A_study_of_Social_Engineering_Attacks___2_

.pdf

School

University of New South Wales *

*We aren’t endorsed by this school

Course

1968

Subject

Civil Engineering

Date

Nov 24, 2024

Type

pdf

Pages

39

Uploaded by DeanAntMaster1113

Report
Running Head: SOCIAL ENGINEERING ATTACKS 1 SOCIAL ENGINEERING ATTACKS Student’s Name Institutional Affiliation
SOCIAL ENGINEERING ATTACKS 2 Introduction If we're talking about wicked actions that are carried out through human connections, the phrase "social engineering" refers to a broad range of activities that fall under this category. Users are tricked into committing security mistakes or disclosing sensitive information to other parties without their awareness through the use of psychological manipulation tactics. Attacks using a social engineering system that are carried out in a step-by-step fashion are carried out in a systematic manner. When the perpetrator decides to strike later that day, he or she does preliminary research on the victim in order to obtain vital background information, such as possible points of entry and poor security standards, that will be required in order to carry out the attack later that day (Albladi et al., 2018). When an attacker gains the trust of a victim, he or she may take use of that trust to give stimuli for later actions that violate security requirements, such as releasing sensitive information or gaining access to vital infrastructure, both of which are illegal (Franchina et al., 2021). Attackers usually build their attacks in a way that is difficult for unsuspecting users to notice, in part because social engineering depends on human mistake rather than software or operating system weaknesses, as opposed to software or operating system vulnerabilities. The assault looks to be attractive to the user in most situations in order to convince them to click on harmful links or open spammed email attachments, which they then do. Aside from being more difficult to detect and prevent than illegal software-based intrusions, permitted human mistakes are less predictable than malware-based intrusions. This makes them more difficult to detect and prevent than unlawful software-based intrusions. As a result, they are more difficult to detect and prevent than malware-based assaults from occurring in the first place. In terms of detection and prevention (Abaimov and Martellini, 2022).
SOCIAL ENGINEERING ATTACKS 3 In the words of prominent hacker Kevin Mitnick, "the greatest threat to a company's security is not a computer virus, but a hole in a crucial piece of software or a badly engineered firewall" (Mitnick, 2021). It's possible that you're the most dangerous person on the face of the world. The manipulation of humans is significantly more easily accomplished than the manipulation of technology, as Mitnick discovered. The majority of organizations fail to appreciate the critical role played by the human element in their day-to-day activities. Phishing and impersonation are two forms of social engineering cyber attacks that are commonly used. With such horrifying statistics in hand, it is vital that procedures to prevent social engineering attempts be put in place as quickly as possible in order to prevent additional harm. The Investigation's Purpose Social engineering attacks are becoming increasingly common in the fields of information technology and cyber security, and this research will investigate the various methods by which they can be carried out as well as developing mitigation mechanisms for these attacks in order to better understand how they work. A solid grasp of socially engineered attacks is necessary for both increasing the overall security of a corporation and defending oneself against potentially harmful persons on the internet, according to the FBI. As a consequence of the findings of this research, corporations and people that are interested in learning more about possible social engineering attacks will have a resource to turn to as a result of the findings. Objectives of the Study While conducting field investigations, computer forensics experts typically employ investigation and analysis processes to acquire and preserve evidence from a specific computing device in a
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 4 form that is suitable for presentation in court while conducting field investigations. To put it another way, from a technological aspect, the primary aim of computer forensics is to identify and capture data in such a way that any evidence acquired is of high quality and may be utilized effectively in a legal proceeding, rather than for any other reason. Socially engineered attacks are used to get access to systems where an individual has been denied access in the first place, which is why I chose this as the subject of my research. As a result, it will be challenging to protect the integrity, accessibility, and confidentiality of the information. The CIA triad, which was designed by the Central Intelligence Agency, should serve as a guide for an organization's information security plans and procedures. Availability, integrity, and confidentiality (AIC) are terms used to separate the notion from the triad (availability, integrity, and confidentiality) employed by the Central Intelligence Agency (Mohammed and Munir, 2018). The CIA trinity is critical for ensuring information security because it assists businesses in strengthening their security posture while also assisting them in remaining compliant with challenging requirements, ensuring business continuity, and ensuring the continuity of operations. Objectives Social engineering assaults include phishing and impersonation, to name a couple of instances. When an attacker uses social engineering to mislead a victim into providing personal information to the attacker or installing malicious software on the victim's infrastructure, such as ransomware, they are referred to as phishing attacks. Using impersonation as a sort of social engineering technique, an attacker sends the victim a bogus message in an attempt to deceive her into divulging personal information to the attacker or into installing malicious software on the victim's computer. Alkhalil and colleagues (Alkhalil et al., 2021) While impersonation is defined as "the activity of pretexting as another person in order to obtain information or access to a
SOCIAL ENGINEERING ATTACKS 5 person, company, or computer system," impersonation is defined as "the activity of pretexting as another person in order to obtain information or access to a computer system." Impersonation is defined as "the activity of pretexting as another person in order to obtain information or access to a computer system." According to Kaliak, a variety of methods, including social media platforms, telephones, and email, may be utilized to perpetrate impersonation scams (2021). Given that we are dealing with such ominous material, we must move as swiftly as possible to prevent social engineering efforts from being implemented. After all is said and done, the goal of this inquiry is to look at the many types of socially engineered assaults that can occur in this context. Fraudulent activities such as whaling, pharming, vishing, and phishing are all instances. The phishing attempt in this instance is very targeted, as it is disguised as a legitimate email and is addressed to high-ranking government officials. Whaling is a type of social engineering scam that has been made possible by technical improvements in the maritime industry. In order to get compensation, victims are advised to take a secondary step, such as making a wire transfer of monies (Aldawood and Skinner, 2020). Phishing is a type of cyberattack that involves the installation of a malicious application on a computer with the goal of redirecting traffic from one website to another (Anthony, 2019). Pharming may be carried out via a flaw in DNS server software by either altering the hosts file on the victim's computer or by exploiting a vulnerability in the victim's computer's hosts file (Anthony, 2019). Voice phishing, often known as vishing, is the technique of executing phishing assaults through the use of telephones rather than computers (Maseno, 2017). Landline telephone services have traditionally been regarded as reliable since they are terminated in physical places that are recognized by the telephone provider and are linked to a bill-paying customer (Maseno, 2017). This article will begin by outlining the many distinct types of socially engineered assaults that can occur, and then it will continue on to
