The analysis of development, typical objectives and mechanisms of phishing attacks

  • Yuliia Liesnaia V. N. Karazin Kharkiv National University
  • Serhii Malakhov V. N. Karazin Kharkiv National University https://orcid.org/0000-0001-8826-1616
Keywords: Phishing, Attack, Resource, Information Security, Social Engineering, DNS

Abstract

The work discusses the issues of phishing attacks, emphasizing the interconnection between the stages of information technology development and the periods of phishing evolution. Attention is drawn to the fact that any new communication resource or online technology significantly expands the range of possible social engineering techniques, a key element of modern phishing. Based on a review of known incidents, it is asserted that this type of attack will continue to proliferate. The main factors contributing to the further growth of phishing include: -active implementation of artificial intelligence and Internet of Things technologies; -proliferation of satellite Internet; -persistent increase in the number of network users; -technological rivalry among major actors in the post-industrial world. It is emphasized that the increased accessibility of the global Internet will lead to a rise in the number of users of new communication services and platforms. However, the widespread digitization of modern society, coupled with low levels of digital literacy in certain social strata, will result in potential vulnerabilities for large groups of technologically uninformed users. The simultaneous existence of these two trends will increase the number of potential phishing attack victims in the future. It is highlighted that integrating phishing with other types of cyberattacks increases the overall incidence of phishing. The significant prevalence of social networks is noted as a major means of phishing dissemination. The conclusion is drawn that phishing attacks in corporate and private segments of modern information systems, despite their external similarities, aim to obtain substantially different "bonuses" in terms of scale, consequences, and substantive actions. These implicit differences determine the variations in impact vectors and attacking scenarios. Special attention is given to the use of multi-factor authentication, which significantly complicates the impersonation of user identification data, making phishing less effective. It is noted that implementing comprehensive protection against phishing attacks involves continuous improvement of existing security technologies in conjunction with organizational measures. The organizational component should clearly regulate the levels of personal and collective responsibility for the current security status of the utilized systems and information resources.

Downloads

Download data is not yet available.

Author Biographies

Yuliia Liesnaia, V. N. Karazin Kharkiv National University

CSD Student (magistrate), Department of Security of Information Systems and Technologies

Serhii Malakhov, V. N. Karazin Kharkiv National University

Ph.D., Senior Researcher, Computer Science Department.

References

Venkatesha, S., Reddy, K. R., & Chandavarkar, B. R. (2021). Social engineering attacks during the COVID-19 pandemic. SN computer science, 2, 1-9. Retrieved from: https://link.springer.com/article/10.1007/s42979-020-00443-1

Колованова, Є. П., Малахов, С. В., & Чорна, Т. Е. (2023, July). Передумови та основні складові з протидії доксінгу пер-сональних даних. In The 27th International scientific and practical conference “Trends of young scientists regarding the de-velopment of science”(July 11–14, 2023) Edmonton, Canada. International Science Group. 2023. 225 p. (p. 194). Вилучено з: http://surl.li/otbbx

Гайкова, В., & Малахов, С. (2021). Аналіз факторів і умов реалізації кібербулінгу з урахуванням можливостей сучасних інформаційних систем. Комп’ютерні науки та кібербезпека, (1), 50-59. Вилучено з: https://periodicals.karazin.ua/cscs/article/view/17435/16040

IBM. (2023). Security X-Force Threat Intelligence Index 2023 Full Report. https://www.ibm.com/downloads/cas/DB4GL8YM

Даркнет (теневой интернет, DarkNet). (2023). TADVISER. Вилучено з http://surl.li/owlss

Лєсная, Ю. Є., Малахов, С. В., & Мелкозьорова, О. М. (2023, November). АНАЛІЗ РЕГІОНАЛЬНИХ ТА ГАЛУЗЕВИХ ВІДМІННОСТЕЙ ПРИ РЕАЛІЗАЦІЇ ФІШИНГОВИХ АТАК. In The 8th International scientific and practical conference “Distance learning in universities and modern problems”(November 07-10, 2023) Budapest, Hungary. International Science Group. 2023. 314 p. (p. 289). Вилучено з: https://isg-konf.com/wp-content/uploads/2023/11/DISTANCE-LEARNING-IN-UNIVERSITIES-AND-MODERN-PROBLEMS.pdf

Saqib, I. (2023). Comparison Of Different Firewalls Performance In A Virtual For Cloud Data Center. Journal of Advancement in Computing, 1(1), 21-28. Retrieved from: https://journalsriuf.com/index.php/JAC/article/view/49/59

Putri, H. A., Djibran, N., & Tulloh, R. (2023). Implementation Of Next-Generation Firewalls To Protect Applications From Malware Attacks. Jurnal Indonesia Sosial Teknologi, 4(11), 1961-1970. Retrieved from: https://jist.publikasiindonesia.id/index.php/jist/article/view/797/1393

