Social Engineering

Alongside advanced technology and the development of computer and network systems, human resources remain the most important and influential force in the world we live in.

Looking at the business world, it is easy to see that human creativity is an irreplaceable asset in the success of an organization, but creativity is fraught with many dangers.  In addition to threats from outside the organization,  there are those who work toward personal gain at the expense of success, stability and survival of the organization.

There are various ways and methods used by malicious entities for obtaining information and other resources from your organization. Among these ways can identify two main trends:

Exploiting weaknesses in information systems / computer systems / organizational communications.

Exploiting the weakness of the human factor in the organization to reach a desired resource.

Identifying the human element as one of the weak links in the organizational chain, and as vulnerable and exposed to more manipulations than any infrastructure or system, increases the need to deal with the issue extensively at all levels of social engineering.

Bugsec has established an operational training unit on social engineering, which is operated by employees with experience in different units.  We perform social engineering activities, including setting up the methodology, staffing and treatment chain of these events.  The activities include intelligence gathering from various means, building fraud schemes according to the outline given to customers, or prepared according to a  scenario developed by the company (Custom Attack Scenarios).

We set up Phishing fraud attempts, physical impersonation and attempts to infiltrate physical protection controls, identifying a specific target that we have gathered information on through visible means and others, going as far as attempts to insert malicious code to those organizations using the same targets.  We emphasize attention to detail, and the construction of reliable simulated attacks both at an advanced technical level and at the level of social engineering itself. These goals are achieved through a deep familiarity with the means of obtaining information and reconnaissance capabilities built over the years.