CLASSIFICATION OF SOCIAL ENGINEERING METHODS AND TYPES OF SOCIAL ENGINEERING ATTACKS

Diana Bersei, Kirill Dolgopolov, Olga Amvrosova, Tatyana Zhukova, Lyudmila Sherbakova

Resumo


Background: Social engineering is an acute threat to modern enterprises. In large companies, dynamic information flows and changes in management processes increase the number of attack points for social engineers, which entails possible unwanted information outflows. Objective: The study aims to analyze social engineering attacks, identify their complexity, and compare them with the types of attacks. The primary objective is to determine the key mechanisms to counter social engineering. Methods: The paper analyzes the current body of scientific literature concerning the legal regulation of social engineering methods and the study of criminalized social engineering. The methodological foundation of the study is a combination of scientific research methods, including the abstract-logical approach, correlation analysis, and the comparative method. Results: The existing research testifies to the dynamic spread and development of social engineering technologies, which necessitates the development of an effective system to counter social engineering attacks. The most promising approach appears to be the one based on the technical component and simultaneously involving the training of employees of enterprises and organizations in counteracting unauthorized access to information. This approach will reduce the risk of information leakage and strengthen the information security of modern companies.


Palavras-chave


Social engineering; Social engineering methods; Social engineering attacks; Access; Protected objects

Texto completo:

PDF (English)

Referências


Abraham, S., & Chengalur-Smith, I. (2010). An overview of social engineering malware: Trends, tactics, and implications. Technology in Society 32(3), 183-196. http://dx.doi.org/10.1016/j.techsoc.2010.07.001

Andrade , G. P., Andrade de Abreu , J. C., Santos , R. C. dos, & Khatib, S. F. A. (2022). Rethinking Democratic Legitimacy: The Role of Metagovernance in Non-Market Approaches. ESG Law Review, 5, e01591. Retrieved from https://esglawreview.org/convergencias/article/view/1591

Boshmaf, Y., Muslukhov, I., Beznosov, K., & Ripeanu, M. (2011). The socialbot network: When bots socialize for fame and money. In Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC 2011 (pp. 93-102). New York: ACM. http://dx.doi.org/10.1145/2076732.2076746

Boshmaf, Y., Muslukhov, I., Beznosov, K., & Ripeanu, M. (2013). Design and analysis of a social botnet. Computer Networks, 57(2), 556-578. http://dx.doi.org/10.1016/j.comnet.2012.06.006

Braverman, M. (2006). Behavioural modelling of social engineering-based malicious software. In Proceedings of the Virus Bulletin Conference, October 11-13, 2006, Montreal, Canada (pp. 15-22). Virus Bulletin Ltd.

Erbschloe, M. (2004). Trojans, worms, and spyware: A computer security professional’s guide to malicious code. Amsterdam; Boston: Elsevier Butterworth Heinemann.

Goldstein, E. (2009). The best of 2600, collector’s edition: A hacker odyssey. Indianapolis: Wiley Publishing, Inc.

Kluepfel, H. (1989). Foiling the wiley hacker: More than analysis and containment. In Proceedings of the 1989 International Carnahan Conference on Security Technology, October 3-5, 1989, Zurich, Switzerland (pp. 15-21). New York: IEEE. https://doi.org/10.1109/CCST.1989.751947

Kluepfel, H. (1991). In search of the cuckoo’s nest [computer security]. In Proceedings of the 25th Annual 1991 IEEE International Carnahan Conference on Security Technology, October 1-3, 1991, Taipei, Taiwan (pp. 181-191). New York: IEEE. https://doi.org/10.1109/CCST.1991.202213

Kvedar, D., Nettis, M., & Fulton, S.P. (2010). The use of formal social engineering techniques to identify weaknesses during a computer vulnerability competition. Journal of Computing Sciences in Colleges, 26(2), 80-87.

McDowell, M. (2013). Cyber security tip st04-0141. Avoiding social engineering and phishing attacks. Technical report. United States Computer Emergency Readiness Team. Retrieved from http://gauss.ececs.uc.edu/Courses/c6056/pdf/social-engineering-Avoid-Phishing-Attacks-US-CERT.pdf

Mitnick, K.D., & Simon, W.L. (2002). The art of deception: Controlling the human element of security. Indianapolis: Wiley Publishing.

Mohd Foozy, F., Ahmad, R., Abdollah, M.F., Yusof, R., & Mas’ud, M. (2011). Generic taxonomy of social engineering attack. In Malaysian Technical Universities International Conference on Engineering & Technology (MUiCET 2011), November 13-15, 2011, UTHM, Batu Pahat, Johor, Malaysia (pp. 1-7). http://eprints.utem.edu.my/id/eprint/191

Moore, M. H. (2022). Public Value Creation: The Essence of Strategic Management in Public Administration. ESG Law Review, 5, e01595. Retrieved from https://esglawreview.org/convergencias/article/view/1596

Nohlberg, M. (2008). Securing information assets: Understanding, measuring and protecting against social engineering attacks: PhD thesis, Stockholm University, Stockholm.

Quann, J., & Belford, P. (1987). The hack attack – Increasing computer system awareness of vulnerability threats. In 3rd Applying Technology to Systems: Aerospace Computer Security Conference, December 8-11, 1987, Orlando, FL, USA (pp. 155-157). American Institute of Aeronautics and Astronautics. https://doi.org/10.2514/6.1987-3093

Robila, S.A., & Ragucci, J.W. (2006). Don't be a phish: Steps in user education. In Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education, ITiCSE 2006, June 26-28, 2006, Bologna, Italy (pp. 237-241) New York: Association for Computing Machinery. http://dx.doi.org/10.1145/1140124.1140187

Tetri, P., & Vuorinen, J. (2013). Dissecting social engineering. Behaviour & Information Technology 32(10), 1014-1023. http://dx.doi.org/10.1080/0144929X.2013.763860

Uschold, M., & Gruninger, M. (2004). Ontologies and semantics for seamless connectivity. ACM SIGMOD Record, 33(4), 58-64. http://dx.doi.org/10.1145/1041410.1041420

Van Rees, R. (2003). Clarity in the usage of the terms ontology, taxonomy and classification. CIB Report, 284(432), 1-8.

Voyager. (1994). Janitor privileges. 2600: The Hacker Quarterly, 11(4), 36-36.

Winkler, I.S., & Dealy, B. (1995). Information security technology? Don't rely on it: A case study in social engineering. In Proceedings of the 5th Conference on USENIX UNIX Security Symposium, June 5-7, 1995, Salt Lake City, Utah, USA (Vol. 5, pp. 1-5). Berkeley: USENIX Association.




DOI: http://dx.doi.org/10.21902/Revrima.v2i40.6377

Apontamentos

  • Não há apontamentos.




Revista Relações Internacionais do Mundo Atual e-ISSN: 2316-2880

Rua Chile, 1678, Rebouças, Curitiba/PR (Brasil). CEP 80.220-181

Licença Creative Commons

Este obra está licenciado com uma Licença Creative Commons Atribuição-NãoComercial 4.0 Internacional.