Hacking the Human Operating System
The prevalence of social engineering in many publicly disclosed cyber attacks suggests there is either an inherent weakness in the ability of victims to distinguish malicious communications or that cyber criminals are using more complex methods to bypass the “human firewall”.
The truth likely lies somewhere between these two statements, but, regardless of the root cause, we can see that the first line of defence is evidently failing. More importantly, to blame users for breaches is not entirely fair. There are many examples of clearly unsafe user behaviour, but this report will demonstrate that attackers often bypass the consciousness of their targets and attempt to manipulate victims through subconscious influences.
This report will review the concept of social engineering. We will consider the techniques used in recent cyber attacks, as well as the levers to influence victims, communication channels and suggested controls to reduce the risks.