SOCIAL ENGINEERING ATTACKS 6 examine the several methods that can be done to prevent and minimize such attacks. The significance and importance of each of these objectives will be crucial for research reasons since they will serve as the foundation for future social engineering assaults as well as the procedures that can be done to defend oneself and business networks from such attacks. Although it is unlikely, when participating in an ethical hacking encounter, social engineering will be excluded from consideration. Management and governments are opposed to the technique of social engineering since it includes influencing people and has the potential to damage a company's relationship with its employees and management (Fan et al., 2017). Especially if the engagement is handled badly, giving employees the impression that the company was attempting to trick them into taking part in immoral activities, as was the case in this instance, the situation can become much more serious. The development of a firm is critical to the performance and survival of the organization over the long term. Organizational development, in its most basic description, is characterized as a structured process of cultural change that uses behavioral science understanding as the foundation for interventions targeted at improving an organization's overall well-being, effectiveness, and employee relationships (Smither et al., 2016). If the process is not properly implemented, the relationship between employees and management can be ruined, and the employees will feel betrayed, no matter what the cause is, which could be due to a poorly planned process with inadequate assessment and diagnosis of what is required to increase overall effectiveness, or any combination of the two factors. Concerns pertaining to one's profession In response to social engineering activities, a new profession known as ethical hacking has evolved, and individuals who become professionals in this sector may be able to aid firms in remaining one step ahead of their competitors. Human engagement is required in more than 99
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 7 percent of cyberattacks because, in most circumstances, misleading a person is significantly more difficult than deceiving a machine, making human interaction important in the battle against cybercrime and identity theft (Yar and Steinmetz, 2019). To steal millions of dollars from a firm, an attacker is very guaranteed to have to fool at least a few workers during the course of his or her operation. In order to aid their consumers in understanding and responding to social engineering scams and other sorts of deceit, it is the ethical hacker's obligation to assist them in doing so, which is a challenging undertaking to execute successfully. Planning a project is a difficult task . With the help of this project study, I aimed to get a full grasp of the difficulties and techniques that are employed in the development of social engineering assaults, as well as how these attacks might be avoided in the future. It is plausible to infer that the research objectives that were defined at the commencement of the inquiry have been accomplished. As a result of my work, I was able to analyze a wide range of socially engineered assaults, including anything from ransomware to phishing, and via the use of a case study analysis approach, I was able to discover ways in which these attacks could be avoided. In light of the fact that my research examined a broad point of view without focusing on a specific time period, I urge that future researchers look at how social engineering assaults have progressed over the last several years. My study was finally brought to a close by an examination of several case studies including social engineering assaults and fraud. The addition of more case studies, on the other hand, may be able to assist improve the situation. Review of the Literature Strategy for conducting a literature review
SOCIAL ENGINEERING ATTACKS 8 For this examination of social engineering assaults and strategies for mitigating them, some of the search keywords that will be utilized will include: cybersecurity threats, threat actors, mitigating threats, and so on. It is my intention to use this research pool of key phrases to conduct research into a range of scholarly publications and studies that have been made publicly available on the internet. On the information resources side, it is planned to do case studies and research on bibliographic databases such as Emerald and Google Scholar, online libraries such as Question, conference proceedings as well as key industry journals and magazines, among other things. For the literature review chapter, as well as the other chapters of the dissertation, it is not possible or desirable to discuss all of the sources I have located that are relevant to the topic in order to adhere to the word limits that have been specified. The works of the world's most prominent scientists and authors in the field of psychology will be included in the evaluation of the literature. According to common knowledge in the academic world, researchers with the highest credentials are more likely to publish their writings in peer-reviewed journals and renowned periodicals than they are to publish their writings in news publications and online blogs. Overview As a result of the growing usage of digital communication technology, human-to-human interaction has become more accessible and rapid. It is possible for personal and sensitive data to be exposed online through social networking sites and online companies that do not have proper security measures in place to protect themselves. As a result of hostile individuals use social engineering techniques to obtain access to communication networks, the networks become susceptible. Personal information such as social security numbers, health data, and passwords are
SOCIAL ENGINEERING ATTACKS 9 targeted in these attacks with the goal of tricking individuals or corporations into giving such information. Because social engineering takes use of the inherent human desire to trust, it is one of the most difficult network security jobs to overcome, according to experts. A comprehensive examination of social engineering assaults is provided in this paper, which includes classifications, detection procedures, and prevention tactics. These cyberattacks inflict damage to the cybersecurity chain because they make use of social engineering tactics. People and companies are being pressured into revealing critical information to cybercriminals by these persons and organizations (Salahdine and Kaabouch, 2019). It doesn't matter whether a network is secured by firewalls, encryption, intrusion detection, or antivirus technologies; social engineering may compromise network security. More trust is placed in one another than in computers or technology by human beings, according to research. The result is that they represent the weakest link in the network of security precautions. This means that socially engineered attacks are intended to appeal to the senses of individuals who are susceptible to being manipulated.. There is no simple answer to the challenges that people face, which causes them to make mistakes. People continue to make the same mistakes over and over again because their acts are out of the ordinary. They are the weakest link in the chain of events since they are unable to prevent others from repeating their mistakes. They are also the most vulnerable. The likelihood of individuals disclosing sensitive information or breaking security regulations increases when they engage in unpleasant human interactions (Richardson et al., 2020). The most strong social engineering assaults have a major impact on all systems and networks as a result of human interactions, making them particularly dangerous. If people are not trained on how to recognize them, no amount of software or technology will be able to prevent them from
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 10 committing crimes. The attackers will begin with a social engineering tactic, regardless of whether there are technological issues (Richardson et al., 2020). According to the United States Department of Justice, social engineering attacks are one of the most significant cyber dangers facing the globe today, ranking second only to viruses. According to Cyence, the United States was the country that was targeted the most frequently by social engineering assaults in 2016, followed by Germany and Japan, among other countries. The United States was forced to pay $121.22 billion as a result of these assaults (Salahdine and Kaabouch, 2019). Hundreds of thousands of cybercriminals and hackers from across the world are targeting and wreaking harm to American businesses, particularly those in the financial sector. These firms deal with extremely sensitive international data, and their hacking has a huge impact on the worldwide economy as well as on the safeguarding of individuals' personal data (Salahdine and Kaabouch, 2019). For example, the credit reporting company Equifax was hacked for many months in 2018, leading in the loss of vital consumer information. The objectives of this firm, which collects information from individuals and corporations alike, are credit history and fraud prevention. Cybercriminals gained access to the personal information of a total of 145.5 million Americans who were shopping online. The information gathered included full names, birth dates, Social Security numbers, driver's license numbers, addresses, phone numbers, credit card numbers, and credit scores, among other things. It was hundreds of phishing emails appearing to be from financial organizations or huge banks such as Bank of America that sparked this problem (Alkhalil et al., 2021). Customers of Equifax continue to express their dissatisfaction with the recent cyber incident (Alkhalil et al., 2021). The Central Bank of the United States announced a recent cyber security incident in which an attacker stole more than