Prasetia, B. A., Ramadhany, D. A., Guniawan, G., & Waluyo, I. G. (2023). Analisa Perangkat Fortinet Sebagai Firewall Untuk Memblokir Aplikasi Sosial Media Dan Platform Streaming Saat Jam Kerja (Studi Kasus: PT. Aplikanusa Lintasarta). BINER: Jurnal Ilmu Komputer, Teknik dan Multimedia, 1(3), 496-504. Retrieved from: https://www.journal.mediapublikasi.id/index.php/Biner/article/view/3062/1667

Dieterich, A., Schopp, M., Stiemert, L., Steininger, C., & Pöhn, D. (2023). Evaluation of Persistence Methods Used by Malware on Microsoft Windows Systems. Retrieved from: https://www.scitepress.org/Papers/2023/117102/117102.pdf

Kremer, R., Wudali, P. N., Momiyama, S., Araki, T., Furukawa, J., Elovici, Y., & Shabtai, A. (2023). IC-SECURE: Intelligent System for Assisting Security Experts in Generating Playbooks for Automated Incident Response. arXiv preprint arXiv:2311.03825. Retrieved from: https://arxiv.org/pdf/2311.03825.pdf

Mohamed, N. (2023). Current trends in AI and ML for cybersecurity: A state-of-the-art survey. Cogent Engineering, 10(2), 2272358. Retrieved from: https://doi.org/10.1080/23311916.2023.2272358

Ghose, N., Gupta, K., Lazos, L., Li, M., Xu, Z., & Li, J. (2023). ZITA: Zero-Interaction Two-Factor Authentication using Contact Traces and In-band Proximity Verification. IEEE Transactions on Mobile Computing. Retrieved from: https://cse.unl.edu/~nghose/pubs/journal/GHOSE_TMC_2023-main.pdf

Šuškalo, D., Morić, Z., Redžepagić, J., & Regvart, D. (2023). COMPARATIVE ANALYSIS OF IBM QRADAR AND WAZUH FOR SECURITY INFORMATION AND EVENT MANAGEMENT. Annals of DAAAM & Proceedings, 34. Re-trieved from: http://surl.li/ozagr

Ashiq, M. I., Li, W., Fiebig, T., & Chung, T. (2023). You've Got Report: Measurement and Security Implications of {DMARC} Reporting. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 4123-4137). Retrieved from: https://www.usenix.org/system/files/usenixsecurity23-ashiq.pdf

Вдовенко, С., Даник, Ю., & Фараон, С. (2019). Дефініційні проблеми термінології у сфері кібербезпеки і кібероборони та шляхи їх вирішення. Комп’ютерні науки та кібербезпека, (1), 18-30. Вилучено з: https://periodicals.karazin.ua/cscs/article/view/13080/12378

Starlink internet: Coverage & availability map | broadbandnow. (б. д.). BroadbandNow. https://broadbandnow.com/starlink

The latest phishing statistics (updated december 2023) | AAG IT support. (б. д.). AAG IT Services. https://aag-it.com/the-latest-phishing-statistics/

Statista - the statistics portal. (б. д.-a). Statista. https://www.statista.com/markets/424/topic/540/social-media-user-generated-content/#statistic1

Михайленко, Д. Д., & Нємцев, М. О. (2023, May). ОСОБЛИВОСТІ ТЕХНОЛОГІЇ МЕРЕЖЕВИХ ПАСТОК ЯК ІН-СТРУМЕНТУ АКТИВНОГО ЗАХИСТУ ТА АНАЛІЗУ ДІЙ АТАКУЮЧОЇ СТОРОНИ. In The 21th International scientific and practical conference “Scientists and methods of using modern technologies”(May 30–June 02, 2023) Melbourne, Australia. International Science Group. 2023. 522 p. (p. 483). Вилучено з: http://surl.li/otbvt

Лєсная Ю. Є. Аналіз структури фішингових атак та дослідження механізмів їх реалізації в корпоративному й прива-тному сегментах користувачів сучасних інформаційних систем. Пояснювальна записка до дипломної роботи магістра: напрям підготовки 125 – Кібербезпека / Ю. Є. Лєсная; Харківський національний університет імені В. Н. Каразіна. – Харків: [Б. В.], 2023. – 69 с.

Лєсная, Ю., Малахов, С. Узагальнення основних передумов реалізації фішингових атак. Proceedings of the XVII Inter-national Scientific and Practical Conference. Ankara, Turkey. 2023. Pp.453-457. Вилучено з: URL: https://isg-konf.com/wp-content/uploads/2023/05/SYSTEM-ANALYSIS-AND-INTELLIGENT-SYSTEMS-FOR-MANAGEMENT.pdf

Published
2023-12-25
Cited
How to Cite
Liesnaia, Y., & Malakhov, S. (2023). The analysis of development, typical objectives and mechanisms of phishing attacks. Computer Science and Cybersecurity, (1), 6-27. https://doi.org/10.26565/2519-2310-2023-1-01
Section
Статті

Most read articles by the same author(s)