Targeting, profiling, and weaponising psychology against key individuals within organisations has started becoming a go-to methodology employed by cybercriminals and social engineers. It is a low-cost, low-risk, and highly successful approach used to infiltrate organisations in the public and private sectors, steal sensitive information, recruit insiders, and help threat actors acquire illicit access to assets and systems.

We have been observing threat actors performing thorough reconnaissance on targets, building relationships with them online or offline, and actively exploiting or recruiting them. This talk provides insights into the mechanisms and the methodology of today’s targeted social engineering attacks and weaponised psychology. It discusses how attackers tailor their approach in order to compromise specific people in key positions. The tricks they use to build trust and elicit information that assist them in strategising, initiating, or delivering an attack.

In addition to the modus operandi of these attacks, the presentation will discuss the lessons learned and the defence mechanisms we can employ to detect and deter targeted social engineering attacks. Do individuals that have privileged access to information or systems require a more carefully planned security strategy? What do they need to know? What can we, the professionals in security positions, do to ensure the safety of those individuals and our organisations but also where does our responsibility end?

The presentation will include real-life case studies from current threat intelligence.

About the speaker

Christina Lekati

Senior Social Engineering Trainer & Consultant at Cyber Risk

Christina Lekati is a psychologist and a social engineer. With her background and degree in psychology, she learned the mechanisms of behaviour, motivation, and decision-making, as well as manipulation and deceit. She became particularly interested in human dynamics and passionate about social engineering. She works with Cyber Risk GmbH as a social engineering trainer and consultant. Christina is the leading developer of the social engineering training programs provided by Cyber Risk GmbH. She has participated in penetration tests and is running tailored training programs within companies and organisations. She has worked with financial institutions, law enforcement, large technology companies, and other organisations belonging to the public and private sectors, helping them strengthen their cybersecurity posture and skill set. Christina is also conducting vulnerability assessments on corporations and high-value targets. Those reports are based on Open-Source Intelligence (OSINT). Their goal is to help organisations identify and manage risks related to human or physical vulnerabilities. These risks are the result of intelligence that is produced through publicly available resources and that threat actors regularly utilise in their attacks. Within this realm, she was also an active executive Board Member at the OSINT Curious project, contributing to the international scene of Open-Source Intelligence (OSINT) with the latest news, updates, and techniques on collection and analysis.
Read more …