PL
 |
EN

PL EN

Preferencje help
Polish version English version Język
Widoczny [Schowaj] Abstrakt
Liczba wyników
Tytuł artykułu

The analysis of social engineering methods in attacks on authentication systems

Autorzy
Borowiec Łukasz , Demidowski Krzysztof , Pecka Milena , Jonarska Amelia
Treść / Zawartość
Pełne teksty:
AWDJ_2023_01_borowiec_demidowski_pecka_jonarska.pdf
Identyfikatory
DOI
10.5281/9mfdt365
Warianty tytułu
Języki publikacji
EN
Abstrakty
EN
This comprehensive exploration of social engineering attacks provides insights into various methods, including phishing, vishing, baiting, tailgating, and ransomware. The "elder scam" and its variations, as well as phishing examples, illustrate the evolving tactics used by attackers. Prevention strategies encompass education, training, and technological tools, emphasizing the need for a balanced approach. The conclusion underscores that public awareness, continuous training, and specialized detection tools are vital in mitigating the risks associated with social engineering attacks on authentication systems.
Słowa kluczowe
EN
PL
Wydawca
Patryk Organiściak
Czasopismo
Advances in Web Development Journal
Rocznik
2023
Tom
Vol. 1
Strony
83--106
Opis fizyczny
Bibliogr. 75 poz., tab.
Twórcy
autor
Borowiec Łukasz
  • University of Information Technology and Management, Poland
autor
Demidowski Krzysztof
  • Rzeszow University of Technology, Department of Complex Systems, Poland
autor
Pecka Milena
  • Rzeszow University of Technology, Department of Complex Systems
autor
Jonarska Amelia
  • Rzeszow University of Technology, The Faculty of Mathematics and Applied Physics, Poland
Bibliografia
  • [1] Alabdulrazzaq, H. K. (2017). Securing Web Applications: Web Application Flow Whitelisting to Improve Security [PhD Thesis, Auburn University]. https://search.proquest.com/openview/13230f3d179c91c1fe4ba63355077e02/1?pq-origsite=gscholar&cbl=18750&diss=y
  • [2] Alazri, A. S. (2015). The awareness of social engineering in information revolution: Techniques and challenges. 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), 198–201. https://doi.org/10.1109/ICITST.2015.7412088
  • [3] Ashoor, A. S., & Gore, S. (2011). Importance of intrusion detection system (IDS). International Journal of Scientific and Engineering Research, 2(1), 1–4.
  • [4] Atlam, H. F., & Oluwatimilehin, O. (2023). Business Email Compromise Phishing Detection Based on Machine Learning: A Systematic Literature Review. Electronics, 12(1), Article 1. https://doi.org/10.3390/electronics12010042
  • [5] Baig, A. F., & Eskeland, S. (2021). Security, Privacy, and Usability in Continuous Authentication: A Survey. Sensors, 21(17), Article 17. https://doi.org/10.3390/s21175967
  • [6] Barkadehi, M. H., Nilashi, M., Ibrahim, O., Zakeri Fardi, A., & Samad, S. (2018). Authentication systems: A literature review and classification. Telematics and Informatics, 35(5), 1491–1511. https://doi.org/10.1016/j.tele.2018.03.018
  • [7] Beuran, R., Chinen, K., Tan, Y., & Shinoda, Y. (2016). Towards effective cybersecurity education and training. https://dspace02.jaist.ac.jp/dspace/handle/10119/13769
  • [8] Bhattad, P., & Patil, M. R. (2023). Social Engineering in Cyber Security: A Comprehensive Review of Modern Threats, Challenges, and Counter Measures. http://mahratta.org/CurrIssue/2023_November/8.%20Social%20engineering%20in%20Cyber%20security%20A%20Comprehensive%20Review%20of%20Modern%20Threats,%20Challenges,%20and%20Countermeasures-%20Prasad%20Bhattad,%20Ra kesh%20Patil.pdf
  • [9] Brewer, R. (2016). Ransomware attacks: Detection, prevention and cure. Network Security, 2016(9), 5–9.
