2. Social Engineering
Social engineering relies on human emo on and error rather than technical
vulnerabili es. A user is sent a fake email or other communica on that tricks
them into submi ng passwords or personal informa on. As the source appears
to be legi mate, this a ack is hard to detect. Phishing is a prevalent form of
social engineering; users may be tricked into submi ng sensi ve informa on,
by pretending to need to verify bank data, threatening legal consequences, or
offering a me-sensi ve offer. This very useful technique may place cri cal
enterprise informa on into malicious hands.
3. Advanced Persistent Threats (APT)
APT involves any breach where the a acker infiltrates the network and remains
undetected for as long as it takes to escalate privileges and steal sensi ve data.
Connec ons may ini ally be made through phishing or social engineering
schemes to create a backdoor access, which allows hackers the ability to
stay inside the network for a long me. It can be weeks or months, or even
years, before the breach is detected, and some mes is only discovered when
conduc ng an audit.
4. Cybercrime Syndicates
Organized cybercrime is on the rise. According to a McAfee report, there are an
es mated 20 to 30 cybercrime syndicates with na on-state level capabili es
opera ng in Russia alone. These syndicates offer hacking-as-a-service, such as
the widespread use of malicious so ware to steal credit card informa on and
sell it on the black market. Kits available on the dark web allow hackers with
even low-level skills to launch a ransomware a ack or other malware.
5. Major Data Breaches
A major data breach may have employed a number of tac cs used to infiltrate a
network and extract vast amounts of sensi ve data with the intent to expose,
disrupt opera ons or bring down an en re company.
4
oneneck.com
