Cybercriminals are adopting new social engineering tactics, targeting fresh victims and becoming far bolder, putting anyone who doesn’t prepare at considerable risk. Cybersecurity professionals must adapt to these rising social engineering trends to stay safe.
Many companies are seeing losses in the millions from social engineering attacks. In addition to being expensive, these incidents are also becoming increasingly common. Google says it now blocks 100 million phishing emails every day, and Microsoft says phishing accounts for almost 70% of all new attacks.
Recent research shows that as these attacks grow in number, they’re also forming distinct trends. Social engineering attackers favor techniques like content phishing and deep fakes, and threat actors are pursuing new targets, especially critical infrastructure and unsuspecting workers. Here’s a closer look at these social engineering trends:
5 Top Social Engineering Trends
1. Content Phishing
Phishing as a whole saw a tremendous increase as more employees started working from home. One subcategory that’s seen particularly impressive growth is content phishing, which involves apps that seek user permission to gain legitimate access to company services and files.
These apps don’t need to execute their code on the user’s device, letting them slip past endpoint security. Asking for permissions may also seem less suspicious than asking for credentials, as legitimate programs do the same. As a result, these attacks may have a higher chance of success, as users become more aware of traditional phishing tactics.
The August 2020 attack on the SANS Institute, which leaked roughly 28,000 items of personally identifiable information (PII), was one such attack, according to Security. Such a considerable breach of a cybersecurity organization highlights how convincing these phishing methods can be.
2. Deep fakes
One of the newest and most troubling social engineering trends is the rise of deep fakes. Deep fakes use machine learning (ML) to create remarkably convincing fake videos of real people. Cybercriminals can use this technology to spread disinformation or impersonate company leaders to trick employees into risky behavior.
Deep fake technology is still new, and as such, not widespread. However, it could be a common threat before long. As CyberCube’s Head of Cybersecurity Strategy Darren Thomson explained, “We’ve already seen these deep fake videos used in political campaigns. It’s only a matter of time before criminals apply the same technique to businesses.”
Video and audio samples are becoming increasingly accessible as people post more media online. This data gives deep fake tools more resources to create convincing fakes of more people. Users will have to become more skeptical about the media they encounter online.
As cybersecurity has progressed, successful phishing attacks often rely on more sophisticated techniques. Phishing-as-a-service has emerged as a way for experienced cybercriminals to make money and new cybercriminals to perform these sophisticated attacks.
Sellers of ready-made phishing kits grew by 120% in 2019, indicating skyrocketing demand. While top-end solutions can reach $880, some are available for as little as $20. Consequently, more threat actors now have easy access to tools for widespread, effective phishing campaigns.
Group-IB CTO and Head of Threat Hunting Intelligence Dmitry Volkov said phishing-as-a-service should be a focus for cybersecurity professionals.
“The fight against phishing kit creators should be at the core of the struggle to eradicate phishing,” Volkov said.
4. State-Sponsored Social Engineering
State-sponsored cybercriminals are a growing threat as digital infrastructure is a critical part of nations’ operations and daily life. This social engineering trend makes cybercrime a matter of national security, not just a business concern.
Google’s Threat Analysis Group recently identified an ongoing campaign where they believe that government-backed North Korean hackers posed as cybersecurity specialists. The cybercriminals engaged with security researchers on social media and online forums under the guise of collaboration. Through this interaction, they would spread malware and gain information about software vulnerabilities.
U.S. security experts suspect that the 2020 SolarWinds hack was the result of Russia-sponsored cybercrime like this. As more critical infrastructure comes to rely on digital data, these attacks are becoming more common.
5. Targeting Lower-Level Employees
Recent social engineering trends have also shifted who these attackers target. While executive and finance departments may have the most to lose in an attack, cybercriminals have started targeting lower-level employees on other teams. These targets may be more susceptible to social engineering attempts, giving threat actors access to move throughout the network.
Don MacLennan, SVP of email protection at Barracuda, emphasized this growing trend in a recent report.
“Targeting lower-level employees offers them a way to get in the door and then work their way up to higher-value targets,” MacLennan said.
Once inside the network, criminals often have ample opportunity for lateral movement, so unassuming targets can lead to considerable damages.
This trend emphasizes the importance of training all employees on basic cyber hygiene. Without proper education, a low-level worker could accidentally become a high-risk gateway.