  • [10] Chang, E. H., Chiew, K. L., Sze, S. N., & Tiong, W. K. (2013). Phishing Detection via Identification of Website Identity. 2013 International Conference on IT Convergence and Security (ICITCS), 1–4. https://doi.org/10.1109/ICITCS.2013.6717870
  • [11] Chaudhuri, A. (2023). Clone Phishing: Attacks and Defenses. https://www.researchgate.net/profile/Ayan-Chaudhuri-2/publication/369735641_Clone_Phishing_Attacks_and_Defenses/links/6429aa76a1b72772e44625ed/Clone-Phishing-Attacks-and-Defenses.pdf
  • [12] Choi, K., Lee, J., & Chun, Y. (2017). Voice phishing fraud and its modus operandi. Security Journal, 30(2), 454–466. https://doi.org/10.1057/sj.2014.49
  • [13] Cuchta, T., Blackwood, B., Devine, T. R., Niichel, R. J., Daniels, K. M., Lutjens, C. H., Maibach, S., & Stephenson, R. J. (2019). Human Risk Factors in Cybersecurity. Proceedings of the 20th Annual SIG Conference on Information Technology Education, 87–92. https://doi.org/10.1145/3349266.3351407
  • [14] Dewangan, S. K. (2015). Human Authentication Using Biometric Recognition. Engineering Technology, 6(04).
  • [15] Dul, M., Gugała, Ł., & Łaba, K. (2023). Protecting web applications from authentication attacks. Advances in Web Development Journal, 1(1), Article 1. https://doi.org/10.5281/zenodo.10049992
  • [16] FBI. (2022). Business Email Compromise and Real Estate Wire Fraud.
  • [17] Ferguson, I. Y. (2017). The Effectiveness of Social Engineering as a Cyber-Attacking Vector: People Do Use Unknown USB Drive, They Find. https://www.diva-portal.org/smash/record.jsf?pid=diva2:1205010
  • [18] Foriano, L., & Jungnickel, K. (2015). Hacking binaries/hacking hybrids: Understanding the black/white binary as a socio-technical practice. https://scholarsbank.uoregon.edu/xmlui/bitstream/handle/1794/26318/ada06-hacki-for-2015.pdf?sequence=1
  • [19] Frenkel, S., Popper, N., Conger, K., & Sanger, D. E. (2020, July 15). A Brazen Online Attack Targets V.I.P. Twitter Users in a Bitcoin Scam. The New York Times. https://www.nytimes.com/2020/07/15/technology/twitter-hack-bill-gates-elon-musk.html
  • [20] Ghani, M. A. N. U., Farooq, E., & Asghar, K. (2019). A Contextual Approach Protecting Online Privacy, A Crucial Need. 2019 International Conference on Innovative Computing (ICIC), 1–10. https://doi.org/10.1109/ICIC48496.2019.8966722
  • [21] Griffin, S. E., & Rackley, C. C. (2008). Vishing. Proceedings of the 5th Annual Conference on Information Security Curriculum Development, 33–35. https://doi.org/10.1145/1456625.1456635
  • [22] Gupta, S., Singhal, A., & Kapoor, A. (2016). A literature survey on social engineering attacks: Phishing attack. 2016 International Conference on Computing, Communication and Automation (ICCCA), 537–540. https://doi.org/10.1109/CCAA.2016.7813778
  • [23] Hadnagy, C. (2010). Social Engineering: The Art of Human Hacking. John Wiley & Sons.
  • [24] Hadnagy, C. J., Aharoni, M., & O’Gorman, J. (2010). Social engineering capture the flag results defcon 18. Retrieved October, 30, 2010.
  • [25] Hiltgen, A., Kramp, T., & Weigold, T. (2006). Secure Internet banking authentication. IEEE Security & Privacy, 4(2), 21–29. https://doi.org/10.1109/MSP.2006.50
  • [26] Huang, H. (2020). A Collaborative Battle in Cybersecurity? Threats and Opportunities for Taiwan. Asia Policy, 27(2), 101–106.
