![iFixit Tears Down New M4 MacBook Air [Video]](https://www.iclarified.com/images/news/96717/96717/96717-640.jpg)
![Apple Officially Announces Return of 'Ted Lasso' for Fourth Season [Video]](https://www.iclarified.com/images/news/96710/96710/96710-640.jpg)
![Apple Plans Live Translation Feature for AirPods in iOS 19 [Report]](https://www.iclarified.com/images/news/96712/96712/96712-640.jpg)
![[Update: Fix] Chromecast (2nd gen) and Audio can’t Cast in ‘Untrusted’ outage](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2019/08/chromecast_audio_1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
Hackers Using Advanced Social Engineering Techniques With Phishing Attacks
Cybercriminals are advancing beyond rudimentary phishing attempts, adopting sophisticated social engineering strategies that build relationships with targets before delivering malicious payloads. ESET’s APT Activity Report shows that the North Korea-aligned threat actors have significantly refined their tactics, making traditional security advice like “don’t click suspicious links” increasingly inadequate as attacks become more convincing and personalized. […] The post Hackers Using Advanced Social Engineering Techniques With Phishing Attacks appeared first on Cyber Security News.
Cybercriminals are advancing beyond rudimentary phishing attempts, adopting sophisticated social engineering strategies that build relationships with targets before delivering malicious payloads.
ESET’s APT Activity Report shows that the North Korea-aligned threat actors have significantly refined their tactics, making traditional security advice like “don’t click suspicious links” increasingly inadequate as attacks become more convincing and personalized.
Human error continues to be the primary vulnerability exploited by attackers. Verizon’s 2024 Data Breach Investigations Report reveals that 68% of breaches involved a non-malicious human element, such as falling victim to social engineering or making a mistake.
Most concerning is the shift toward pretexting—using fabricated narratives to gain trust—which now surpasses traditional phishing in breach statistics, indicating threat actors’ growing sophistication.
The financial impact of these evolved phishing attacks is substantial.
According to IBM’s Cost of a Data Breach Report 2024, conducted across 604 organizations in 16 countries, the average business loss from a phishing-related breach has reached $4.88 million, making it the second costliest attack type behind malicious insiders at $4.99 million.
ESET analysts noted that this evolution toward relationship-based social engineering represents a significant paradigm shift in how attackers operate.
Rather than immediately sending malicious content, they invest time cultivating trust with potential victims, making detection considerably more difficult for both individuals and automated security systems.
Modern Social Engineering Techniques in Action
North Korea-aligned groups exemplify this trend, with ESET researchers observing groups like Deceptive Development and Kimsuky enhancing their phishing campaigns through elaborate pretexting methods during Q2-Q3 2024.
These actors initiate contact through fake job offers at prestigious companies, and only after establishing communication do they deliver malicious packages to unsuspecting victims.
The Lazarus group has implemented similar tactics, distributing fake job opportunities at major corporations such as Airbus and BAE Systems, simultaneously delivering trojanized PDF viewers with decoy documents.
They also impersonate recruiters on professional networks, distributing compromised codebases disguised as job assignments or hiring challenges, primarily targeting cryptocurrency theft.
Another technique observed involves the BlackBasta ransomware gang, which targets businesses through a multi-stage approach.
They begin by sending mass email spam to provoke employees into creating legitimate help-desk tickets. Subsequently, attackers pose as IT support staff, contacting employees via Microsoft Teams and sending malicious QR codes designed to deliver remote monitoring tools that can be exploited for network access.
The code behind these attacks often employs sophisticated obfuscation techniques.
For example, a malicious script might be embedded within seemingly legitimate PDF documents:-
function decodePayload() {
var encodedPayload = "base64encodedmaliciouscode";
var decodedPayload = atob(encodedPayload);
eval(decodedPayload); // Executes malicious code after target engages
}Organizations can protect themselves through comprehensive awareness training programs.
The most effective defense combines employee education with multilayered security solutions, creating a prevention-first approach that minimizes the attack surface while reducing the complexity of cyber defense.
Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free
The post Hackers Using Advanced Social Engineering Techniques With Phishing Attacks appeared first on Cyber Security News.
.webp?#)