SOCIAL ENGINEERING ATTACKS 11 $80 million by planting a remote access trojan (RAT) on the bank's computers. The RAT allowed the attacker to access the bank's systems from anywhere in the world (Rid and McBurney, 2012). Attackers impersonating bosses send emails to workers in which they request that they transfer payments. This is according to the Federal Bureau of Investigation. Collectively, these businesses faced a $2.3 billion loss. A recent research also found that social engineers are responsible for 80 percent of all successful cyber-attacks throughout the world (Kaloudi and Li, 2020). Consequently, social engineering assaults can be more costly than natural disasters, showing the need of recognizing and mitigating these cyberattacks before they occur (Salahdine and Kaabouch, 2019). This study will examine social engineering attacks, detection methodologies, and countermeasure measures in greater depth. At the present, social engineering assaults are the most serious cybersecurity dangers that must be dealt with by organizations (Aldawood and Skinner, 2019). According to Abass, they can be detected, but they are not able to be stopped completely (2018). The goal of social engineers is to get sensitive information that may be utilized for particular reasons or sold on the black market and dark web. They prey on unsuspecting individuals to obtain this information. The data that is packed and sold in bulk in today's markets is produced by firms who specialize in data packaging in huge amounts (Coelho et al 2020). According to Salahdine and Kaabouch, "despite the fact that social engineering attacks differ, they all follow a similar fundamental framework and proceed through a similar phase." The standard pattern has four steps, which are as follows: 1) Research phase - collect information about the target; 2) Hook phase - develop relationship with the target;
SOCIAL ENGINEERING ATTACKS 12 (3) Play phase - exploit the victim to obtain information and execute the attack; 4) Exit phase - exit with no traces. A victim is selected during the research phase, sometimes referred to as information gathering, by the attacker based on a set of criteria. During the hook phase, the attacker begins to gain the victim's trust by making a series of direct demands to the target. a phone call or an email exchange During the play phase, the attacker uses emotional manipulation to trick the victim into disclosing important information or committing security errors. At some point during the departure phase, the attacker stops supplying key information or commits security mistakes without leaving any proof." (Salahdine and Kaabouch, 2019). Attacks Classification Attacks against social engineering may be classified into two categories: those carried out by people and those carried out by computers. People-based social engineering attacks are more common than computer-based social engineering attacks. The attacker engages with the victim in person in order to collect the information that he or she requires in order to undertake a human- based assault on the victim (Frumento et al., 2016). As a result, they are only able to have a limited influence on a restricted number of individuals. Cybercriminals carry out computer-based assaults on unsuspecting victims by using computers or mobile phones to communicate with them. There is no other animal that can attack a big number of people in a matter of seconds as they are capable of. It is referred to as the social engineering toolkit (SET) and is one of the computer-based assaults that are employed in spear phishing emails (Mashtalyar et al., 2021). The three types of social engineering assaults (social, technical, and physical-based) can be further subdivided based on the method by which they are carried out.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 13 Social-based attacks are carried out through relationships with the victims in order to take advantage of their psychology and emotions in order to gain advantage over them. As a result of the fact that they involve human connections, they are both the most hurtful and the most successful sorts of attacks (Salahdine and Kaabouch, 2019). Baiting and spear phishing are two examples of this sort of assault. There are many different types of technical-based attacks that are carried out over the internet, including social networking sites and online service websites, and they collect information from the victims such as passwords, credit card information, and security questions. Attackers use actual-based assaults to collect information about the target computer or network by performing physical activities on the target computer or network. In this case, the hunt for important papers amid the waste is an example of an attack. "Components such as human, computer, technological, sociological, and physical-based factors can all be combined in social engineering assaults. Examples of social engineering assaults include the following: Theft of important documents; diversion theft; fake software; baiting; quid-pro-quo; pretexting; tailgating; Pop-Up windows; Robot calls; ransomware; social engineering on the internet; reverse social engineering; and phone Social Engineering are all examples of online Social Engineering and reverse Social Engineering " (Salahdine and Kaabouch, 2019). Following an evaluation of the multiple existing classifications of social engineering assaults, we may divide them into two basic categories: direct attacks and indirect attacks. Direct attacks are those that are carried out directly on the target. In the first instance, the assailant makes direct physical contact with the target victim in order to carry out the attack on him or her. They are used to characterize attacks that are carried out by making bodily contact with the victim, making eye contact with the victim, or exchanging voice exchanges with the victim (Salahdine and Kaabouch, 2019). It is possible that the attacker's presence in the victim's
SOCIAL ENGINEERING ATTACKS 14 workplace will be necessary in order for them to complete the assault effectively. It is possible to carry out a variety of forms of assaults, including physical access, shoulder surfing, and dumpster diving. Phone social engineering tactics, such as pretexting and impersonating on help desk calls, as well as document theft, are also available. For an attack to be characterized as indirect, the perpetrator does not have to be physically present to carry out the operation. This type of attack might be carried out remotely with the deployment of malicious software that is disseminated via email attachments or SMS messaging. The following forms of assaults on computers are examples of these types of attacks: phishing, fraudulent software, pop-up windows, ransomware, SMSishing, online social engineering, and reverse social engineering (Salahdine and Kaabouch, 2019). Description of the attack • Phishing (email spoofing) attacks In the world of social engineering attacks, phishing is the most common sort of attack (Sumner and Yuan, 2019). It is their goal to gather personal information from their targets through the use of telephone or email communication. The authors of Salahdine and Kaabouch (2019) say that attackers utilize deceit to trick victims into providing key information about their identities. Scams include phony websites, emails, ads, anti-virus, scareware, PayPal, awards, and freebies, to name a few of the many different varieties available. It is considered an attack if you receive phone calls, emails, or links from an impersonating lottery department notifying you that you have won a substantial sum of money and requesting personal information from you. Access to sensitive accounts, such as online banking or other services, or access to sensitive information may be gained by the use of a person's social security number or other identity number. There are
