Hackers exploit technical vulnerabilities. They also exploit people involved in the processes that interface with technologies. The latter technique is called social engineering. Hackers use both attack methods in large volume and significant loss for the targeted organizations is a frequent occurrence.
The recent high-profile hack into casino operator MGM was the result of a social engineering attack. The hacker used an attack vector called vishing to initiate the attack. The threat actor obtained valid and verifiable information about an employee on LinkedIn before placing a voice call to the help desk. The hacker then used this information to convince the help desk to do exactly what their processes are intended to do – help provide access to computers. Unfortunately, for MGM and their patrons, the help desk assisted a hacker with malicious intent.
In fact, over 90% of cyber-attacks use a social engineering method. Just think of all the phishing email attempts you receive. Social engineering attacks are becoming easier for hackers to conduct and more difficult for organizations to defend against. Increasing amounts of personal and professional information about employees can be found online. Sometimes the information is shared intentionally on social media platforms. It is also sourced on the dark web where it is hidden in places that people never intended it to be stored. Threat actors also use advanced technologies to create voice and video deep fakes that are cunningly accurate.
The healthcare sector is particularly vulnerable to social engineering attacks. Care providers are helpful by nature and frequently build trust relationships with patients and their families as part of the healthcare process. Life-and-death urgency, 24x7 access, multi-generational and multi-cultural considerations and hundreds of different computer systems and medical devices, all combine to form a complex environment. And complex environments are more susceptible to social engineering.
Effective cybersecurity programs include controls that address organizational processes, technologies, and human interfaces. Implementation of these controls must be assessed periodically and continuously monitored.
The Michigan Healthcare Security Operations Center (HSOC) was created by healthcare organizations to provide continuous monitoring and event response. HSOC participants recognized the 90% social engineering “iceberg” problem. Where most security services can detect technical vulnerabilities, the HSOC expands that capability to better defend against social engineering attacks.
HSOC participants share processes, intelligence, and tactics with deep contextual awareness. This results in cybersecurity operations that are integrated with healthcare workflows. The HSOC responds to social engineering attacks faster and with high accuracy.
Controls testing includes monitoring public channels and the dark web for information about organizations and their employees that hackers rely upon for their craft. Sometimes dark web monitoring also discovers plans for social engineering attacks against specific organizations. Our penetration testing team is skilled at human interface testing via injecting phishing emails, in-person interactions for physical access, and vishing (the voice call hacking method described above). Controls testing results then inform process improvements, employee training opportunities, and HSOC monitoring enhancements.
Learn more about CyberForce|Q.