CAPEC-416

Manipulate Human Behavior
Mittel
Mittel
Stable
2014-06-23
00h00 +00:00
2017-08-04
00h00 +00:00
CAPEC Mitre.org
Benachrichtigung für ein CAPEC
Bleiben Sie über alle Änderungen zu einem bestimmten CAPEC informiert.
Benachrichtigungen verwalten

CAPEC-Beschreibungen

An adversary exploits inherent human psychological predisposition to influence a targeted individual or group to solicit information or manipulate the target into performing an action that serves the adversary's interests. Many interpersonal social engineering techniques do not involve outright deception, although they can; many are subtle ways of manipulating a target to remove barriers, make the target feel comfortable, and produce an exchange in which the target is either more likely to share information directly, or let key information slip out unintentionally. A skilled adversary uses these techniques when appropriate to produce the desired outcome. Manipulation techniques vary from the overt, such as pretending to be a supervisor to a help desk, to the subtle, such as making the target feel comfortable with the adversary's speech and thought patterns.

CAPEC-Informationen

Voraussetzungen

The adversary must have the means and knowledge of how to communicate with the target in some manner.

Gegenmaßnahmen

An organization should provide regular, robust cybersecurity training to its employees to prevent successful social engineering attacks.

Referenzen

REF-348

The Official Social Engineering Portal
http://www.social-engineer.org

Einreichung

Name Organisation Datum Veröffentlichungsdatum
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Änderungen

Name Organisation Datum Kommentar
CAPEC Content Team The MITRE Corporation 2017-05-01 +00:00 Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Methods_of_Attack, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit
CAPEC Content Team The MITRE Corporation 2017-08-04 +00:00 Updated Attack_Motivation-Consequences, Description Summary, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity
Die auf CVE Find präsentierten Informationen stammen aus mehreren sorgfältig ausgewählten Referenzquellen. CVE-Daten werden von der MITRE Corporation und der National Vulnerability Database (NVD) bereitgestellt. Der Katalog bekannter ausgenutzter Schwachstellen (KEV) stammt von der Cybersecurity and Infrastructure Security Agency (CISA), während EPSS-Scores von FIRST.org kommen. Darüber hinaus werden Daten zu Software-Schwachstellen (CWE) und häufigen Angriffsmustern (CAPEC) von der MITRE Corporation gepflegt, und Informationen zu Hardware- und Software-Konfigurationen (CPE) werden von der NVD bereitgestellt.