SOCIAL ENGINEERING ATTACKS 15 several sorts of phishing attacks, including spear phishing, whaling, vishing phishing, and corporate email compromise phishing, among others (Salahdine and Kaabouch, 2019). Also according to the authors, spear phishing is an assault that makes claims or interacts with specific persons or groups of people, rather than with the general public. They have a legal obligation to gather victim information from easily available web databases. In part, this is due to their ability to infiltrate an organization from inside, making it impossible to identify them from authorized users, which is one of the reasons they are so successful. In the case of spear phishing attacks on high-level executives of "big fish" corporations, this is referred to as whale phishing. A phone phishing scam is a type of fraud in which a company attempts to deceive clients into supplying personal information in order to verify their identification over the telephone. Voice phishing is a term developed from the terms voice and phishing to describe attacks that take advantage of the speech over internet protocol (SIP) technology (VoIP). The use of an interactive voice response system by a bogus company or bank to deceive the recipient into providing sensitive information is known as interactive voice response phishing (Salahdine and Kaabouch, 2019). Whaling is similar in that it targets significant "fish" in corporations, capturing their emails, calendars, payments and other private information in order to sell it to third parties. In addition to sending emails and scheduling meetings, the social engineer may also study professional information about the company and contact clients or service providers using the information collected. Beginning with extensive social media research on high-profile targets in order to acquire and absorb specialist information such as the bank's authorized range of money, the attacker next moves on to more mundane tasks. An attacker sends a convincing business email in an attempt to persuade a regular employee to click on an embedded link or download an
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 16 attachment from an email message after gaining access to the information they want. Choosing a timing that matches with the target's schedule and instilling a feeling of urgency in the email are two strategies used by attackers to push recipients to take action. Pretexting attacks Pretexting attacks are a sort of attack in which the attacker utilizes a pretext to get access to the information of the victim. As the name implies, pretexting attacks are ones when the offender constructs fake and plausible circumstances in order to get personal information from the target. It is part of their plan to persuade the victim to accept and trust the attacker that they rely on fabrications and pretexts to achieve this goal. The assault is carried out through the use of phone calls, emails, and other types of physical communication medium. In order to carry out their assault, attackers post information about themselves in phone books, public web sites, or conferences where collaborators in the same field gather in order to gain access to sensitive information. Using a pretext such as an offer to perform a job or earn money in order to get personal information, to assist a friend in gaining access to something, or to win the lottery, it is possible to obtain personal information, acquire access to something, or to win the lottery. • Attacks on the Premises of a Bait Attacks using baiting techniques, sometimes known as road apples, are phishing attempts wherein consumers are persuaded to click on a link in order to obtain free things. They operate in a similar manner to Trojan horses, in that they launch assaults by taking advantage of exposed computer resources such as storage media or USB drives that have been infected with malware while visiting a coffee shop. There has been an attack on the premises. Attacks using baiting techniques, sometimes known as road apples, are phishing attempts wherein consumers are persuaded to click on a link in order to obtain free things. Like Trojan horses, they carry out their
SOCIAL ENGINEERING ATTACKS 17 assaults by taking use of unprotected computer resources, such as storage media or USB sticks with malware, that are found by their victims while in a public place, such as a coffee shop or a public library. When victims place the USB drive into their computers, the disk operates as if it were a real-world trojan horse, infecting the device and causing it to crash, according to the researchers. Because the malicious code employed in this attack is performed in the background, the victims are unaware that they are being targeted. Controller area network (CANDY) is a baiting assault that will be used to insert a Trojan horse into automotive entertainment systems, according to the authors' research (Jain, 2011). In the aftermath of this assault, the security of the vehicle is threatened since it interferes with communication between the driver and the vehicle. It is possible to record the driver's speech, which allows the attacker to remotely access the victim's car through a rear door, obtain information about the vehicle's circulation, and manage the vehicle's operation. Attacks on Drivers While Tailgating Tailgating attacks, also known as piggybacking attacks or physical access assaults, comprise following someone with security clearance to a certain location or facility in order to gain access to that location or facility. They make it easy for intruders to get access to buildings that are not intended for them. A victim could be asked to keep the door open for the assailants because they have forgotten their company's identification card or RFID (radio-frequency identification) card, for example. The borrower can even use the computer or smartphone to carry out hazardous acts such as the installation of malicious software on a computer or the transmission of dangerous software via a network. In the case of RFID card assaults, for example, they are one of the most often utilized techniques of getting access to restricted areas with the intent of causing harm to others. Often cited as the most quickly expanding technology for controlling access to buildings
SOCIAL ENGINEERING ATTACKS 18 and facilities, RFID systems are becoming increasingly popular among businesses because of its widespread use and low cost, according to industry analysts. Despite the fact that they have several advantages, they also contain flaws that may be exploited to pose serious security issues for businesses. RFID attacks may be carried out at a number of different layers of the interconnectivity system concept, including the physical layer and the data link layer (ISO). RFID devices and the physical interface, for example, are directed at the physical layer of the connection in order to alter RFID communication. Depending on the conditions, these assaults have the potential to inflict harm to RFID cards in both the short and long term, depending on the situation. Specifically, the attacker interferes with network layer operations, such as communication and data exchange amongst RFID devices, by modifying them. Ransomware (crypto-locker) attacks Similarly, a ransomware attack is another form of threat that may harm both individuals and businesses at the same time. In 2016, the FBI estimated that ransomware-related damages reached more than $1 billion, highlighting the immense financial devastation that ransomware can wreak on companies and organizations (Logue and Shniderman, 2021). A ransomware assault has the potential to have long-reaching ramifications that are considerably more expensive than the ransom money itself to resolve. In the event that a business does not prepare for a ransomware attack, it may suffer long-term consequences that include losing customers, losing data, and losing productivity. Ransomware attacks encrypt the data and files of the victim, making them inaccessible to the attacker and preventing them from being used or accessed by him. If the victim does not pay the ransom quickly, the victim will be threatened with public exposure as a result of the theft. It is necessary for this payment to be made in Bitcoins, a digital currency that is unregulated and nearly impossible to trace back to its source (Chaurasia, 2018).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 19 Ransomware attacks may be classified into two types: static ransomware attacks and dynamic ransomware assaults. Engineers and programmers with in-depth understanding of static analysis develop programs to examine and comprehend an attack in order to prevent it from occurring in the future or to recover the encrypted data that has been lost. For dynamic analysis to be effective, it is necessary to monitor the behavior of the malware from a remote location. It is necessary to have trustworthy systems in order to execute untrusted apps without causing damage to the system (Chaurasia, 2018). After that, the article discusses the various types of socially engineered attacks, which include everything from phishing attacks to ransomware attacks, all of which employ the tactic of fraudulently posing as an authorized individual in the hopes of luring a victim into a hacking scheme, and how to protect yourself against them. A more in-depth discussion of the measures that have been put in place to resist these social attacks will be provided in the parts that follow (Chaurasia, 2018). Chapter 3: Methodology. Social engineering has posed a serious security threat to the infrastructure, users, data, and operations of cyberspace, and it is getting more ubiquitous. It is also becoming more difficult to detect. The goal of this paper is to outline social engineering assaults and their technique, as well as several risk mitigation methods that may be used to reduce the likelihood of such attacks occurring. The purpose of this section is to provide a detailed description of the research design that I feel is appropriate for this dissertation. Methodology for Case Studies
