CAPEC-421: Influence Perception of Authority
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary uses a social engineering technique to convey a sense of authority that motivates the target to reveal specific information or take specific action. There are various techniques for producing a sense of authority during ordinary modes of communication. One common method is impersonation. By impersonating someone with a position of power within an organization, an adversary may motivate the target individual to reveal some piece of sensitive information or perform an action that benefits the adversary.
前提条件
- The adversary must have the means and knowledge of how to communicate with the target in some manner.
所需技能
所需资源
- None: No specialized resources are required to execute this type of attack.
后果影响
影响范围: Confidentiality Integrity Availability
技术影响: Other
说明: Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.
缓解措施
An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.
示例实例
The adversary calls the target and announces that they are the head of IT at the target's company. The adversary goes on to say that there has been a technical issue and they need the target's login credentials for their account. By convincing the target of their authority, the adversary hopes the target will reveal the sensitive information.