Be Social, But Not Socially Engineered!

Being friendly and social can enhance your career, strengthen friendships and overall lead to a happier life. However, we need to be mindful that those social interactions don’t make it easy for cyber criminals to gain valuable sensitive or personal information about our lives.  In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an individual, organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity, but don’t be fooled.

By asking questions, the social engineer may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, they may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

Cyber criminals use various social engineering tactics to deceive users into downloading executing malware such as fake antivirus, fake utilities, bogus upgrades to the operating system or applications, and trojanized applications.

One way to protect your company is to develop a comprehensive training program to educate employees on the tactics of socially engineering.  Also, it is also critical to have a layered set of security controls in place to protect employees from malware and block exploits that attackers use to steal data and compromise networks.

The respected security industry testing lab, NSS Labs, conducted a comparative analysis of five endpoint security vendors, including McAfee.  This test verified the ability of endpoint protection products (EPP) to block socially engineered malware (SEM) attacks.

After the test period McAfee VirusScan Enterprise achieved the best possible score by blocking the download and execution of 100 percent of the socially engineered malware the testers threw at it.

Average Block Rate on Download for Socially Engineered Malware

According to the authors of the test, McAfee VirusScan Enterprise showed an “exceptional level of consistency” in blocking the download and execution of SEM.

In this test, there were also distinct differences in how fast the endpoint security products were in adding protection.  This becomes critical in cases where the attack is designed to quickly spread across an environment.  In a measurement of speed, NSS Labs found that McAfee VirusScan Enterprise had a 31-second average time to add protection, which was the fastest in terms of adding protection for new socially-engineered malware.

Average Time to Add Protection

Other key findings of the NSS Labs report were:

  • Enterprises face a higher level of risk from phishing than from SEM
  • The bulk of the protection EPP products provide against SEM occurs on download prior to the point of execution
  • McAfee VirusScan Enterprise blocked 100% of the SEM over the test period
  • McAfee VirusScan Enterprise added protection for new threats in 31 seconds on average
  • McAfee VirusScan Enterprise had a 12x time-to-block advantage over the competition

The bottom line is that social engineering attacks aren’t going away. Many of the decisions we make are based upon basic human nature and behavior. Good social engineers really understand how to work with that, so it is important and beneficial to leverage technology to provide an additional layer of protection.  The best piece of advice to avoid being caught by a social engineering attack is to pause and think about the information you may be providing before acting.

Leave a Comment

three × 3 =