SOCIAL ENGINEERING ATTACKS 20 In order to do my research, I have chosen to employ the case study method, as seen in the figure above. When doing case studies, researchers look at a variety of scenarios and select the one that is the most relevant to their research project. Case studies are useful in the formulation of a research concept as well as the construction of the theoretical foundations of the research project. In order to collect a variety of facts and hypotheses that may be utilized to produce extensive evaluations of the issue under study, case studies can be used in conjunction with other methods. Researchers might choose whether to broaden or narrow the scope of their investigations based on the outcomes of the literature assessments that were carried out in advance of the investigations. With the help of a case study, you may have a thorough grasp of the aims and objectives of the research project. With respect to social engineering assaults, I will select the best case study to describe how a specific attack occurred, the method used to do it, and the victim's response so that I may determine whether or not the attack might have been avoided in my particular scenario. I feel that this research approach is the most appropriate in this scenario since my thesis is strongly reliant on previously found social engineering assaults and because social engineering attacks are not a new phenomenon. It is my goal to investigate social engineering assaults that have caused substantial harm to businesses, most notably during the covid-19 outbreak, as part of my dissertation. I want to do my study using sources such as peer-reviewed journals, scholarly books, and the web-based dissemination of socially produced assault accusations, among other things. Justify your choice of design. Case studies provide a lot of benefits over other types of research when compared to other research methods. The majority of the time, data analysis is carried out in the context of its
SOCIAL ENGINEERING ATTACKS 21 application, that is, in the context of the circumstance in which the activity is carried out (Zainal, 2007). In the case of a socially engineered attack, for example, the researcher would be interested in the method by which the attack was launched and carried out. It is necessary for me to monitor the subject in her natural setting in order to investigate the tactics she employs when reading, such as when she is reading in class or when she is reading for pleasure. To put this in context, consider an experiment in which a phenomenon is purposely isolated from its surroundings while a limited number of parameters (for example, temperature) are focused on (Yin, 1981). Second, the variety of methodologies available for case studies, such as intrinsic, instrumental, and collective approaches, enables for both quantitative and qualitative assessments of the data received from the participants to be conducted on the information gathered from them. Instead of utilizing quantitative data, as is the case in some longitudinal studies, a group of individuals is followed over time using qualitative data from journal writings that offer descriptive accounts of their behavior rather than quantitative data. Other types of case studies, such as those conducted on a group of people, seek for evidence in both numerical and categorical replies supplied by individual participants. Social engineering tactics are used by cybercriminals in virtually all of their assaults, accounting for nearly all of the attacks carried out by them. According to some estimates, there are 75 times more phishing websites than virus domains on the internet. By the year 2020, it is estimated that almost 75% of organizations throughout the world would fall prey to phishing scams. The FBI said that phishing was the most prevalent cybercrime in the United States in 2020, with 241,342 successful instances, making it the most common in the world (Alzahrani, 2020). As an additional benefit of case studies, the in-depth qualitative accounts that are frequently produced do not only aid in the exploration or description of data in a real-world environment,
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 22 but they also aid in the clarification and explanation of the complexities of real-life situations that may not be captured through experimental or survey research. Consider the case study of reading abilities that are required by a certain topic matter as an instance of this. Moreover, not only will you have a comprehension of the methods employed, but you will also gain an understanding of the reasoning for their usage as well as how each method is used in relation to the others. Because reading behaviors are the result of complex cognitive processes, each reading strategy must be considered in the context of the other reading strategies rather than on its own (Zainal, 2007). When it comes to research methods for my thesis topic, case study methodology is the most appropriate form of inquiry, as evidenced by the following list of advantages. Discuss the theory of methodology . Case studies must be carefully constructed because of criticisms levied at the approach for what is seen to be a lack of robustness as a research instrument. Depending on the scenario, I can employ either a single-case or a multiple-case design approach to solving the problem. Single- case design will be used when there are no other cases to recreate or when comparing the social engineering attack plan to another design. It is a downside of utilizing a single-case technique because it cannot be utilized to draw sweeping generalizations, which is critical when examples are few and far between. Through the use of various methodologies, the validity of the study will be validated, and the problem will be remedied as a consequence of the findings. The use of a multiple-case design to better understand a problem may be advantageous if a substantial number of sources of information are obtained through replication rather than sampling, rather than through sampling. According to Yin, a theory rather than a population is utilized to generalize from case studies, regardless of whether single or multiple designs are employed in the study (1981). Using pattern-matching to repeat the case, it is feasible to enhance
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 23 and confirm earlier results. Pattern-matching is a method that relates distinct bits of data from the same instance to a theoretical premise (Tetnowski, 2015). There is thus higher confidence in the resilience of the process as a result of this development. Discussion of the study's overall design When dealing with complex themes and challenges, case study research methodologies make it easier to understand and comprehend them more quickly. In circumstances where a thorough investigation is required, it is possible to apply a robust research technique. However, while the case study approach is widely used in social science research in general, it has a considerably bigger significance in educational research (Yazan, 2015). Because of academics' fear that quantitative approaches would be unable to give comprehensive and detailed explanations of the social and behavioral problems under inquiry, case study research has gained prominence as a research method. Application of case study approach allows researchers to go beyond the facts and acquire a deeper knowledge of events from the perspective of those who are involved in the events. If you want to understand the process and outcome of a phenomena, you need do a case study, which is a combination of quantitative and qualitative data. To get this conclusion, careful observation, reconstruction, and analysis of the cases are carried out on each one (Ridder, 2017). As a result, countless potentially intriguing study topics were eliminated as a result of this process. Tool selection As previously indicated, case studies have always been seen as tools in and of themselves. When it comes to research designs and, to a certain degree, as tools, case studies are useful since they provide the following benefits:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 24 In order to obtain implicit and explicit data from people, it is the only viable strategy available. This is suitable in relation to the research topic It adheres to a set of processes and uses them in the right manner The scientific conventions that are employed in social sciences are closely adhered to. In particular, when interviews and direct observation by the researcher are the primary sources of data, it is necessary to create a 'chain of evidence' that is statistically or qualitatively recorded and stored. There is a connection between the case study and a theoretical framework Chapter 4: Results Data analysis Psychologists believe that human beings are born with a natural desire to aid people who are in genuine need, a proclivity to trust others, a fear of getting into trouble, and a desire to avoid getting into trouble by taking whatever for free or without exerting much effort. It is necessary to educate users on how to protect themselves from hackers and crackers because they want to take advantage of this means of communication. Considering that social engineering is the most potent kind of attack, I conducted an experiment to see how successful it was on Linux, and the results were promising (Maraj et al., 2020). Linux is frequently regarded as the most secure operating system available; yet, as we have proven, even the most secure system may be penetrated by exploiting a weak link. Linux is not the only operating system that can be attacked (people). If your computer is afflicted with Spyware or malware, the case studies that follow will show you how social engineering may be used to your