  • [27] Huddleston, T. (2019, March 27). How this scammer used phishing emails to steal over $100 million from Google and Facebook. CNBC. https://www.cnbc.com/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-and-google.html
  • [28] Intelligence, M. T. (2021, August 26). Widespread credential phishing campaign abuses open redirector links. Microsoft Security Blog. https://www.microsoft.com/en-us/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/
  • [29] Kalaharsha, P., & Mehtre, B. M. (2021). Detecting Phishing Sites—An Overview (arXiv:2103.12739). arXiv. https://doi.org/10.48550/arXiv.2103.12739
  • [30] Katz, J. (2010). Digital signatures (Vol. 1). Berlin: Springer.
  • [31] Kandan, A. M., Kathrine, G. J., & Melvin, A. R. (2019). Network attacks and prevention techniques-a study. 2019 IEEE International Conference on Electrical, Computer and Communication Technologies (ICECCT), 1–6. https://ieeexplore.ieee.org/abstract/document/8869077/
  • [32] Kemper, G. (2019). Improving employees’ cyber security awareness. Computer Fraud & Security, 2019(8), 11–14. https://doi.org/10.1016/S1361-3723(19)30085-5
  • [33] KKG. (2021, December 9). Oszuści żerują na seniorach. Wyłudzili 85 mln zł. finanse.wp.pl. https://finanse.wp.pl/oszusci-zeruja-na-seniorach-wyludzili-85-mln-zl-6713468908448480a
  • [34] Kok, S., Abdullah, A., Jhanjhi, N., & Supramaniam, M. (2019). Ransomware, threat and detection techniques: A review. Int. J. Comput. Sci. Netw. Secur, 19(2), 136.
  • [35] Komarova, A., Menshchikov, A., Negols, A., Korobeynikov, A., Gatchin, Y., & Tishukova, N. (2018). Comparison of Authentication Methods on Web Resources. In A. Abraham, S. Kovalev, V. Tarassov, V. Snasel, M. Vasileva, & A. Sukhanov (Eds.), Proceedings of the Second International Scientific Conference “Intelligent Information Technologies for Industry” (IITI’17) (Vol. 679, pp. 104–113). Springer International Publishing. https://doi.org/10.1007/978-3-319-68321-8_11
  • [36] Koyun, A., & Al Janabi, E. (2017). Social engineering attacks. Journal of Multidisciplinary Engineering Science and Technology (JMEST), 4(6), 7533–7538.
  • [37] Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2015). Advanced social engineering attacks. Journal of Information Security and Applications, 22, 113–122. https://doi.org/10.1016/j.jisa.2014.09.005
  • [38] Martínez Torres, J., Iglesias Comesaña, C., & García-Nieto, P. J. (2019). Review: Machine learning techniques applied to cybersecurity. International Journal of Machine Learning and Cybernetics, 10(10), 2823–2836. https://doi.org/10.1007/s13042-018-00906-1
  • [39] Mashtalyar, N., Ntaganzwa, U. N., Santos, T., Hakak, S., & Ray, S. (2021). Social Engineering Attacks: Recent Advances and Challenges. In A. Moallem (Ed.), HCI for Cybersecurity, Privacy and Trust (pp. 417–431). Springer International Publishing. https://doi.org/10.1007/978-3-030-77392-2_27
  • [40] Matejkowski, D., & Szmyd, P. (2023). Online identity theft detection and prevention methods. Advances in Web Development Journal, 1(1), Article 1. https://doi.org/10.5281/zenodo.10051152
  • [41] Mathews, L. (2019). Toyota Parts Supplier Hit By $37 Million Email Scam. Forbes. https://www.forbes.com/sites/leemathews/2019/09/06/toyota-parts-supplier-hit-by-37-million-email-scam/
  • [42] Microsoft. (2020, September 29). Microsoft Digital Defense Report 2020: Cyber Threat Sophistication on the Rise. Microsoft Security Blog. https://www.microsoft.com/en-us/security/blog/2020/09/29/microsoft-digital-defense-report-2020-cyber-threat-sophistication-rise/
  • [43] Mishra, S., & Soni, D. (2019). SMS Phishing and Mitigation Approaches. 2019 Twelfth International Conference on Contemporary Computing (IC3), 1–5. https://doi.org/10.1109/IC3.2019.8844920
  • [44] Mishra, S., & Soni, D. (2020). Smishing Detector: A security model to detect smishing through SMS content analysis and URL behavior analysis. Future Generation Computer Systems, 108, 803–815.
