Advanced social engineering attacks

Journal of Information Security and Applications

Volumn 22, Issue , 2015, Pages 113-122

  Krombholz, Katharina ^a   Hobel, Heidelinde ^a   Huber, Markus ^a   Weippl, Edgar ^a  

^a SBA Research   (Austria)

Author keywords

Attack scenarios; Bring your own device; Knowledge worker; Privacy; Security; Social engineering

Indexed keywords

DATA PRIVACY; KNOWLEDGE MANAGEMENT; SOCIAL NETWORKING (ONLINE); VIRTUAL REALITY;

ATTACK SCENARIOS; BRING YOUR OWN DEVICES; KNOWLEDGE WORKERS; SECURITY; SOCIAL ENGINEERING;

INFORMATION MANAGEMENT;

EID: 84951909906     PISSN: 22142134     EISSN: 22142126     Source Type: Journal    
DOI: 10.1016/j.jisa.2014.09.005     Document Type: Article

References (56)

1. L. Alvisi, A. Clement, A. Epasto, S. Lattanzi, and A. Panconesi SoK: the evolution of sybil defense via social networks IEEE Symposium on Security and Privacy 2013
2. Anatomy of an attack. Available online: http://blogs.rsa.com/anatomy-of-an-attack/ [last accessed 17.07.13].
3. G. Bader, A. Anjomshoaa, and A. Tjoa Privacy aspects of mashup architecture Social Computing (SocialCom), 2010 IEEE Second International Conference on 2010 1141 1146
4. M. Balduzzi, C. Platzer, T. Holz, E. Kirda, D. Balzarotti, and C. Kruegel Abusing social networks for automated user profiling Recent advances in intrusion detection 2010 Springer 422 441
5. R. Ballagas, M. Rohs, J.G. Sheridan, and J. Borchers Byod: bring your own device Proceedings of the Workshop on Ubiquitous Display Environments, Ubicomp 2004
6. L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda All your contacts are belong to us: automated identity theft attacks on social networks Proceedings of the 18th International Conference on World Wide Web 2009 ACM 551 560
7. S.L. Blond, A. Uritesc, C. Gilbert, Z.L. Chua, P. Saxena, and E. Kirda A look at targeted attacks through the lense of an NGO 23rd USENIX Security Symposium (USENIX Security 14) Aug. 2014 USENIX Association San Diego, CA
8. Y. Boshmaf, I. Muslukhov, K. Beznosov, and M. Ripeanu The socialbot network: when bots socialize for fame and money Proceedings of the 27th Annual Computer Security Applications Conference 2011 ACM 93 102
9. G. Brown, T. Howe, M. Ihbe, A. Prakash, and K. Borders Social networks and context-aware spam Proceedings of the 2008 ACM conference on Computer supported cooperative work, CSCW '08 2008 ACM New York, NY, USA 403 412
10. E. Chin, A.P. Felt, K. Greenwood, and D. Wagner Analyzing inter-application communication in android Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, MobiSys '11 2011 ACM New York, NY, USA 239 252
11. R. Cialdini Influence: science and practice 2001 Allyn and Bacon
12. P.F. Drucker Landmarks of tomorrow: a report on the new "post-modern" world 1st ed. 1959 Harper New York
13. Gartner Inc Protect against social engineering attacks Gart Secur Webletter 1 1 Feb. 2002 [Retrieved 2008-11-13]
14. Google hack attack was ultra sophisticated. Available online: http://www.wired.com/threatlevel/2010/01/operation-aurora/ [last accessed 17.07.13].
15. D. Gragg A multi-level defense against social engineering SANS Reading Room March, 13, 2003
16. S. Granger Social engineering fundamentals, Part I: hacker tactics SecurityFocus 2001
17. N. Gruschka, and M. Jensen Attack surfaces: a taxonomy for attacks on cloud services IEEE CLOUD 2010 276 279
18. C. Herley, and D. Florencio Phishing as a tragedy of the commons NSPW 2008 2008 Lake Tahoe, CA
19. M. Huber, S. Kowalski, M. Nohlberg, and S. Tjoa Towards automating social engineering using social networking sites Computational Science and Engineering, 2009 CSE'09. International Conference on vol. 3 2009 IEEE 117 124
