In the past few years, social engineering has become cyber attackers’ preferred method for gaining access to target systems, and it usually takes the form of a spoofed email or message booby-trapped with malicious attachments or links that untrained users all to often open or follow.
To succeed in their social engineering attempts, the attackers have to do a background check on the individuals they target and gather as much information about their private and professional lives as possible – a process that has been made extremely easy by the rise of social networks, capable search engines and free data aggregators.
In this podcast recorded at Virus Bulletin 2011, Catalin Cosoi, BitDefender’s Head of Online Threats, talks about how the existing information from all these sources can very easily be used for compiling thorough “resumes” about each particular target, and how various templates filled with specific personal information can be used to organize massive – but targeted – spam campaigns that will surely yield considerably greater results that spear-phishing campaigns lovingly crafted by the attackers to target 3 or 4 specific users.
In addition to all that, Cosoi also gives a glimpse into the social engineers’ chain of reasoning when it comes to orchestrating extremely targeted attacks.
Listen to the podcast here.
Catalin Cosoi has been with BitDefender for almost 7 year now, jumping from research and development of new AntiSpam Technologies to AntiPhishing and several other online threats. He is now managing the Online Threats Lab and serves as the company’s technical spokesperson.
His interest include (but are not limited to) antispam filters and technologies, pattern recognition and extraction, cryptography, cognitive-emotional interactions, social engineering, language processing techniques and neural networks.
He has a bachelor degree in Cognitive Systems and Bioengineering and he is preparing his PhD thesis on Natural Language Processing Techniques at “Politehnica” University of Bucharest.