The analysis of development, typical objectives and mechanisms of phishing attacks
Abstract
The work discusses the issues of phishing attacks, emphasizing the interconnection between the stages of information technology development and the periods of phishing evolution. Attention is drawn to the fact that any new communication resource or online technology significantly expands the range of possible social engineering techniques, a key element of modern phishing. Based on a review of known incidents, it is asserted that this type of attack will continue to proliferate. The main factors contributing to the further growth of phishing include: -active implementation of artificial intelligence and Internet of Things technologies; -proliferation of satellite Internet; -persistent increase in the number of network users; -technological rivalry among major actors in the post-industrial world. It is emphasized that the increased accessibility of the global Internet will lead to a rise in the number of users of new communication services and platforms. However, the widespread digitization of modern society, coupled with low levels of digital literacy in certain social strata, will result in potential vulnerabilities for large groups of technologically uninformed users. The simultaneous existence of these two trends will increase the number of potential phishing attack victims in the future. It is highlighted that integrating phishing with other types of cyberattacks increases the overall incidence of phishing. The significant prevalence of social networks is noted as a major means of phishing dissemination. The conclusion is drawn that phishing attacks in corporate and private segments of modern information systems, despite their external similarities, aim to obtain substantially different "bonuses" in terms of scale, consequences, and substantive actions. These implicit differences determine the variations in impact vectors and attacking scenarios. Special attention is given to the use of multi-factor authentication, which significantly complicates the impersonation of user identification data, making phishing less effective. It is noted that implementing comprehensive protection against phishing attacks involves continuous improvement of existing security technologies in conjunction with organizational measures. The organizational component should clearly regulate the levels of personal and collective responsibility for the current security status of the utilized systems and information resources.
Downloads
References
Venkatesha, S., Reddy, K. R., & Chandavarkar, B. R. (2021). Social engineering attacks during the COVID-19 pandemic. SN computer science, 2, 1-9. Retrieved from: https://link.springer.com/article/10.1007/s42979-020-00443-1
Колованова, Є. П., Малахов, С. В., & Чорна, Т. Е. (2023, July). Передумови та основні складові з протидії доксінгу пер-сональних даних. In The 27th International scientific and practical conference “Trends of young scientists regarding the de-velopment of science”(July 11–14, 2023) Edmonton, Canada. International Science Group. 2023. 225 p. (p. 194). Вилучено з: http://surl.li/otbbx
Гайкова, В., & Малахов, С. (2021). Аналіз факторів і умов реалізації кібербулінгу з урахуванням можливостей сучасних інформаційних систем. Комп’ютерні науки та кібербезпека, (1), 50-59. Вилучено з: https://periodicals.karazin.ua/cscs/article/view/17435/16040
IBM. (2023). Security X-Force Threat Intelligence Index 2023 Full Report. https://www.ibm.com/downloads/cas/DB4GL8YM
Даркнет (теневой интернет, DarkNet). (2023). TADVISER. Вилучено з http://surl.li/owlss
Лєсная, Ю. Є., Малахов, С. В., & Мелкозьорова, О. М. (2023, November). АНАЛІЗ РЕГІОНАЛЬНИХ ТА ГАЛУЗЕВИХ ВІДМІННОСТЕЙ ПРИ РЕАЛІЗАЦІЇ ФІШИНГОВИХ АТАК. In The 8th International scientific and practical conference “Distance learning in universities and modern problems”(November 07-10, 2023) Budapest, Hungary. International Science Group. 2023. 314 p. (p. 289). Вилучено з: https://isg-konf.com/wp-content/uploads/2023/11/DISTANCE-LEARNING-IN-UNIVERSITIES-AND-MODERN-PROBLEMS.pdf
