Hackers have plenty of choice in extorting information: Intel Security

When it comes to how best to extort information, hackers have plenty of choice.

That’s a key finding of a report entitled “Hacking the Human Operating System” released by Intel Security, in which the company details the variety of tools in a hacker’s arsenal, their weapons of choice, and attack patterns when doing said extortion.

By now, it’s well known that hackers seeking to extract information have increasingly sophisticated techniques, but it may be surprising to know just how many approaches have developed in their arsenal.

While the most widespread technique, commonly known as phishing (described as “social engineering” in the report) is commonly known, according to the report, it comes in two varieties.  This includes “hunting”, which aims to extract information using “minimal interaction with the target” and “farming”, which sees a relationship established with a target who is then “milked” for information over an extended period.

While the farming technique is less common, it’s more damaging not only for the larger volume of information obtained, but also because relationship between the target and the social engineer may change over time.

“For example, the target may catch on to the attempt and possibly seek remuneration, or the social engineer may attempt to use blackmail, thus moving the interaction from social engineering to traditional criminal behaviour,” the report said.

Furthermore, the report identified four steps in the life cycle of a social engineering attack.  This includes “Research,” where information is gathered on a person or organization, “Hook” which engages the target with the story, “Play” during which the extraction takes place, and “Exit” which takes place ideally without arousing suspicion.

As before, the message here is that choice is available to a sophisticated hacker.

“The attacker may perform one hunting attack, retrieve the information, and disappear,” said the report. “Or an attacker may perform numerous hunting attacks, and with that collected information initiate a farming attack. Social engineering attempts may be … part of a much larger campaign to gather multiple bits of related information.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Dave Yin
Dave Yin
Digital Staff Writer at Computer Dealer News, covering Canada's IT channel.

Related Tech News

Featured Tech Jobs

 

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.