Are you working in a company that was a victim of Corporate Espionage recently? If yes, then you need to read this. Even if you don’t, still you need to read this.
What is Corporate Espionage?
Process of spying business competitor or intelligence agency or internal organisation for vested interests is called Corporate Espionage or Economic Espionage.
One of the recent high profile cases of Economic Espionage, six Chinese citizens were arrested on charges of stealing sensitive wireless technology from US Companies. To know more click here http://on.wsj.com/1JXw2C8
What is Social Engineering?
Social Engineering is an art and science of getting people reveal their sensitive information. It is broadly classified into three categories namely Human based, Computer based and Mobile based.
Human based Social Engineering: This type of social engineering involves person to person interaction. The US-CERT definition of Social Engineering is more appropriate here, i.e., any attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.
Computer based Social Engineering: Making use of computer software to carry out Social Engineering attack.
1 Phishing: It involves cyber-criminal sending an email to the recipient. The email requests the recipient to confirm banking transaction or reset password or PIN. The victim opens the link thinking that the email is genuine. The victim is re-directed to a malicious website, which captures the information. Both eScan corporate products (eScan Corporate Edition with Hybrid Network Support and eScan Corporate 360 with MDM and Hybrid Network Support) provide an anti-phishing filter which protects users from both Phishing and Spear Phishing (as explained below).
1.1 Spear Phishing: This type of phishing is intended to target a single user or specific organisation seeking unauthorised access to confidential data by using email as its methodology. Spear Phished emails can be sent in numerous forms. Some of them inform the recipient that the previous email has failed and a link is also provided, which would make the recipient feel that the email is genuine. The link opened by the victim will be re-directed to website which would request the victim to enter their email address and password or click on the link will download a Trojan. eScan recommends its readers to never open an email attachment sent from an unknown sender, open it only if you are positive about the source and never send or reply to emails which ask for sensitive information to an unauthorized person.
1.2 Identity Theft: Hackers steal victim’s personal information such as name, mobile number, email id etc. for any fraudulent or illegal purpose which is done with the help of keylogger. The best example of an identity theft was a written article about NSA spying users of some of the top Hard disk manufacturing companies for more than a decade. Corporate products of eScan provide Virtual Keyboard which stimulates the user’s keyboard and acts as a secure mechanism for the user to enter sensitive information such as login credentials, banking password and many more. Identity theft also occurs when data is leaked from client’s system either by copying the data to USB, CD/DVD or any other medium. eScan Corporate products and eScan Endpoint Security (with MDM & Hybrid Network Support) addresses the problem of endpoint by providing features such as Recording of files copied to USB, Blocking of CD/DVD, USB Blocking with Password Management and Blocking of auto-play of USB devices etc.
Mobile based Social Engineering
1 Malicious App: Mobile users are tricked by downloading malicious app which pretend to be a genuine one, but ends up posing as illegitimate one. eScan Corporate 360 (with MDM & Hybrid Network Support) has a unique feature to cater to this. The MDM (Mobile Device Management) consists of App Protection, blocks third party applications by default when eScan app is deployed.