Social engineering as an attack vector for ransomware

Gallegos-Segovia, Pablo L.; Bravo‐Torres, Jack F.; Larios-Rosillo, Victor M.; Vintimilla-Tapia, Paul E.; Yuquilima-Albarado, Ivan F.; Jara-Saltos, Juan D.

doi:10.1109/chilecon.2017.8229528

Cited by 35 publications

(20 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the paly phase, the attacker influences the victim emotionally to provide sensitive information or perform security mistakes. In the out phase, the attacker quits without leaving any proof [13].…”

Section: Social Engineering Attacksmentioning

confidence: 99%

“…Social engineering attacks may combine the different aspects previously discussed, namely: human, computer, technical, social, and physical-based. Examples of social engineering attacks include phishing, impersonation on help desk calls, shoulder surfing, dumpster diving, stealing important documents, diversion theft, fake software, baiting, quid pro quo, pretexting, tailgating, Pop-Up windows, Robocalls, ransomware, online social engineering, reverse social engineering, and phone social engineering [1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18]. Figure 4 illustrates the classification of these attacks.…”

Section: Attacks Classificationmentioning

confidence: 99%

See 1 more Smart Citation

Social Engineering Attacks: A Survey

2019

View full text Add to dashboard Cite

The advancements in digital communication technology have made communication between humans more accessible and instant. However, personal and sensitive information may be available online through social networks and online services that lack the security measures to protect this information. Communication systems are vulnerable and can easily be penetrated by malicious users through social engineering attacks. These attacks aim at tricking individuals or enterprises into accomplishing actions that benefit attackers or providing them with sensitive data such as social security number, health records, and passwords. Social engineering is one of the biggest challenges facing network security because it exploits the natural human tendency to trust. This paper provides an in-depth survey about the social engineering attacks, their classifications, detection strategies, and prevention procedures.

show abstract

Section: Social Engineering Attacksmentioning

confidence: 99%

Section: Attacks Classificationmentioning

confidence: 99%

Social Engineering Attacks: A Survey

2019

View full text Add to dashboard Cite

show abstract

“…To make them safe from these type of attacks, we need to spread awareness among students and other vulnerable groups regarding possible social engineering attacks. 19,20 Social engineering attacks generally deal with the nontechnical means, that is, manipulation techniques to undermine human in the loop. It is, then, essential to understand the combination of social engineering and technical attacks and their effect on the information systems.…”

Section: F I G U R E 1 Research Protocolmentioning

confidence: 99%

Contemplating social engineering studies and attack scenarios: A review study

Yasin

Fatima

Liu

et al. 2019

Security and Privacy

View full text Add to dashboard Cite

The previous year has seen an enormous increase in the studies related to social engineering. This increase is partly due to increasing number of social engineering attacks and partly due to people's inability to identify the attack. Thus, it is of great importance to find solutions which are helpful for human to understand the social engineering attacks and scenarios. To address this, we have performed a literature review of studies (on social engineering) in top-notch journals and conferences. In this paper, we have enlisted the types of attacks, and the persuasion techniques used by social engineers as listed in the literature. We also combined different theories which researchers tried to use to explain various activities of social engineers. Furthermore, we have mentioned that a better understanding of the social engineering attack scenarios can be done using thematic and game-based analysis techniques.Preliminary empirical evaluation of the proposed game based method shows overall neutral results. Future extension and evaluation is needed for the proposed methods. K E Y W O R D Scybercrime, cyber-security, human factors, human-centered, information security, review, social engineering

show abstract

“…• End users need to be aware of social engineering as it is a common attack vector for many malicious actors [65]. • All end users must be trained on phishing and how it must be countered.…”

Section: A Prevention Techniquesmentioning

confidence: 99%

Volenti non fit injuria: Ransomware and its Victims

Atapour-Abarghouei

Bonner

McGough

2019

2019 IEEE International Conference on Big Data (Big Data)

View full text Add to dashboard Cite

With the recent growth in the number of malicious activities on the internet, cybersecurity research has seen a boost in the past few years. However, as certain variants of malware can provide highly lucrative opportunities for bad actors, significant resources are dedicated to innovations and improvements by vast criminal organisations. Among these forms of malware, ransomware has experienced a significant recent rise as it offers the perpetrators great financial incentive. Ransomware variants operate by removing system access from the user by either locking the system or encrypting some or all of the data, and subsequently demanding payment or ransom in exchange for returning system access or providing a decryption key to the victim. Due to the ubiquity of sensitive data in many aspects of modern life, many victims of such attacks, be they an individual home user or operators of a business, are forced to pay the ransom to regain access to their data, which in many cases does not happen as renormalisation of system operations is never guaranteed. As the problem of ransomware does not seem to be subsiding, it is very important to investigate the underlying forces driving and facilitating such attacks in order to create preventative measures. As such, in this paper, we discuss and provide further insight into variants of ransomware and their victims in order to understand how and why they have been targeted and what can be done to prevent or mitigate the effects of such attacks.

show abstract

Social engineering as an attack vector for ransomware

Cited by 35 publications

References 7 publications

Social Engineering Attacks: A Survey

Social Engineering Attacks: A Survey

Contemplating social engineering studies and attack scenarios: A review study

Volenti non fit injuria: Ransomware and its Victims

Contact Info

Product

Resources

About