Social engineering trumps a zero-day every time presented at Virus Bulletin 2010

by Bruce Hughes (Avg technologies),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2010/abstractshughes.xml

Summary : "
Hackers know the weakest part of any business is almost always the human sitting behind the keyboard.
Stats show that our users are four times more likely to come into contact with social engineering tactics as opposed to a
site serving up an exploit.
February stats:
Top social engineering detection: 1,985,377 blocks
Top exploit detection: 415,697 blocks
Most people are worried about dangerous exploits sneaking into their computer systems through zero-day exploits but will
joyfully click on links found in search engine results, email or social networking sites. The tactic of exploiting the
'human aspect' of computer use is known as social engineering and is widely recognised as one of the most effective
techniques used by cybercriminals. It's also much easier - the only thing involved is tricking somone.
Social engineering isn't going anywhere. It has been here since the start, and as long as there are humans to trick, it's
here to stay. The bad guys are making a lot of money also, just look at these examples from the news:
N.Y. Firm Faces Bankruptcy from $164,000 E-Banking Loss
Online Robbery: Hackers Steal $50,000. Bank Says 'Tough Luck'
Computer virus steals $325K from district
Computer hacker steals $479,000 from Cumberland County Redevelopment Authority
IT Firm Loses $100,000 to Online Bank Fraud
In this paper we will look at many examples of social engineering that are being used today and the reported damage they have
caused. We will look at the technologies that corporations are using to stop social engineering attacks. Finally, we will
look at home we can educate users and some of the campaigns being used by public organizations."