Blog

Alert for social engineering cyberattack campaigns

Written by iDISC Information Technologies | Mar 20, 2024 3:15:00 PM

Given the current level of digitalization, cyber protection has emerged as an essential area for companies and individuals alike. We must be aware of the potential dangers of the Internet and the risks associated with storing sensitive data in the cloud.

By 2024, social engineering is expected to become the primary strategy employed by cybercriminals to attack businesses, government institutions, and individuals. It consists of deceiving or manipulating people to obtain sensitive information or gain access to protected systems and networks. Its aims include data theft, extortion, sabotage, espionage, and even influencing public opinion. Social engineering takes advantage of people’s trust and naivety to achieve its illicit ends, highlighting the importance of education and awareness of cybersecurity practices.

Victims are manipulated to perform specific actions or reveal confidential information to others. A classic example of this type of manipulation, which even occurs outside the digital realm, are fraudulent phone calls where someone poses as a representative of a bank or other company, alerting about unauthorized charges before requesting access to personal or financial data. Through these strategies, they pressure the victim to take quick action without questioning the authenticity of the notification.

The most frequent types of social engineering attacks are:

Election phishing

This consists of fraudulent messages impersonating electoral institutions, political parties, or candidates to obtain personal or banking information from citizens. This data can be used for criminal activities such as fraud, identity theft, or even vote manipulation.

Among the different types of electoral phishing are e-mails offering false benefits in exchange for personal information, or requesting the confirmation or update of electoral register data. It goes without saying that the 2024 electoral processes are highly relevant, so it is crucial to be alert to these threats and to take proactive measures to protect your personal information and right to vote.

Educational ransomware

Another method of social engineering is ransomware: a form of malware designed to encrypt users’ files or devices, rendering them inaccessible. By doing so, the cyberattacker demands a ransom for the affected companies or individuals to be able to regain access to their data.

Educational ransomware affects the systems of all types of educational institutions. Malware is infiltrated to block access to available information or services until a ransom payment is made. These attacks take advantage of the lack of security or updates in educational networks and of the value of the academic, scientific or administrative information handled by these institutions, causing serious stoppages in their operations and compromising data integrity and confidentiality.

Fake news and bots

This refers to intentional dissemination of false or distorted information through social networks, digital platforms, or messaging applications leading to disinformation, confusion, or division among the population. These news items often deal with sensitive topics such as pandemics, security, economics, or politics. To increase their impact, bots or automated accounts are used to mimic real users and disseminate misleading content.

Examples include campaigns that discredit COVID-19 vaccines, promote electoral abstention, or criticize certain candidates or political parties. These practices undermine trust in authentic information and democracy. It is crucial for people to be critical when consuming online content and to verify the authenticity of sources before sharing information.

In short, these attacks can not only cause serious financial and operational damage, but can also pose a significant threat to information security and privacy. Cybersecurity education and digital awareness are critical for mitigating risks, implementing robust security measures, and protecting against emerging cyber threats in 2024.

We hope you find this information useful. We are happy to provide you with more details about social engineering cyberattack campaigns and how to prevent them. Don’t hesitate to contact us or visit our blog for more information.