Testing for User Behaviour in Cyber Attacks

Security is remaining to be a prevalent security concern among businesses and individuals. While attacks continue to become more complex, the same can be said for the development of attacks that rely on human interaction to spread or exploit weaknesses.

Many attacks rely on this user input to do one of the following tasks:

* Execute a malicious attachment (e.g. an executable file)

* Visit a webpage to harvest credentials (e.g. with a fake login portal)

* Harvest credentials through a pop-up (e.g. a fake wireless access point)

All three of the above follow a theme, which is to use human interaction to steal credentials or execute payloads easier than typically possible. This does not reflect all attacks, but instead those that use social engineering as a vector for accessing a network, system or service.

Some attacks rely on weaknesses in software or hardware, and will exploit that weakness for disclosure of credentials, access to a specific account, or in more rare cases, execute code on the target device. However, the continuing trend within security still remains to be a weakness within security awareness – this is the most critical and diverse attack vector and can be adjusted by the attacker depending on the engagement.

An attacker can focus on a number of vectors for their access; hosting malicious content for all users to visit, or spear-phish users based on their level of access. Both methods have the same end result but have varying levels of success depending on the targeted users. From an attacking perspective, it can often be worth the investment to create a fully targeted spear phishing email to a smaller set of users and ultimately yield more valuable results.

Next week, we will focus on the mitigations for these kinds of attacks, and how to identify malicious content with confidence.