Historical Background of the Baiting Type of Attack
No matter how strong an organization or application’s cyber security system is, the human element is still the weak link. A type of cyber-attack such as baiting is part of what is known as social engineering. It is a term that refers to looting users’ data or compromising the integrity of an IT infrastructure through manipulating human psychology. It was introduced by hacker Kelvin Mitnick back in the 1990s. Accordingly, basic password protection attacks were already rising as Internet technology became available to many people and institutions. The problem became so serious that in 2002 the UN adopted a resolution to combat cybercrime, including its forms such as “social engineering”. A prime example of this attack was in 2018 (Pettit, 2022). Mysterious disks with a Chinese stamp were found in U.S. government offices and were found by employees. And an attempt to open them out of curiosity resulted in a virus being uploaded to the server.
Baiting Realization Scheme
Baiting features:
- This type of cyber-attack uses clickbait to lure the user. For example, every Internet user has seen intrusive spam in the mail with an offer to buy an office software package at a crazy discount. When moving or registering on a fake site, the user provokes the leakage of his data.
- Also often, attackers scatter flash cards or CDs on the streets or in offices in the hope that a person will pick them up to appropriate them (psychological bait) and then use them on their computer. Then the malware from the disk will be downloaded by the user to the device (Threatcop, 2021).
- Victims often react to certain files that are signed according to the example “Confidential – do not open”, which, from the psychological side, stimulates checking the content of these sources. In these files, instead of exciting and potentially expensive information, there is a virus.
Ways to Prevent a Similar Attack
There are several ways to prevent such a cyber-attack.
- The first tip is rather psychological: you should be skeptical of some overly good suggestions that are unlikely to be true.
- No one should instantly click on links in spam messages; a human should check everything before doing so.
- Users should not open files from external drives without checking them with antivirus software (Easydmarc, 2022).
Companies can train employees to help counter baiting and other social engineering techniques.
Sources
Easydmarc. 2022. What is the Baiting in Cybersecurity? Techniques, Examples, Protection.
Joe Pettit. 2022. 5 Social Engineering Attacks to Watch Out.
Threatcop. 2021. The What, Why & How of Baiting Attacks.