Collective Intelligence Podcast, Matt Wixey on Social Engineering
Social engineering is the gateway to many penetrations of businesses and government agencies. And no matter how much awareness training is available, and how much time and money is spent warning users and managers against scams, social engineering works.
In this episode of the Collective Intelligence Podcast, Matt Wixey of PwC talks about some research he’s done on the topic that he calls ROSE, or Remote Online Social Engineering. The twist on ROSE is that it’s a long-term social engineering attack, almost a variant of catfishing. Wixey explains how attackers create multiple false personae on social media to support these attacks—even creating synthetic conversations between these made-up personae to lend them credibility. The goal is to compromise a network with malware or an exploit that enables surveillance of the target, but these types of attacks aren’t for those without endurance. Wixey’s work uncovered some campaigns that could take months or years to come to fruition, and most of those campaigns originate with APTs against high-value targets in a variety of industries.
Throughout the podcast, Wixey provides details on some case studies that use remote online social engineering as a starting point for a bigger attack. He also provides some advice to organizations hoping to deploy technical—and some softer—countermeasures, and shares his thoughts on end-user awareness programs and whether they’re worth the investment.
The Collective Intelligence Podcast, presented by Flashpoint and hosted by Editorial Director Mike Mimoso, features regular interviews with a diverse set of industry experts and Flashpoint analysts on the latest information security news and industry trends.
Michael Mimoso brings over a decade of experience in IT security news reporting to Flashpoint. As Editorial Director, he collaborates with marketing, analyst, and leadership teams to share the company’s story. Prior to Flashpoint, Mike was as an Editor of Threatpost, where he covered security issues and cybercrime affecting businesses and end-users.
Prior to joining Threatpost, Mike was Editorial Director of the Security Media Group at TechTarget and Editor of Information Security magazine where he won several ASBPE national and regional writing awards. In addition, Information Security was a two-time finalist for national magazine of the year. He has been writing for business-to-business IT publications for 11 years, with a primary focus on information security.
Earlier in his career, Mike was an editor and reporter at several Boston-area newspapers. He holds a bachelor’s degree from Stonehill College in North Easton, Massachusetts.