Saqib, I. (2023). Comparison Of Different Firewalls Performance In A Virtual For Cloud Data Center. Journal of Advancement in Computing, 1(1), 21-28. Retrieved from: https://journalsriuf.com/index.php/JAC/article/view/49/59
Putri, H. A., Djibran, N., & Tulloh, R. (2023). Implementation Of Next-Generation Firewalls To Protect Applications From Malware Attacks. Jurnal Indonesia Sosial Teknologi, 4(11), 1961-1970. Retrieved from: https://jist.publikasiindonesia.id/index.php/jist/article/view/797/1393
Prasetia, B. A., Ramadhany, D. A., Guniawan, G., & Waluyo, I. G. (2023). Analisa Perangkat Fortinet Sebagai Firewall Untuk Memblokir Aplikasi Sosial Media Dan Platform Streaming Saat Jam Kerja (Studi Kasus: PT. Aplikanusa Lintasarta). BINER: Jurnal Ilmu Komputer, Teknik dan Multimedia, 1(3), 496-504. Retrieved from: https://www.journal.mediapublikasi.id/index.php/Biner/article/view/3062/1667
Dieterich, A., Schopp, M., Stiemert, L., Steininger, C., & Pöhn, D. (2023). Evaluation of Persistence Methods Used by Malware on Microsoft Windows Systems. Retrieved from: https://www.scitepress.org/Papers/2023/117102/117102.pdf
Kremer, R., Wudali, P. N., Momiyama, S., Araki, T., Furukawa, J., Elovici, Y., & Shabtai, A. (2023). IC-SECURE: Intelligent System for Assisting Security Experts in Generating Playbooks for Automated Incident Response. arXiv preprint arXiv:2311.03825. Retrieved from: https://arxiv.org/pdf/2311.03825.pdf
Mohamed, N. (2023). Current trends in AI and ML for cybersecurity: A state-of-the-art survey. Cogent Engineering, 10(2), 2272358. Retrieved from: https://doi.org/10.1080/23311916.2023.2272358
Ghose, N., Gupta, K., Lazos, L., Li, M., Xu, Z., & Li, J. (2023). ZITA: Zero-Interaction Two-Factor Authentication using Contact Traces and In-band Proximity Verification. IEEE Transactions on Mobile Computing. Retrieved from: https://cse.unl.edu/~nghose/pubs/journal/GHOSE_TMC_2023-main.pdf
Šuškalo, D., Morić, Z., Redžepagić, J., & Regvart, D. (2023). COMPARATIVE ANALYSIS OF IBM QRADAR AND WAZUH FOR SECURITY INFORMATION AND EVENT MANAGEMENT. Annals of DAAAM & Proceedings, 34. Re-trieved from: http://surl.li/ozagr
Ashiq, M. I., Li, W., Fiebig, T., & Chung, T. (2023). You've Got Report: Measurement and Security Implications of {DMARC} Reporting. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 4123-4137). Retrieved from: https://www.usenix.org/system/files/usenixsecurity23-ashiq.pdf
Вдовенко, С., Даник, Ю., & Фараон, С. (2019). Дефініційні проблеми термінології у сфері кібербезпеки і кібероборони та шляхи їх вирішення. Комп’ютерні науки та кібербезпека, (1), 18-30. Вилучено з: https://periodicals.karazin.ua/cscs/article/view/13080/12378
Starlink internet: Coverage & availability map | broadbandnow. (б. д.). BroadbandNow. https://broadbandnow.com/starlink
The latest phishing statistics (updated december 2023) | AAG IT support. (б. д.). AAG IT Services. https://aag-it.com/the-latest-phishing-statistics/
Statista - the statistics portal. (б. д.-a). Statista. https://www.statista.com/markets/424/topic/540/social-media-user-generated-content/#statistic1
Михайленко, Д. Д., & Нємцев, М. О. (2023, May). ОСОБЛИВОСТІ ТЕХНОЛОГІЇ МЕРЕЖЕВИХ ПАСТОК ЯК ІН-СТРУМЕНТУ АКТИВНОГО ЗАХИСТУ ТА АНАЛІЗУ ДІЙ АТАКУЮЧОЇ СТОРОНИ. In The 21th International scientific and practical conference “Scientists and methods of using modern technologies”(May 30–June 02, 2023) Melbourne, Australia. International Science Group. 2023. 522 p. (p. 483). Вилучено з: http://surl.li/otbvt
Лєсная Ю. Є. Аналіз структури фішингових атак та дослідження механізмів їх реалізації в корпоративному й прива-тному сегментах користувачів сучасних інформаційних систем. Пояснювальна записка до дипломної роботи магістра: напрям підготовки 125 – Кібербезпека / Ю. Є. Лєсная; Харківський національний університет імені В. Н. Каразіна. – Харків: [Б. В.], 2023. – 69 с.
Лєсная, Ю., Малахов, С. Узагальнення основних передумов реалізації фішингових атак. Proceedings of the XVII Inter-national Scientific and Practical Conference. Ankara, Turkey. 2023. Pp.453-457. Вилучено з: URL: https://isg-konf.com/wp-content/uploads/2023/05/SYSTEM-ANALYSIS-AND-INTELLIGENT-SYSTEMS-FOR-MANAGEMENT.pdf