until you know them as a friend or have done good research and have had good discussions). Read-Research-Evaluate
- Tokenisation – Key to Payment Security
- Dont let a link to control you and your activities on internet
- Tokenisation is an integral technology for every merchant, along with EMV and PCI-validated point-to-point encryption (P2PE).
- Tokenisation enables merchants and enterprises to safely “store” cardholder data at rest for use in future transactions. Tokenisation, like P2PE, effectively renders the data useless to hackers.
- P2PE protects data in transit by encrypting cardholder data upon a point of entry in the retail device. Encrypting card data upon entry prevents the data from being available in the enterprise or merchant’s system as “clear-text” where it could be exposed in the event of a data breach.
- Artificial Intelligence – Patterns
- Machine Learning – To detect password typing behaviour.
Most of SECaaS integrate their services service seekers existing infrastructure or deploy hybrid environments for use of a mix of cloud and on-premise resources.
Points to Note:
All credits if any remains on the original contributor only. AI – a bundle of emerging technology is here which is powering every single business. AI is going to stay disrupt every business life. When AI will meet quantum computing for a friendly handshake that explosion would be a blessing to see. Number stats took from Webroot.
Books + Other readings Referred
- Open Internet, research papers & Conferences.
- Hands on personal research work @AILabPage
Do you have any questions about CyberSecurity Intelligence where AI is an integral part of it? Leave a comment or ask your question in the comments section below. Will try my best to answer it.
Conclusion – Phishing has evolved. Hackers are angling our information, traces on web and the data so the question is how to protect ourself? In today’s social engineering world where money has been reduced to just a binary data hence access to information/data is as good as access to cash. The advent of e-money is touted for having provided convenience being able to access money anywhere at any time. It has also opened many access points compared to the gold and silver that would only require physical security. Unauthorised access to e-money can be by anyone and anywhere at any time. Therefore, information security is everyone’s responsibility. For instance, bitcoin is the best example of a binary form of money or money as data. Which means more reason for info-security and encrypting data at every entry/exit to prevents the data from being available in the enterprise or merchant’s system as “clear-text” where it could be exposed in the event of a data breach.
====================== About the Author =================================
Read about Author at: About Me
Thank you all, for spending your time reading this post. Please share your feedback / comments / critics / agreements or disagreement. Remark for more details about posts, subjects and relevance please read the disclaimer.
FacebookPage Twitter ContactMe LinkedinPage ==========================================================================