Network threats

3. Social engineering

A well-designed network can make it very difficult to directly attack the hardware of a system. But even the most secure network is made vulnerable when it is used by real live humans. People can make mistakes; they can be tricked, fooled, bribed, or threatened.

All of these threats to a network are labeled together as 'social attacks'.

It is difficult to generalise social attacks because there are so many ways an attacker can convince a user to compromise security either willingly or unwillingly.

What social attacks all have in common, though, is that they target people rather than hardware or software.

Examples of social attacks include:

• Bribing a user into allowing an attacker access to a system
• Putting a thumb-drive full of malware somewhere a user might pick it up, and labelling it so that they would want to open it on their system. Something like "Salary Records" or "Staff redundancies".
• Phoning up a user at work and convincing them they are talking to a senior manager and so they provide information they shouldn't.

There are many other cunning social engineering tricks that criminals come up with to compromise people..

Read this news story: Malware-infected USB sticks posted to Australian homes