Many officials believe the Chinese military are employing hackers to attempt to penetrate U.S. networks, and the most effective method for doing so involves human beings, through the use of social engineering.
Social engineering is the main method of gaining entry into vulnerable networks within the Government and corporations throughout the U.S. and other countries. The main, and most effective, method is through the use of malware attachments in email messages, social media, and other forms of digital communications, which hackers are using very successfully to gain entry-points for cyber threats and attacks.
Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. While it is similar to a confidence trick or simple fraud, it is typically trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victims.
Social engineering is as an act of psychological manipulation had previously been associated with the social sciences, but its usage has caught on among computer professionals.
Hackers employ social engineering in many forms, but most effectively through the use of malicious code passed on links to websites and other attachments in emails, such as photos and documents; or the lure of coupons or other marketing methods to get people to open malware. Experts in the field believe that social engineering is one of the most dangerous threats to internet and system cybersecurity for Government and corporations alike.
Since 2009, the majority of U.S. corporate cyberattacks have included social engineering. The Pentagon has even begun a social engineering training curriculum for offensive and defensive missions.
The Washington Post recently ran an investigative piece outlining recent cyber attacks by hackers and their methods of penetrating systems and networks through the use of human beings.
The article described several scenarios, including several situations where file attachments were not actually .pdf documents but ‘executable files’ with Trojan horse code.
Meaning the old adage of watch where you click, what you open and who it’s from, still applies today.