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 25 advantage. Three kinds of case studies are presented, each of which has a number of instances or examples in each of the three categories. Case No. 1 It is the purpose of this case study to obtain knowledge about the subject while maintaining a positive attitude about time. In order to launch this attack, we must first acquire information on the target, just like we did with the individual we are already familiar with. One thing we found about him was that he utilizes the Linux operating system and enjoys programming, particularly with Linux shell scripts, among other things. The second phase is the formation of relationships, which has already began with the selection of persons in whom we may place our trust and confidence. Our friend, who runs his computer on the Linux operating system, received it and passed it to us. This was the subject line of an email that was forwarded to me with the subject line "Shell Script for Fun." It is normal for people to open an email that appears to be from a friend and is safe to click on. Whenever you receive an email from a buddy that has an attachment, you should open it right away and save it. This is due to the fact that you may send email using any fictional identity while utilizing open mail relay SMTP servers, which means you've been identified (Reddy, 2019). In this case, we are using a psychological strategy and a tailored assault because we have chosen the individual. Certain parasite authors adopt a targeted strategy for a single victim, whilst others employ a broad approach to attract unknown victims, and if the tactic is effective, many individuals will fall victim to it. Case No. 2 In the second case, we used the same strategy, first gathering knowledge, then establishing relationships, and last deceit, to achieve our goals. Hackers and crackers who take delight in their
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 26 work are the folks we hire. Those who are interested in hacking and cracking will find Case-2 to be of particular interest. Whatever you do to find free hacking and cracking tools on the internet, you will eventually come across some. Several of these pieces of software, on the other hand, have the capability of infiltrating your computer system. You may get the following information on the internet: After I sent him an email with a link to this shell script branded "Windows Hacking Tool," a buddy of mine received a link to it. They then proceeded to click on it, download it, and run it on their computer. Case No. 3 The use of hoaxes is prohibited: Linux is considered more secure than Windows by some persons; however, they do not know by what percentage, and they are interested in learning more about this issue. An inaccurate Linux report is filed in the case as a result, which includes the Shell Script, and the problem is closed as a result. In the form of a letter to a friend, I'd like to share this report regarding Linux security that I found on the internet. The link is often visited because it contains valuable information on Linux. Using social engineering strategies to manipulate people leads in the imprisonment of human beings in each of these tactics. Root access must be provided to our virus in order for it to function properly. The findings are discussed in detail . NB: Results are subjected to a critical examination. The case studies that came before them revealed a method of fooling someone into surrendering access or secret information, and it constitutes a significant danger to the vast majority of secured networks today. It is the power to convince people to change their minds. A long time has passed since techniques and concepts of social engineering were developed.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 27 Because of Homer's epic book The Odyssey, the story of the Trojan horse has become well- known across the world. It was one of the most brilliant social engineering ruses ever created in the history of the human species, and it was executed flawlessly. After learning about a Greek approach to social engineering, Edwards decided to name his company after the technique he learnt about. As a result, it is the most devastating assault accessible due to the fact that neither hardware nor software can prevent or protect against it. Because this attack is mostly psychological in origin, people must be trained how to defend themselves against this type of assault. The following section contains a sample of definitions of Social Engineering from a number of writers. Social Engineering is defined as follows: 1. "...the art and science of convincing others to do what you desire," as defined by the American Psychological Association. 2. The term "Social Engineering" is a misnomer for initiatives that are non-technical or low-tech in nature, such as Fraud, impersonation, scams, bribery, blackmail, and threats are all used to infiltrate and compromise computer networks. Despite the fact that each Social Engineering attack is distinct and creative, they always follow a similar pattern. There are four steps to this design (Information Gathering, Relationship Development, Exploitation and Execution). In order to achieve the desired end result, a social engineering attack and/or the usage of other more typical attack tactics may be utilized in conjunction with one another. We have observed that social engineering is not only a serious threat, but also a natural human susceptibility to misinterpretation of the persuader's true intentions, which we call "human vulnerability."
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 28 During the information-gathering phase, the identity of the intended victim or victims is ascertained. Following the identification of the intended victim, the following step is to select many intriguing portions that will entice the victim. Because we all want to know who loves us, the old "I Love You" virus, for example, was built on this idea because we all want to know who loves us. Once information on the victim and his hobbies has been gathered, the investigation may begin. The next step is to try to locate or establish a relationship with the individual who has been victimized. If the "I Love You" virus is on its way to infect a friend, you become even more excited. A subsequent attack will be designed using pre-built malware or new Spyware will be created. Everything has now been put in its proper position. The final stage of the attack is the actual execution of the plan. Because it helps to establish a direct relationship between various social engineering attack scenarios and demonstrates how attacks can be carried out from various viewpoints such as email and operating system, the use of case studies is essential.. The case studies mentioned above were useful in describing the hacker's talents. Hackers employ a variety of approaches, including: Make an imitation of company personnel: This is a tactic for creating an atmosphere that will encourage a target to provide information or perform an action, and it is often carried out by email or phone. According to the experts, pretending to be someone from within the business is the most successful and riskiest technique for acquiring physical access to a network. In the course of conversing with a member of the IT team, users were asked to disclose their password to a "stranger." This is particularly true if the caller informs them that their account may be suspended and that they may be unable to access crucial e-mail or network services if they do not cooperate. Due to significant study required to understand everything possible about the target in order to establish legitimacy in the
