Socialni inženiring je skorajda nov koncept, tudi v svetu kibernetske varnosti. Prevare z lažnim predstavljanjem so prisotne že skoraj 30 let, pri čemer napadalci nenehno iščejo nove načine, kako žrtve premamiti, da kliknejo povezavo, prenesejo datoteko ali posredujejo občutljive informacije.
Business email compromise (BEC) attacks iterated on this concept by having the attacker gain access to a legitimate email account and impersonate its owner. Attackers reason that victims won’t question an email that comes from a trusted source — and all too often, they’re right.
But email isn’t the only effective means cybercriminals use to engage in social engineering attacks. Modern businesses rely on a range of digital applications, from cloud services and VPNs to communications tools and financial services. What’s more, these applications are interconnected, so an attacker who can compromise one can compromise others, too. Organizations can’t afford to focus exclusively on phishing and BEC attacks — not when business application compromise (BAC) is on the rise.
Ciljanje na enotno prijavo
Businesses use digital applications because they’re helpful and convenient. In the age of remote work, employees need access to critical tools and resources from a wide range of locations and devices. Applications can streamline workflows, increase access to critical information, and make it easier for employees to do their jobs. An individual department within an organization might use dozens of applications, while thepovprečno podjetje uporablja več kot 200. Unfortunately, security and IT departments don’t always know about — let alone approve of — these applications, making oversight a problem.
Drugo vprašanje je avtentikacija. Ustvarjanje (in zapomnitev) edinstvenih kombinacij uporabniškega imena in gesla je lahko izziv za vsakogar, ki za svoje delo uporablja več deset različnih aplikacij. Uporaba upravitelja gesel je ena od rešitev, vendar jo lahko IT težko uveljavi. Namesto tega veliko podjetij poenostavi svoje postopke preverjanja pristnosti prek rešitev enotne prijave (SSO)., ki zaposlenim omogoča enkratno prijavo v odobren račun za dostop do vseh povezanih aplikacij in storitev. Ker pa storitve SSO uporabnikom omogočajo enostaven dostop do desetin (ali celo sto) poslovnih aplikacij, so za napadalce zelo dragocene tarče. Ponudniki SSO imajo seveda lastne varnostne funkcije in zmožnosti, vendar je človeška napaka še vedno težko rešljiva težava.
Socialni inženiring, razvito
Many applications — and certainly most SSO solutions — have multifactor authentication (MFA). This makes it more difficult for attackers to compromise an account, but it’s certainly not impossible. MFA can be annoying to users, who may have to use it to sign into accounts multiple times a day — leading to impatience and, sometimes, carelessness.
Some MFA solutions require the user to input a code or show their fingerprint. Others simply ask, “Is this you?” The latter, while easier for the user, gives attackers room to operate. An attacker who already obtained a set of user credentials might try to log in multiple times, despite knowing that the account is MFA-protected. By spamming the user’s phone with MFA authentication requests, attackers increase the victim’s alert fatigue. Many victims, upon receiving a deluge of requests, assume IT is attempting to access the account or click “approve” simply to stop the flood of notifications. People are easily annoyed, and attackers are using this to their advantage.
V mnogih pogledih je zaradi tega BAC lažje doseči kot BEC. Nasprotniki, ki se ukvarjajo z BAC, morajo svoje žrtve le prisiliti, da sprejmejo slabo odločitev. Z ciljanjem na ponudnike identitete in SSO lahko napadalci pridobijo dostop do potencialno na desetine različnih aplikacij, vključno s storitvami za kadrovske storitve in obračun plač. Do pogosto uporabljenih aplikacij, kot je Workday, se pogosto dostopa s sistemom SSO, kar napadalcem omogoča, da se vključijo v dejavnosti, kot so neposredni depoziti in goljufije na plačilnih listah, ki lahko usmerijo sredstva neposredno na njihove račune.
This kind of activity can easily go unnoticed — which is why it’s important to have in-network detection tools in place that can identify suspicious behavior, even from an authorized user account. In addition, businesses should prioritize the use of Varnostni ključi Fast Identity Online (FIDO), odporni proti lažnemu predstavljanju
pri uporabi MFA. Če so dejavniki samo FIDO za MFA nerealni, je naslednja najboljša stvar, da onemogočite e-pošto, SMS, glas in časovna enkratna gesla (TOTP) v korist potisnih obvestil, nato pa konfigurirajte pravilnike MFA ali ponudnika identitete, da omejite dostop na upravljane naprave kot dodatno raven varnosti.
Dajanje prednosti preprečevanju BAC
Nedavne Blog Objave raziskave kažejo
that BEC or BAC tactics are used in 51% of all incidents. While lesser known than BEC, successful BAC grants attackers access to a wide range of business and personal applications associated with the account. Social engineering remains a high-return tool for today’s attackers — one that’s evolved alongside the security technologies designed to stop it.
Sodobna podjetja morajo svoje zaposlene izobraževati, jih naučiti, kako prepoznati znake morebitne prevare in kje jo prijaviti. Ker podjetja vsako leto uporabljajo več aplikacij, morajo zaposleni sodelovati z roko v roki s svojimi varnostnimi ekipami, da bi sistemom pomagali ostati zaščiteni pred vedno bolj zvijačnimi napadalci.
- blockchain
- kriptokurrency denarnice
- kripto izmenjava
- kibernetska varnost
- cybercriminals
- Cybersecurity
- Temno branje
- oddelek za domovinsko varnost
- digitalne denarnice
- požarni zid
- Kaspersky
- zlonamerna programska oprema
- Mccafee
- NexBLOC
- platon
- platon ai
- Platonova podatkovna inteligenca
- Igra Platon
- PlatoData
- platogaming
- VPN
- spletna varnost