  • [45] Moallem, A. (2021). Understanding Cybersecurity Technologies: A Guide to Selecting the Right Cybersecurity Tools. CRC Press. https://books.google.com/books?hl=en&lr=&id=sO5LEAAAQBAJ&oi=fnd&pg=PP1&dq=Filtering+tools+cybersecurity+McAfee+&ots=_nqVaaABTt&sig=wAJPZ74BzH1VGd92TBhC8SAibZA
  • [46] Moon, J., & Chang, Y. (2016). Ransomware Analysis and Method for Minimize the Damage. The Journal of the Convergence on Culture Technology, 2(1), 79–85. https://doi.org/10.17703/JCCT.2016.2.1.79
  • [47] Parmar, B. (2012). Protecting against spear-phishing. Computer Fraud & Security, 2012(1), 8–11. https://doi.org/10.1016/S1361-3723(12)70007-6
  • [48] Parti, K. (2022). “Elder Scam” Risk Profiles: Individual and Situational Factors of Younger and Older Age Groups’ Fraud Victimization. https://vtechworks.lib.vt.edu/handle/10919/112369
  • [49] Perlroth, N., Tsang, A., & Satariano, A. (2018, November 30). Marriott Hacking Exposes Data of Up to 500 Million Guests. The New York Times. https://www.nytimes.com/2018/11/30/business/marriott-data-breach.html
  • [50] Policja Śląska. (2022). Podszywając się pod dostawcę energii, wysłali ponad milion fałszywych SMS-ów. Policja Śląska. https://slaska.policja.gov.pl/kat/informacje/wiadomosci/338196,Podszywajac-sie-poddostawce-energii-wyslali-ponad-milion-falszywych-SMS-ow.html
  • [51] Richardson, R., & North, M. M. (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10.
  • [52] Salahdine, F., & Kaabouch, N. (2019). Social Engineering Attacks: A Survey. Future Internet, 11(4), Article 4. https://doi.org/10.3390/fi11040089
  • [53] Sandler, R. (2022). Shark Tank Host Barbara Corcoran Loses $380,000 In Email Scam. Forbes. https://www.forbes.com/sites/rachelsandler/2020/02/27/shark-tank-host-barbara-corcoran-loses-380000-in-email-scam/
  • [54] Sarker, I. H., Furhad, M. H., & Nowrozy, R. (2021). AI-Driven Cybersecurity: An Overview, Security Intelligence Modeling and Research Directions. SN Computer Science, 2(3), 173. https://doi.org/10.1007/s42979-021-00557-0
  • [55] Sethi, P. (2022). Social Engineering in Cyber Security. Jus Corpus LJ, 3, 1025.
  • [56] Shao, J., Zhang, Q., Ren, Y., Li, X., & Lin, T. (2019). Why are older adults victims of fraud? Current knowledge and prospects regarding older adults’ vulnerability to fraud. Journal of Elder Abuse & Neglect, 31, 1–19. https://doi.org/10.1080/08946566.2019.1625842
  • [57] Simon, W. L., & Mitnick, K. D. (2002). The Art of Deception: Controlling the Human Element of Security. Wiley. https://extranet.blanchisserie-toulousaine-de-sante.com/sites/extranet.blanchisserie-toulousaine-de-sante.com/files/documents/justificatifs/pdf-the-art-of-deception-controlling-the-human-element-of-security-william-l-simon-steve-wozniak-kevin-d-mitnick-pdf-download-free-book-35b2e50.pdf
  • [58] Stęchły, A., & Szpunar, A. (2023). Analysis of potential risks of SMS-based authentication. Advances in Web Development Journal, 1(1), Article 1. https://doi.org/10.5281/zenodo.10049987
  • [59] Strzałka, D. (2022). Risks, Challenges and Opportunities—Cybersecurity in SME’s. A Case Study About Poland.