20. M. Huber, M. Mulazzani, M. Leithner, S. Schrittwieser, G. Wondracek, and E. Weippl Social snapshots: digital forensics for online social networks Proceedings of the 27th Annual Computer Security Applications Conference 2011
21. M. Huber, M. Mulazzani, E. Weippl, G. Kitzler, and S. Goluch Friend-in-the-middle attacks: exploiting social networking sites for spam IEEE Internet Comput 15 3 2011 28 34
22. M. Huber, M. Mulazzani, S. Schrittwieser, and E. Weippl Cheap and automated socio-technical attacks based on social networking sites 3rd Workshop on Artificial Intelligence and Security (AISec'10) vol. 10 2010
23. D. Irani, M. Balduzzi, D. Balzarotti, E. Kirda, and C. Pu Reverse social engineering attacks in online social networks Detection of Intrusions and Malware, and Vulnerability Assessment 2011 55 74
24. K. Ivaturi, and L. Janczewski A taxonomy for social engineering attacks 2011
25. T. Jagatic, N. Johnson, M. Jakobsson, and F. Menczer Social phishing Commun ACM 50 10 2007 94 100
26. Kaspersky lab identifies operation "red October," an advanced cyber-espionage campaign targeting diplomatic and government institutions worldwide. Available online: http://www.kaspersky.com/about/news/virus/2013/Kaspersky-Lab-Identifies-Operation-Red-October-an-Advanced-Cyber-Espionage-Campaign-Targeting-Diplomatic-and-Government-Institutions-Worldwide [last accessed 10.01.14].
27. R. King Twitter: more than 250K user accounts have been compromised Online 2013 Available at: http://www.zdnet.com/twitter-more-than-250k-user-accounts-have-been-compromised-7000010711/ [last accessed 21.01.14]
28. K. Krombholz, H. Hobel, M. Huber, and E. Weippl Social engineering attacks on the knowledge worker Proceedings of the 6th International Conference on Security of Information and Networks, SIN '13 2013 ACM New York, NY, USA 28 35
29. K. Krombholz, D. Merkl, and E. Weippl Fake identities in social media: a case study on the sustainability of the Facebook business model J Sci Study Relig 4 2 2012 175 212
30. K. Marett, D. Biros, and M. Knode Self-efficacy, training effectiveness, and deception detection: a longitudinal study of lie detection training Lect Notes Comput Sci 3073 2004 187 200
31. Microsoft hacked: joins Apple, Facebook, Twitter - InformationWeek. Available online: http://www.informationweek.com/security/\Attackacks/microsoft-hacked-joins-apple-facebook-tw/240149323 [last accessed 10.07.13].
32. K. Miller, J. Voas, and G. Hurlburt Byod: security and privacy considerations IT Prof 14 5 2012 53 55
33. K. Mitnick, and W. Simon The art of deception: controlling the human element of security 2002 Wiley
34. F. Mohd Foozy, R. Ahmad, M. Abdollah, R. Yusof, and M. Mas' ud Generic taxonomy of social engineering attack 2011
35. M. Mulazzani, S. Schrittwieser, M. Leithner, M. Huber, and E. Weippl Dark clouds on the horizon: using cloud storage as attack vector and online slack space Proceedings of the 20th USENIX conference on Security, SEC'11 2011 USENIX Association Berkeley, CA, USA 5
36. R. Nelson Methods of hacking: social engineering Online 2008 Available at: http://www.isr.umd.edu/gemstone/infosec/ver2/papers/socialeng.html [last accessed 04.07.13]
37. K. Parsons, A. McCormac, M. Pattinson, M. Butavicius, and C. Jerram Phishing for the truth: a scenario-based experiment of users' behavioural response to emails L. Janczewski, H. Wolfe, S. Shenoi, Security and privacy protection in information processing systems IFIP Advances in Information and Communication Technology vol. 405 2013 Springer Berlin Heidelberg 366 378