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 29 target's eyes, it is by far the most time-consuming attack to execute. In order to generate compassion from consumers, the social engineer may pose as an outside worker, such as a representative from a phone company or a representative from the firm's Internet service provider. The natural impulse of most people is to provide a helping hand to those in need. Techniques of intimidation The use of more strong tactics, such as intimidation, by social engineers may be necessary. In this scenario, the social engineer assumes the identity of someone noteworthy, such as a powerful boss from headquarters, a major customer of the company, a government investigator, or anybody else who may strike fear into the hearts of normal people. Screaming and enraged, he or she bursts into the room or summons the victim. If they do not obtain the information they want, they may threaten to fire the employee. a. Hoaxing: Unintentional hoaxes seek to deceive others into believing that something bogus actually exists. Due to the fear of being in an unpleasant circumstance, it may also lead impulsive decisions to be taken. Imitating an issue and then exploiting it: Another ploy is to create a problem and then exploit it. The blaring of a fire alarm may be all that is required to get everyone out of the room in a short amount of time without having to shut down their computers. Following then, social engineers might utilize the session to carry out their nefarious activities. The practice of throwing away garbage mail or normal mail / letter without shredding the paper is referred to as dumpster diving by business owners. The mail contains personal information or credit card offers that a dumpster diver may use to perpetrate identity theft, it is considered suspicious. Dumpster divers also hunt for information such as a
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 30 company's organizational chart, who reports to whom, and, in particular, management level personnel who may be impersonated in order to obtain sensitive information. Dumpster diving can provide valuable information for an impersonation assault if the information is used properly. A more cunning kind of social engineering is reverse social engineering, which occurs when a social engineer persuades individuals to ask him or her questions rather than questioning them. This type of social engineering usually necessitates extensive planning, which includes putting themselves in a position of seeming authority or expertise in order to be successful. When you send an email, using an enticing subject line will provoke an emotional response from the recipient, resulting in inadvertent engagement. Most people are familiar with the following two types of computers: Viruses are commonly hidden within a file attached to an email, and the first of these carries dangerous code. Graph theory applications in wireless ad hoc networks and sensor networks will be the subject of a new international journal, which will be published in the near future. For example, the 'Anna Kournikova' worm or the 'I Love You virus' will infect unsuspecting individuals who will click on or open the file. "Vishing," often known as voice phishing, is a relatively new phishing technique that has received a great deal of attention. • Both methods of vishing are possible. According to one variation of the scheme, the client receives an e-mail that seems to be a phishing e- mail and usually suggests that there is a problem with the account. The e-mail does not contain a false link to click on; instead, it has a customer service number that the client must call before being asked to "log in" with account numbers and passwords. The other
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 31 form of the scam includes phoning consumers directly and telling them that they must phone the false customer care number as soon as possible in order to safeguard their accounts. By "confirming" personal information on file, such as an individual's full name, address, or credit card number, vishing fraudsters can even provide the customer a false feeling of security. A standard bank method, in which banks encourage clients to phone and confirm information, is imitated by phishing scams. limitations It is important to note that one of the primary limitations of my findings is that the socially engineered attack case studies were primarily focused on aspects of the Linux operating system that were vulnerable to attack. It is necessary to conduct additional research into the avenues through which socially engineered attacks on Windows operating systems could be developed in the future. 5th Chapter: Discussion and Concluding Remarks After stating that the thesis statement is being fulfilled, the second part of this section attempts to do so by providing relevant recommendations for dealing with cases of social engineered attacks, some of which are specific to the social engineered attacks discussed in the preceding section and others which are not mentioned in the preceding section. Essentially, the goal is to group my comments and the results together in a logical suggestion section that is simple to read. Conclusion When it comes to social engineering assaults, the first and most effective protection is a comprehensive, clear (written) policy that defines when and to whom (if anybody) users are permitted to give their passwords, unlock the server room, or execute other activities. In order to
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 32 safeguard the general population, it is vital to adopt stringent protocols. By putting in place an authentication mechanism (such as smart cards/tokens or biometrics, for example), you can prevent a huge proportion of social engineering attempts from being successful. No matter how effective the social engineering method appears to be in terms of obtaining the password, it is worthless unless and until the second authentication factor is likewise obtained and verified. The establishment of strong policies and procedures, as well as the assurance that all workers adhere to them on a consistent basis, are vital for mounting a successful defense against social engineering. The most vulnerable to social engineering assaults are those who are inherently unexpected; nonetheless, they are also the most successful, because the sole protection against them is not a software system, but rather people who are themselves unpredictable. We can still avoid some attacks by applying a restricted set of countermeasures, but only to a limited extent. Implications Traditional strategies for protecting oneself from socially engineered attacks are becoming increasingly ineffective, according to the ramifications of my research. 1. Any email requesting urgent personal financial information or threatening to terminate online accounts should be treated with extreme skepticism. 2. It is impossible to be certain that an e-mail has not been forged or "spoof" until the message has been digitally signed. In light of the fact that anybody may send an email under any name, it is important to check for the entire headers when sending anything of significance by email. 3. In addition, while conducting business online, phishing scammers frequently ask for personal information such as usernames and passwords, credit card numbers, social
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 33 security numbers, and other information that would not normally be sought by a reputable organization. 4. In addition, phishing emails are generally not personalized, although authentic letters from your bank or ecommerce company are typically customized. 5. As seen in our case study, phishing e-mails frequently begin with a greeting such as "Dear customer," but there are other attacks that are targeted or more sophisticated in that they use your personal information, and if the attack is intended for you, it will be personalised. 5. When dealing with your financial institution, always use channels that you are acquainted with and that come from reputable sources. If you receive an email with a link to a website that appears to be real (for example, information from your bank card, paper correspondence, or your monthly account statement), do not rely on it and do not transmit personal information over the Internet. 6. When entering information through your Web browser, always double-check that you're transmitting credit card or other sensitive information over a secure website. Verify that the URL in the address bar begins with https:// rather than http:// by looking at it in the address bar. 7. Log into your online accounts on a frequent basis, and change your passwords on a regular basis as well. 8. Review your bank and credit card statements on a frequent basis to ensure that all transactions appear to be legitimate. 9. You should never believe that the general look of a website would enable you to precisely identify it as legitimate.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 34 10. Don't provide personal financial information in e-mail messages or pop-up windows that ask for it; spammers and phishers may use this information in the future to conduct attacks against your machine. We may have the most secure network or the most specific rules, but because people are unpredictable as a result of their curiosity and avarice without regard for the consequences, we may find ourselves in a Trojan tragedy of our own. The paradox of social engineering attacks is that individuals are both the most serious problem and the most effective tool for protecting themselves against them at the same time. Organizations must develop policies and practices that clearly define roles and responsibilities for all users, not just security personnel, in order to fight social engineering attacks on their networks. As a result, the company must ensure that these policies and procedures are appropriately executed by its employees, which involves ongoing training on the most current examples of such behavior. Research recommendations for additional study Eventually, researchers will be able to conduct a more thorough investigation into the nature of socially engineered attacks against Windows operating systems. An additional study on how firms may defend themselves and their employees from socially engineered assaults can be prepared as part of this effort. Reflection On the other hand, despite the fact that there is a glut of security software options available on the market, many of which claim to be the finest, we continue to be exposed to the threat of viruses and other potentially harmful behaviors on a regular basis. The vast majority of viruses may be prevented simply by knowing their fundamental principles of operation, even if we do
