Blog & News Social Engineering

The current context of Social Engineering and the role of DOGANA

Written by Enrico Frumento, CEFRIEL

The DOGANA project focuses on the impact and the remediation of the human factor in security, which is one of the most demanding challenges of today’s security and for which no widely accepted and stable solutions currently exist.
As an example of this type of complexity, the 2015 DEFCON conference organised the sixth edition of a social engineering simulated contest, namely the SECTF (Social Engineering Capture The Flag) contest. The report issued on how the contest was organised and analysing its results contains extremely interesting conclusions, relevant on the one hand to focus the problem that DOGANA is addressing and on the other hand to underline the importance of the problem...

Read more

 

Interview on Social Engineering threads with an Italian high school student within the Alternanza Scuola-Lavoro project

Written by Matteo Mauri, CNIT


Alternanza Scuola Lavoro is a project that involves high school students in Universities' research activites. CNIT - PRA Lab hosted 2 students from the high school liceo Euclide of Cagliari, involving them in Social Engineering themes and teaching them modern techniques against digital targeted attacks. The students were involved also in some activites carried on within the project DOGANA - aDvanced sOcial enGineering And vulNerability Assesment framework.

Marco G., one the two students involved in the project, released an interview to the DOGANA's Social Engineering Blog. Available in English and in Italian.

Read more

 

Video Games and Information Security – Uneasy Bedfellows?

Written by Marc Busch, AIT

We like it when things fall easily into place and we like to have fun. We, as humans are playful in nature and appreciate competitions and collaboration with strangers, colleagues, friends or family. Video games are a welcome distraction, whether it is just a quick session of Candy Crush in the subway or an advanced gaming evening full of World of Warcraft.

Even people who do not have video games on their bucket list probably get nostalgic feelings when they think of PacMan or hear the iconic Tetris music. Video games are fun and a nice way to spend some minutes or even hours.

Read more

 

Things to know for GDPR-proof handling of employee data

Written by Yung Shin Van Der Sype, KU LEUVEN

The General Data Protection Regulation (GDPR) has been adopted on 16 April 2016. After four years of preparation and negotiation between the EU institutions, the GDPR is ready to make “a high, uniform level of data protection throughout the EU a reality” (Jan Phillip Albrecht, German Green MEP).

Two years from now, in the first half of 2018, the new framework will come into force, with direct effect in all EU Member States. Hence, companies and organisations have two years to prepare for the major changes to come.

And things will change...

Read more

 

Health and unSafety. Why is your medical data so valuable? 10 famous recent hackings to healthcare systems

Written by Alessio Mulas, Matteo Mauri, CNIT

As NBC reported, on February 16th, Main Line Health (MLH) has become victim of a phishing attack that compromised personal information of nearly 11,000 employees.
MLH is a not-for-profit healthcare provider based on Philadelphia that operates on four acute care hospitals and other institutions.

Read more

Which could be the consequences of a social engineering attack?

Written by Enrico Frumento, CEFRIEL

Recently the news reported this attack, which apparently is associated to a ransomware problem for an Hospital.
Hollywood hospital’s systems held hostage by hackers
The Hollywood Presbyterian Medical Center, an “acute-care facility” located in Los Angeles, has had its computer systems compromised by hackers. The attackers are asking for 9,000 Bitcoin (approximately $3.6 million) in exchange for giving the hospital access to the systems again. The apparent problem is that part if not all the Hospital Information Service (HIS) was compromised by a ransomware.

Read more




This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme, under grant agreement No. 653618