skip to Main Content

At The Identity Organisation, we're here to help!

If you have any questions, just contact us by mail or phone and a member of our team will be in contact with you.

Contact Us Anytime

Our ears and inbox are always open (or at least Monday-Friday, from 9am-5pm).

Mercury House
19-21 Chapel Street, Marlow,
Bucks, SL7 2HN

+44 (0) 1628 308038
info@tidorg.com

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Why Use Malware When Cybercriminals Can Use Social Engineering?

    Social Engineering

    Researchers at Malwarebytes warn that a malvertising campaign they call “malsmoke” has stopped deploying exploit kits and is now using social engineering attacks to trick users into installing malware. The threat actor behind this campaign generally targets high-traffic adult websites. In the latest campaign, the attackers began using web pages that purport to contain an adult video, and inform users that they’ll need to install a Java plugin in order to view the video.

    “Starting mid-October, the threat actors behind malsmoke appear to have phased out the exploit kit delivery chains in favour of a social engineering scheme instead,” the researchers write. “The new campaign is tricking visitors to adult websites with a fake Java update. This change is significant because it drastically increases the target audience, no longer limiting it to Internet Explorer users running outdated software.”

    The use of social engineering also gives the attackers flexibility in how they target their victims, and enables them to improve upon their techniques in the future.

    “The threat actors could have designed this fake plug-in update in any shape or form,” Malwarebytes says. “The choice of Java is a bit odd, though, considering it is not typically associated with video streaming. However, those who click and download the so-called update may not be aware of that, and that’s really all that matters.”

    Malwarebytes concludes that social engineering schemes will remain relevant, since they’re cheaper and often more efficient than technical exploits.

    “In the absence of high value software vulnerabilities and exploits, social engineering is an excellent option as it is cost effective and reliable,” the researchers explain. “As far as web threats go, such schemes are here to stay for the foreseeable future.”

    Technical vulnerabilities can always be patched, but humans need to receive education to combat social engineering attacks. New-school security awareness training can help your employees stay ahead of these evolving tactics.

    Malwarebytes has the story.

    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defence. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Back To Top