Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Top tips is a weekly column where we highlight what’s trending in the tech world and list ways to explore these trends. This week we’re looking at four ways you can protect yourself from increasingly advanced social engineering attacks.

In the ever-evolving landscape of cybersecurity, businesses and individuals find themselves in a relentless battle against the surge of cybercrime, which continues to escalate in complexity and frequency. Despite the significant investments in cutting-edge cybersecurity solutions, the financial toll of cybercrime persists, with costs escalating annually.

Check out this one line for a moment...“duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations.” In a worrying display of social engineering sophistication, a multinational company was defrauded of $25 million through an intricately planned deepfake scam.

Over the past year, the social engineering tactics used for cyber attacks have evolved significantly as attackers manipulate the inherent trust, biases, and vulnerabilities of individual human behavior to gain unauthorized access to sensitive information or systems.

Spear phishing and voice phishing (vishing) are on the rise in the trucking industry, according to a new report from the National Motor Freight Traffic Association (NMFTA). “Spear phishing is still one of the most effective tools attackers have to breach networks,” the report says.

I am not scared of AI. What I mean is that I do not think AI is going to kill humanity Terminator-style. I think AI is going to be responsible for more cybercrime and more realistic phishing messages, but it is already pretty bad. Social engineering, without AI, is already involved in 70% - 90% of successful cyber attacks.

Social engineering is a technique commonly used by adversaries to manipulate individuals or groups of people into divulging confidential information, performing certain actions, or giving up access to valuable resources. These attacks can take many forms and are typically carried out through electronic communication channels or in-person interactions.

In the ever-evolving landscape of cybersecurity threats, social engineering remains a potent and insidious method employed by cybercriminals. Unlike traditional hacking techniques that exploit software vulnerabilities, social engineering manipulates human psychology to gain unauthorized access to sensitive information.

The year 2024 is shaping up to be a pivotal moment in the evolution of artificial intelligence (AI), particularly in the realm of social engineering. As AI capabilities grow exponentially, so too do the opportunities for bad actors to harness these advancements for more sophisticated and potentially damaging social engineering attacks. Let's explore the top 10 expected AI developments of 2024 and their implications for cybersecurity.

CISA sent out a warning about a Russian advanced persistent threat (APT) called Star Blizzard warning about their long-game social engineering tactics. They create fake email and social media accounts, contact their potential victims, talk about a non-threatening subject to gain the victim’s confidence, and wait to launch their malicious attack. I call this long-game social engineering.