Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 19, 2023Severity Medium Analysis Summary CVE-2022-42436 IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. Impact Indicators Of Compromise […]March 19, 2023Severity Medium Analysis Summary CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server could allow a remote attacker to obtain sensitive information. By sending a malformed message, an […]March 17, 2023Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 19, 2023Severity Medium Analysis Summary CVE-2022-42436 IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. Impact Indicators Of Compromise […]March 19, 2023Severity Medium Analysis Summary CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server could allow a remote attacker to obtain sensitive information. By sending a malformed message, an […]March 17, 2023Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – Multiple Tenable Log Correlation Engine Vulnerabilities
June 4, 2021Rewterz Threat Alert – AZORult – Active IOCs
June 4, 2021
Severity
High
Analysis Summary
Social Engineering is a cybersecurity umbrella term consisting of all types of attacks that use human interaction and social skills to obtain or access information that can be used to attack and harm an individual or organization. The attacker plays on several human emotions and emotional tactics to entice a response from the victim. The email may seem respectful, urgent, demanding, and helpful and play on emotions like greed, curiosity, or fear. Some of the social engineering types are:
Phishing
Phishing includes fraudulent or deceitful emails with infected links which appear to be from reputable and trusted sources. The purpose is to lure victims into opening an infected attachment or link. The threat actors may appear to be from within the company or from outside sources. There are several types of phishing techniques, including:
Spear Phishing
Spear phishing targets a victim by collecting information from online sources or social media to masquerade as a known sender. An example of this is getting an email from a “restaurant” that you have received a coupon that needs to be downloaded by opening an attachment.
Whaling
Whaling, like the name suggests, is used to targeting high or C-level employees like CEOs and CTOs. The “bigger fish” are targeted using the same social engineering techniques.
Vishing
Vishing is a social engineering technique that utilizes voice communication like cold-calls or call center schemes to attack the victims. It also includes luring the victim into calling a number and divulging their personal information. Broadcasting the service or using VoIP (Voice over Internet Protocol) also helps exploit the victims as the caller ID can be changed and take advantage of the mistrust the public has on landline services.
Smishing
Smishing is a social engineering technique that utilizes SMS or text communication. Emails contain links to email addresses, webpages, or phone numbers that can automatically open an email or browser window or dial a number. Modern smishing techniques have a high success rate.
Baiting
As the name suggests, baiting includes enticing the victim with free giveaways. Some cybercriminals use discount offers, free gifts, or coupons to trick the victim into engaging.
Examples of highly successful or popular phishing attempts are the Nigerian prince, 419, or advance-fee scams.
Impact
- Financial loss
- Disruption of operations
- Damage to reputation
- Credential theft
- Exposure of sensitive data
Remediation
- Employees should be trained to practice healthy online habits, but also to be able to mitigate the initial security attack.
- The psychological triggers or social engineering tactics used by attackers should be taught to every employee.
- Firewalls, antivirus, and anti-malware software should be installed and updated.
- Always be suspicious while answering or opening from unknown sources or suspicious senders.