Social engineering focuses on exploiting the human component of cybersecurity. Using trickery, attackers rely on social engineering to convince victims to take high-risk actions, ignore security practices, or circumvent endpoint security. This can expose sensitive information or lead to the execution of malicious content.
Types of social engineering attacks vary widely but cyber criminals repeat tactics that are successful. This creates records of social engineering trends in cybersecurity showing professionals what to expect. In this article we will discuss the latest social engineering trends that are on the rise according to the research in our recently published PreCrime Landscape Report.
In virtual kidnapping scams, the scammer calls or messages victims, saying a loved one has been kidnapped and demanding a ransom be paid for their release. They find and spoof registered phone numbers making the call appear to come from the victim’s relative.
High-pressure tactics, including providing convincing details about the kidnapping make it challenging for the victim to determine if the call is legitimate. Fortunately, there are some signs that a virtual kidnapping is taking place that you can look for to avoid becoming a victim.
Search engine optimization (SEO) poisoning is a tactic used by cybercriminals to manipulate search engine rankings and redirect users to malicious websites. Threat actors inject malicious code or links into legitimate websites or create malicious websites. In both cases the websites are optimized for specific keywords allowing their site to rank higher in search results than the brand’s authentic site.
In November, threat actors compromised approximately 15,000 websites using SEO poisoning and redirected users to their own fake sites. The dangers of SEO poisoning include:
Business email compromise (BEC) is a form of spear phishing. A threat actor impersonates a high-profile employee to trick others employees, partners, or suppliers. These types of social engineering attacks often target money transfers but that has changed. Recently, BEC attacks have targeted physical goods, stealing entire shipments of food products and ingredients valued at hundreds of thousands of dollars.
Here are a few ways BEC can be used to steal commodities or goods:
Supply chain attacks use a third-party partner or provider with access to the target’s data. They target a third party with a weaker security posture, which is why almost 77% of organizations detected unknown participants in their supply chain in 2022.
Once the third-party is compromised, attackers use the benefits of being in the supply chain to launch their attacks. They could be sending corrupted patches for software or masquerading as the supplier, and attempting to learn sensitive information about the target company via phishing.
Third-party breaches in the supply chain are particularly dangerous because they often impact multiple victims. They provide attackers with access to sensitive information and systems that they may not have been able to access otherwise. These attacks are difficult to detect and mitigate, as they occur at a point in the supply chain not directly controlled by the victimized organization.
Some specific dangers include:
Third-party supply chain attacks cause significant financial and reputational damage.
These trends are only the starting point for cybercriminals. As data breaches, phishing, and ransomware attacks continue to rise, it is crucial to know all of the threats that face your organization. Bfore.ai has released a PreCrime Landscape Report to help organizations know everything that is in attackers' toolkits for 2023.
Download the PreCrime Landscape Report today to give your organization the upper hand in improving your security posture for the coming year.