Advanced Persistent Threats & Social Engineering

Social Engineering has long been a very effective means of attacking information systems. The term knowledge worker has been coined by Peter Drucker more than 50 years ago and still describes very well the basic characteristics of many employees. Today, with current hypes such as BYOD (bring your own device) and public cloud services, young professionals expect to use the same technology both in their private life and while working. In global companies teams are no longer geographically co-located but staffed globally just-in-time. The decrease in personal interaction combined with the plethora of tools used (E-Mail, IM, Skype, Dropbox, Linked-In, Lync, etc.) create new opportunities for attackers. As recent attacks on companies such as the New York Times, RSA or Apple have shown, targeted spear-phishing attacks are an effective evolution of social engineering attacks. When combined with zero-day-exploits they become a dangerous weapon, often used by advanced persistent threats. In this talk we will explore some attack vectors and possible steps to mitigate the risk.