38. N. Perlroth Chinese hackers infiltrate New York Times computers Jan. 2013 Available at: https://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html [last accessed 01.07.13]
39. R. Potharaju, A. Newell, C. Nita-Rotaru, and X. Zhang Plagiarizing smartphone applications: attack strategies and defense techniques Proceedings of the 4th International Conference on Engineering Secure Software and Systems, ESSoS'12 2012 Springer-Verlag Berlin, Heidelberg 106 120
40. T. Qin, and J. Burgoon An investigation of heuristics of human judgment in detecting deception and potential implications in countering social engineering Intell Secur Inform 2007 152 159 IEEE
41. J.C. Roberts II, and W. Al-Hamdani Who can you trust in the cloud? A review of security issues within cloud computing Proceedings of the 2011 Information Security Curriculum Development Conference, InfoSecCD '11 2011 ACM New York, NY, USA 15 19
42. S. Schrittwieser, P. Fruehwirt, P. Kieseberg, M. Leithner, M. Mulazzani, M. Huber, and et al. Guess who is texting you? Evaluating the security of smartphone messaging applications Network and Distributed System Security Symposium (NDSS 2012) 2 2012
43. SocialEngineer. What is phishing - paypal phishing examples. Available online: http://www.social-engineer.org/wiki/archives/Phishing/Phishing-PayPal.html [last accessed 04.07.13].
44. Sophos Sophos Facebook id probe shows 41% of users happy to reveal all to potential identity thieves 2007 Available online: http://www.sophos.com/en-us/press-office/press-releases/2007/08/facebook.aspx [last accessed 13.07.13]
45. S. Srikwan Using cartoons to teach internet security Cryptologia 32 2 2008 137 154
46. S. Stasiukonis Social engineering, the USB way 2006 Available at: http://www.darkreading.com/security/perimeter/show Article.jhtml?articleID=208803634 [last accessed 02.07.13]
47. T. Stein, E. Chen, and K. Mangla Facebook immune system Proceedings of the 4th Workshop on Social Network Systems, SNS '11 2011 ACM New York, NY, USA 8:1 8:8
48. L. Tam, M. Glassman, and M. Vandenwauver The psychology of password management: a tradeoff between security and convenience Behav Inf Technol 29 3 May 2010 233 244
49. The robin sage experiment: fake profile fools security pros. Available at: http://www.networkworld.com/news/2010/070810-the-robin-sage-experiment-fake.html?t51hb [last accessed 14.07.13].
50. The Wall Street Journal Security tokens take hit 2011 Available at: http://online.wsj.com/news/articles/SB10001424052702304906004576369990616694366 [last accessed 01.12.13]
51. H. Thompson The human element of information security Sec Priv 11 1 2013 32 35 IEEE
52. TrustedSec Social-engineer toolkit 2013 Available online at: https://www.trustedsec.com/downloads/social-engineer-toolkit/ [last accessed 03.12.13]
53. Whatsapp. Available online: http://www.whatsapp.com/ [last accessed 18.07.13].
54. Z. Whittaker Apple hacked by same group that attacked Facebook Online 2013 Available at: http://www.zdnet.com/apple-hacked-by-same-group-that-attacked-facebook-7000011509/ [last accessed 21.01.14]
55. Z. Whittaker Facebook, Apple hacks could affect anyone: here's what you can do Online 2013 Available at: http://www.zdnet.com/facebook-apple-hacks-could-affect-anyone-heres-what-you-can-do-7000011520/ [last accessed 21.01.14]
56. Z. Whittaker Facebook hit by 'sophisticated attack'; Java zero-day exploit to blame Online 2013 Available at: http://www.zdnet.com/facebook-hit-by-sophisticated-attack-java-zero-day-exploit-to-blame-7000011390/ [last accessed 21.01.14]