September 29, 2024 at 12:45PM
Alethe Denis, a senior security consultant at Bishop Fox, specializes in physical security assessments and social engineering attacks. Denis and her team break into buildings by impersonating employees or vendors to access corporate networks and steal data. Despite AI and deepfake advancements, human interactions remain the most effective tactic for cybercriminals.
Based on the meeting notes provided, here are the key takeaways:
1. Alethe Denis, a senior security consultant at Bishop Fox, is skilled in physical security assessments and social engineering attacks.
2. She specializes in face-to-face social engineering, creating compelling characters and elaborate pretexts, and often impersonates past or current employees or vendors to gain access to corporate networks.
3. Despite the attention on AI-assisted social engineering and deepfakes, human conversations remain the most effective social engineering tactics for cybercriminals seeking financial gain.
4. Nation states are focusing on traditional methods such as voice phishing over the phone, as they offer a higher return on investment compared to deepfakes.
5. Highly-trained social engineers can deceive individuals to the extent that they won’t recognize they are being targeted by an attacker, making them unwitting insider threats.
6. Red teamers use similar techniques and tools to bypass security products that are supposed to detect and stop phishing emails, and they leverage emotional triggers to successfully execute phishing attacks.
7. Asking questions and verifying requests during phone calls can help individuals avoid falling victim to voice-phishing attacks, as attackers may be thrown off balance and move on to other targets.
These takeaways reflect the methods and tactics employed by Alethe Denis and highlight the ongoing challenges in combating social engineering attacks.