We all certainly remember the headlines a few days back- “ Twitter account hacked in the US”. The digital realm was in an utter shock as the accounts hacked belonged to some of the top politicians, celebrities and tech moguls like Barack Obama, Kanya West, Kim Kardashian, Bill Gates, Jeff Bezos, Elon Musk and many more such. The hacking included bogus tweets from these accounts that resulted in siphoning off over $100,000 as bitcoin transaction.
The digital- tech world termed the hacking as “ a coordinated social engineering attack”
What is a Social Engineering attack?
It is an umbrella term encompassing a wide range of malicious activities accomplished through human interactions. It uses psychological manipulations to trap users by making them commit some security mistakes or end up revealing sensitive information and hence compromising their computer systems.
What was different this time?
Social engineering is a cyber attack. Yes.
But it is often used to gain an entry point access to the organisation.
It is highly effective as it exploits human vulnerabilities, unlike computer vulnerabilities, and hence are difficult to get hunted and fixed. Also, errors done by legitimate users are much less predictable and harder to identify as compared to malware-based attacks.
The attack is not a one time show. Rather it usually happens in 4 steps :
Also, there is no one fixed method to lure the user into the trap, some of the methods hackers can use are :
Emails/posts on social media platforms, redirecting users to click on attachments/links etc
Enticing users to give them away through to access their computers through a corrupted USB
Hiding under the ads on legitimate websites
Why so much fuss about it?
This attack has given all of us a reality check because the accounts hacked belonged to the powerful and very popular people. The implications can be far-reaching given the fact of how influential twitter has become when its about global political interaction.
A well-coordinated social engineering attack poses varied serious threats like:
Misinformation: Hacking accounts’ data, photos and using them to tarnish the image of the user or even to use these to blackmail
Revenge Porn: Creating sexual explicit videos/images and posting them on the internet without the consent of the user.
Tailgating: exploiting human trust for gaining physical access to the organisation/devices.
Vishing: Sending across urgent voice mails to convince the user to act instantly to prevent their devices from being attacked/crashed.
So what do we do?
@Government Level :
Cyber Surakshit Bharat Initiative, National Cyber Security Coordination Centre, Cyber Swachhta Kendra. Information Technology Act 2000, the National Cyber Policy 2013 and also the international cooperation, for a cyber secure ecosystem, with Singapore, Japan, Us, etc.
Also, the government should think about “aatmanirbharta” by roping in indigenously made systems for its vital organisations, especially the ones dealing with the financial system and national security.
@Individual Level :
Undoubtedly the most important army to battle these attacks are the user, the people themselves. So the way out is to train, train and train the users. Increase awareness for not opening suspicious emails and links, to regularly update the system with antivirus, engage multiple authentication passwords for critical information and encourage people to come forward to report such cases.
Today cyber-attacks know no boundaries and affect almost every nation, the fight hence should be based on strong international cooperation. The cyber security awareness should have a multi-stakeholder focus- technological realm, the legal world, lawmakers and enforcers. Yet again it is the user, us, who by being aware can build some protection against such attacks.
Now that you've reached the end of this article, if you want to read out my other articles, check them out here.
Also, if you wish such freshly brewed articles delivered right into your inbox, you can subscribe to our newsletter at the end of the page. Strictly, no spamming ! I swear by Trump.