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 35 not utilize virus protection software during the detection and eradication process of the infections. Because of the knowledge gap uncovered by this study, the lessons learned as a consequence of this effort are built on top of it. In the course of this exercise, I learned a few things, one of which is that the great majority of individuals believe that Linux is more secure than any other operating system available on the market. Due to the lack of a consistent evaluation of how frequently Linux users are susceptible to social engineering assaults, it is hard to verify whether the assumption of these accusations is true or erroneous. Consequently, the number of case studies documenting assaults is restricted due to the fact that many firms and individuals are uncomfortable supplying such information and will frequently offer incorrect information as a result of this. For a final recommendation, I would suggest that further research be performed on the countless social engineering geniuses who often employ machine techniques or strategies to achieve their objectives.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 36 References Abaimov, S., & Martellini, M. (2022). Attack. In Machine Learning for Cyber Agents (pp. 115-147). Springer, Cham. Abass, I. A. M. (2018). Social engineering threat and defense: a literature survey. Journal of Information Security , 9 (04), 257. Albladi, S. M., & Weir, G. R. (2018). User characteristics that influence judgment of social engineering attacks in social networks. Human-centric Computing and Information Sciences , 8 (1), 1-24. Aldawood, H., & Skinner, G. (2019, January). An academic review of current industrial and commercial cyber security social engineering solutions. In Proceedings of the 3rd International Conference on Cryptography, Security and Privacy (pp. 110-115). Aldawood, H., & Skinner, G. (2020). An advanced taxonomy for social engineering attacks. International Journal of Computer Applications , 177 (30), 1-11. Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing Attacks: A Recent Comprehensive Study and a New Anatomy. Frontiers in Computer Science , 3 , 563060. Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing Attacks: A Recent Comprehensive Study and a New Anatomy. Frontiers in Computer Science , 3 , 563060. Alzahrani, A. (2020). Coronavirus social engineering attacks: Issues and recommendations. Int. J. Adv. Comput. Sci. Appl , 11 (5), 154-161. Anthony, B. (2019). Social Engineering: The Human Element of Cybersecurity (Doctoral dissertation, Utica College).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 37 Chaurasia, R. (2018). Ransomware: The cyber extortionist. In Handbook of research on information and cyber security in the fourth industrial revolution (pp. 64-111). IGI Global. Coelho, P. M., Corona, B., ten Klooster, R., & Worrell, E. (2020). Sustainability of reusable packaging–Current situation and trends. Resources, Conservation & Recycling: X , 6 , 100037. Fan, W., Kevin, L., & Rong, R. (2017). Social engineering: IE based model of human weakness for attack and defense investigations. IJ Computer Network and Information Security , 9 (1), 1-11. Franchina, L., Inzerilli, G., Scatto, E., Calabrese, A., Lucariello, A., Brutti, G., & Roscioli, P. (2021). Passive and active training approaches for critical infrastructure protection. International Journal of Disaster Risk Reduction , 63 , 102461. Frumento, E., Puricelli, R., Freschi, F., Ariu, D., Weiss, N., Dambra, C., ... & Pachego, B. (2016). The role of Social Engineering in evolution of attacks. Jain, V. K. (2011). Cryptography and Network Security . KHANNA PUBLISHING HOUSE. Kaliňák, V. (2021). Psychology of Phishing Attacks During Crises: The Case of Covid-19 Pandemic. Kaloudi, N., & Li, J. (2020). The ai-based cyber threat landscape: A survey. ACM Computing Surveys (CSUR) , 53 (1), 1-34. Logue, K. D., & Shniderman, A. B. (2021). The Case for Banning (and Mandating) Ransomware Insurance. Available at SSRN 3907373 .
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 38 Maraj, A., Rogova, E., & Jakupi, G. (2020). Testing of network security systems through DoS, SQL injection, reverse TCP and social engineering attacks. International Journal of Grid and Utility Computing , 11 (1), 115-133. Maseno, E. M. (2017). Vishing attack detection model for mobile users (Doctoral dissertation, KCA University). Mashtalyar, N., Ntaganzwa, U. N., Santos, T., Hakak, S., & Ray, S. (2021, July). Social Engineering Attacks: Recent Advances and Challenges. In International Conference on Human-Computer Interaction (pp. 417-431). Springer, Cham. Mitnick, K. D. (2021). The Art of Deception-Kevin D. Mitnick ND. pdf. Mohammed, L. A., & Munir, K. (2018). Secure third party auditor (TPA) for ensuring data integrity in fog computing. International Journal of Network Security & Its Applications (IJNSA) Vol , 10 . Reddy, N. (2019). Emails and Email Crime. In Practical Cyber Forensics (pp. 345-378). Apress, Berkeley, CA. Richardson, M. D., Lemoine, P. A., Stephens, W. E., & Waller, R. E. (2020). Planning for Cyber Security in Schools: The Human Factor. Educational Planning , 27 (2), 23-39. Rid, T., & McBurney, P. (2012). Cyber-weapons. the RUSI Journal , 157 (1), 6-13. Ridder, H. G. (2017). The theory contribution of case study research designs. Business Research , 10 (2), 281-305. Salahdine, F., & Kaabouch, N. (2019). Social engineering attacks: A survey. Future Internet , 11 (4), 89.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOCIAL ENGINEERING ATTACKS 39 Smither, R., Houston, J., & McIntire, S. (2016). Organization development: Strategies for changing environments . Routledge. Sumner, A., & Yuan, X. (2019, April). Mitigating phishing attacks: an overview. In Proceedings of the 2019 ACM Southeast Conference (pp. 72-77). Tetnowski, J. (2015). Qualitative case study research design. Perspectives on Fluency and Fluency Disorders , 25 (1), 39-45. Yar, M., & Steinmetz, K. F. (2019). Cybercrime and society . Sage. Yazan, B. (2015). Three approaches to case study methods in education: Yin, Merriam, and Stake. The qualitative report , 20 (2), 134-152. Yin, R. K. (1981). The case study as a serious research strategy. Knowledge , 3 (1), 97-114. Zainal, Z. (2007). Case study as a research method. Jurnal kemanusiaan , (9), 1-6.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Recommended textbooks for you
Text book image
Engineering Fundamentals: An Introduction to Engi...
Civil Engineering
ISBN:9781305084766
Author:Saeed Moaveni
Publisher:Cengage Learning
Text book image
Solid Waste Engineering
Civil Engineering
ISBN:9781305635203
Author:Worrell, William A.
Publisher:Cengage Learning,
Text book image
Traffic and Highway Engineering
Civil Engineering
ISBN:9781305156241
Author:Garber, Nicholas J.
Publisher:Cengage Learning
Text book image
Residential Construction Academy: House Wiring (M...
Civil Engineering
ISBN:9781285852225
Author:Gregory W Fletcher
Publisher:Cengage Learning
Text book image
Fundamentals Of Construction Estimating
Civil Engineering
ISBN:9781337399395
Author:Pratt, David J.
Publisher:Cengage,
Text book image
Construction Materials, Methods and Techniques (M...
Civil Engineering
ISBN:9781305086272
Author:William P. Spence, Eva Kultermann
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Engineering Fundamentals: An Introduction to Engi...
Civil Engineering
ISBN:9781305084766
Author:Saeed Moaveni
Publisher:Cengage Learning
Text book image
Solid Waste Engineering
Civil Engineering
ISBN:9781305635203
Author:Worrell, William A.
Publisher:Cengage Learning,
Text book image
Traffic and Highway Engineering
Civil Engineering
ISBN:9781305156241
Author:Garber, Nicholas J.
Publisher:Cengage Learning
Text book image
Residential Construction Academy: House Wiring (M...
Civil Engineering
ISBN:9781285852225
Author:Gregory W Fletcher
Publisher:Cengage Learning
Text book image
Fundamentals Of Construction Estimating
Civil Engineering
ISBN:9781337399395
Author:Pratt, David J.
Publisher:Cengage,
Text book image
Construction Materials, Methods and Techniques (M...
Civil Engineering
ISBN:9781305086272
Author:William P. Spence, Eva Kultermann
Publisher:Cengage Learning
SEE MORE TEXTBOOKS