Social Engineering Social Engineering

Employees are the weakest link - Enable your employees to effectively become a part of your security team. PART II: The Human Component’s Fundamental Role in AntiPhishing Prevention - Initial Training

Written by Maria Monteiro, Filipe Custódio, VISIONWARE

This article is the second part of a series published by the DOGANA Consortium with the purpose of providing information on how enabling employees to effectively become a part of the enterprise security. To better understand this article please read the first part "Companies’ role in Antiphishing Prevention”.

Assessment and training may significantly increase employee awareness, reduce click rates, and increase reports of phishing...

Read more

 

Employees are the weakest link - Enable your employees to effectively become a part of your security team. PART I: Companies’ role in Antiphishing Prevention

Written by Maria Monteiro, Filipe Custódio, VISIONWARE


This article is the first part of a series published by the DOGANA Consortium with the purpose of providing information on how enabling employees to effectively become  a part of the enterprise security.

Bearing in mind that phishing is becoming more and more common among cyber-criminals and has devastating outcomes, enterprises are keen to fight this ever-increasing threat by any and all means...

Read more

 

The real story behind the latest Pawn Storm attack and the Windows zero-day patch release

Written by Enrico Frumento, CEFRIEL

Recently the news reported an interesting new sample of a type of attacks that we know very well. This one is specifically interesting because of the structure of the attack: if you look at the process reported below, the process follows some interesting steps: a social engineering lure (a quite efficient one as usual from Pawn Storm OCG) is followed by a drive-by-infection and an ad-hoc malware, crafted by a malware forgery, after a fingerprinting of the victim's machine...

Read more

 

Multi-layer defence against SE: evolution and evaluation

Written by Carlo Dambra, PROPRS and Enrico Frumento, CEFRIEL

Social Engineering evolution

The idea of a multi-layer defence against cyber-attacks appeared in a SANS whitepaper in 2003 but at the time it was mainly referring to technological defences. Anyhow, the idea was to apply a series of coordinated defences to protect against cyber-attacks: security policy, perimeter router hardening, firewall, antivirus software, network switches, IDS, employees training, physical security and patch management. As explained several times within this Blog, the cyberattacks, initially targeting only the computers, have evolved to include also the Social Engineering (SE) attacks, thus targeting humans: today SE is the main-stream way to start an attack...

Read more

 

The current context of Social Engineering and the role of DOGANA

Written by Enrico Frumento, CEFRIEL

The DOGANA project focuses on the impact and the remediation of the human factor in security, which is one of the most demanding challenges of today’s security and for which no widely accepted and stable solutions currently exist.
As an example of this type of complexity, the 2015 DEFCON conference organised the sixth edition of a social engineering simulated contest, namely the SECTF (Social Engineering Capture The Flag) contest. The report issued on how the contest was organised and analysing its results contains extremely interesting conclusions, relevant on the one hand to focus the problem that DOGANA is addressing and on the other hand to underline the importance of the problem...

Read more

 

Interview on Social Engineering threads with an Italian high school student within the Alternanza Scuola-Lavoro project

Written by Matteo Mauri, CNIT


Alternanza Scuola Lavoro is a project that involves high school students in Universities' research activites. CNIT - PRA Lab hosted 2 students from the high school liceo Euclide of Cagliari, involving them in Social Engineering themes and teaching them modern techniques against digital targeted attacks. The students were involved also in some activites carried on within the project DOGANA - aDvanced sOcial enGineering And vulNerability Assesment framework.

Marco G., one the two students involved in the project, released an interview to the DOGANA's Social Engineering Blog. Available in English and in Italian.

Read more

 

Video Games and Information Security – Uneasy Bedfellows?

Written by Marc Busch, AIT

We like it when things fall easily into place and we like to have fun. We, as humans are playful in nature and appreciate competitions and collaboration with strangers, colleagues, friends or family. Video games are a welcome distraction, whether it is just a quick session of Candy Crush in the subway or an advanced gaming evening full of World of Warcraft.

Even people who do not have video games on their bucket list probably get nostalgic feelings when they think of PacMan or hear the iconic Tetris music. Video games are fun and a nice way to spend some minutes or even hours.

Read more

 

Things to know for GDPR-proof handling of employee data

Written by Yung Shin Van Der Sype, KU LEUVEN

The General Data Protection Regulation (GDPR) has been adopted on 16 April 2016. After four years of preparation and negotiation between the EU institutions, the GDPR is ready to make “a high, uniform level of data protection throughout the EU a reality” (Jan Phillip Albrecht, German Green MEP).

Two years from now, in the first half of 2018, the new framework will come into force, with direct effect in all EU Member States. Hence, companies and organisations have two years to prepare for the major changes to come.

And things will change...

Read more

 

Health and unSafety. Why is your medical data so valuable? 10 famous recent hackings to healthcare systems

Written by Alessio Mulas, Matteo Mauri, CNIT

As NBC reported, on February 16th, Main Line Health (MLH) has become victim of a phishing attack that compromised personal information of nearly 11,000 employees.
MLH is a not-for-profit healthcare provider based on Philadelphia that operates on four acute care hospitals and other institutions.

Read more




This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme, under grant agreement No. 653618