(Author’s Full Name)
Within the ambit of information systems security, Social Engineering refers to the act of manipulating individuals to give up or leak confidential information. It usually involves tricking people (through human interaction) to break into regular security SOPs. Social engineering has become the most widely used and easiest techniques for attacking an information system as it relies on the victim’s innate ability to trust people and naturally, be helpful towards them.
Social Engineering is divided into two broad categories: Human-based and Computer-based. The former involves face-to-face interactions with the victim to retrieve the intended information, such as impersonation, pretending to be an important user, desktop support, shoulder surfing and being a third party. The latter involves the use of computer software to obtain the information required and can widely be used to launch a successful attack against any corporation. Examples of such techniques include:
- Phishing; which involves fake emails or websites created to imitate genuine systems with the objective of obtaining access to confidential data. An authentication message of your login information might appear from any of your trusted website. It can be a mock login page appearing to be legitimate.
- Baiting; involves leaving something the user wants to view to take any action as desired by the criminal. It can be in the form of an online mp3, mp4 or a video downloading link. As the mp3 or video downloads successfully, your computer contains the criminal malware allowing the culprit to obtain access to your system.
- On-line Scams; Spam emails contain attachments that include the codes to malware. These contain worms and Trojans at times. Additional pop-up notifications advertising bonus offers are tempting enough for the users to install malicious programs unintentionally.
Latest Virus attacks and Prevention techniques
The use of hacking and other tools to impart virus and malicious software into other computers is on the rise. Hackers can now obtain sensitive information by simply creating virus, worm and Trojan programs and promoting them online via computer-based social engineering and other mock marketing techniques. Some of the latest and most destructive computer viruses are mentioned below:
- Conficker; this virus was labeled as “Super Worm” by anti-virus companies and was capable of removing financial and other data from the system. It primarily targeted Microsoft Operating Systems in 2008.
- Shamoon; which was discovered in August 2012 and was extensively used for cyber-spying. It effected Windows 9x, Windows NT and Windows me. The attacker spread the virus on hard disk of the computer to accumulate the desired list of files on attacked computers, using the “dropper” function. “Wiper” function is then used to erase the files involved and it creates booting problems by overwriting action.
- Gauss; discovered in June 2012 at a Russian lab, this virus was intentionally developed and launched in cyberspace to steal data from banks operating primarily in the Middle East. It is also capable of affecting USB drives in normal PCs.
- Belgian; is the regarded as the worst computer virus and can spread through spam emails or hacked/mocked web pages. Discovered by another Russian lab in 2012, it is capable of locking the victim computers and then asks for a certain sum of money to unlock the data. This global virus has the potential to gain remote access to computers all over the world to track files and launch the malware when Windows (its prime target) gets started.
- Flame; uses Bluetooth to send commands. It captured data from chats, emails, websites and screenshots and was used to steal sensitive data from computers in Iran and Middle East.
Works Cited
Santhakumar, Nirmala. Types Of Computer Viruses And Their Painful Effects. 25 October 2013. Article. 1 June 2014.