  • [60] Stylios, I. C., Thanou, O., Androulidakis, I., & Zaitseva, E. (2016). A Review of Continuous Authentication Using Behavioral Biometrics. Proceedings of the SouthEast European Design Automation, Computer Engineering, Computer Networks and Social Media Conference, 72–79. https://doi.org/10.1145/2984393.2984403
  • [61] Subbalakshmi, C., Pareek, P. K., & Sayal, R. (2022). A Study on Social Engineering Attacks in Cybersecurity. In H. S. Saini, R. Sayal, A. Govardhan, & R. Buyya (Eds.), Innovations in Computer Science and Engineering (Vol. 385, pp. 59–71). Springer Singapore. https://doi.org/10.1007/978-981-16-8987-1_7
  • [62] Suriya, R., Saravanan, K., & Thangavelu, A. (2009). An integrated approach to detect phishing mail attacks a case study (p. 199). https://doi.org/10.1145/1626195.1626244
  • [63] Syed Idrus, S. Z., Cherrier, E., Rosenberger, C., & Schwartzmann, J.-J. (2013). A Review on Authentication Methods. Australian Journal of Basic and Applied Sciences, 7(5), 95–107.
  • [64] Szczygieł, I., Florczak, S., & Jasiak, A. (2023). Two-factor authentication (2FA) comparison of methods and applications. Advances in Web Development Journal, 1(1), Article 1. https://doi.org/10.5281/zenodo.10050024
  • [65] Thakur, G., Nayak, S., & Mangrulkar, R. S. (2022). A Comparative Analysis of Tree-Based Algorithms in Malware Detection. In Cyber Security Threats and Challenges Facing Human Life (pp. 99–120). Chapman and Hall/CRC. https://www.taylorfrancis.com/chapters/edit/10.1201/9781003218555-11/comparative-analysis-tree-based-algorithms-malware-detection-govind-thakur-shreya-nayak-ramchandra-sharad-mangrulkar
  • [66] Thilakarathne, N., & Samarasinghe, R. (2022). Social Engineering Techniques and Mitigation Approaches.
  • [67] Usmonov, M. T. O. (2021). Autentification, authorization and administration. Science and Education, 2(7), 233–242.
  • [68] van Renesse, R. L. (1997). Paper based document security-a review. European Conference on Security and Detection, 1997. ECOS 97., 75–80. https://ieeexplore.ieee.org/abstract/document/605803/
  • [69] Vardalaki, A., & Vlachos, V. (2021). Emerging Malware Threats: The Case of Ransomware. In Cybersecurity Issues in Emerging Technologies (pp. 153–170). CRC Press. https://books.google.com/books?hl=en&lr=&id=QiRAEAAAQBAJ&oi=fnd&pg=PA153&dq=ransomware+messages++police&ots=Kytey3ompG&sig=brUil9LHq9QGewb1uTo9xmziMPQ
  • [70] Vishwanath, A. (2017). Getting phished on social media. Decision Support Systems, 103, 70–81.
  • [71] Volodzko, D. (2018). Marriott Breach Exposes Far More Than Just Data. Forbes. https://www.forbes.com/sites/davidvolodzko/2018/12/04/marriott-breach-exposes-farmore-than-just-data/
  • [72] Wang, C., Lin, J., Li, B., Li, Q., Wang, Q., & Zhang, X. (2019). Analyzing the Browser Security Warnings on HTTPS Errors. ICC 2019 - 2019 IEEE International Conference on Communications (ICC), 1–6. https://doi.org/10.1109/ICC.2019.8761629
  • [73] Workman, M. (2008). Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security. Journal of the American Society for Information Science and Technology, 59(4), 662–674. https://doi.org/10.1002/asi.20779
  • [74] Yasin, A., Fatima, R., Liu, L., Yasin, A., & Wang, J. (2019). Contemplating social engineering studies and attack scenarios: A review study. SECURITY AND PRIVACY, 2(4), e73. https://doi.org/10.1002/spy2.73
  • [75] Chyzhevska M., Romanovska N., Ramskyi A., Venger V., & Obushnyi M. (2021). Behavioral Biometry as a Cyber Security Tool. Cybersecurity Providing in Information and Telecommunication Systems, II. https://elibrary.kubg.edu.ua/id/eprint/42782/
Uwagi
Opracowanie rekordu ze środków MNiSW, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2024).
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-95370692-20a2-470b-8563-3361107c5210
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.