The Evolving Threat of Phishing and Social Engineering
Abstract: Despite ongoing advancements in security technologies and processes, it continues to be fairly simple to compromise user credentials through phishing and social engineering attacks, and we are seeing this become even easier with the advancements of AI, deepfakes and voice cloning. Plenty of examples exist and are exploited daily: social media is a literal warehouse of personal information that bad actors can use to target help desks, answer security questions, and ultimately resetting passwords. This allows them to enroll new devices to which multifactor authentication (MFA) codes are sent. From there, they can easily bypass MFA and gain access to any/all resources in an environment. |
Author:
|