11 research outputs found

    Measuring and Disrupting Malware Distribution Networks: An Interdisciplinary Approach

    Get PDF
    Malware Delivery Networks (MDNs) are networks of webpages, servers, computers, and computer files that are used by cybercriminals to proliferate malicious software (or malware) onto victim machines. The business of malware delivery is a complex and multifaceted one that has become increasingly profitable over the last few years. Due to the ongoing arms race between cybercriminals and the security community, cybercriminals are constantly evolving and streamlining their techniques to beat security countermeasures and avoid disruption to their operations, such as by security researchers infiltrating their botnet operations, or law enforcement taking down their infrastructures and arresting those involved. So far, the research community has conducted insightful but isolated studies into the different facets of malicious file distribution. Hence, only a limited picture of the malicious file delivery ecosystem has been provided thus far, leaving many questions unanswered. Using a data-driven and interdisciplinary approach, the purpose of this research is twofold. One, to study and measure the malicious file delivery ecosystem, bringing prior research into context, and to understand precisely how these malware operations respond to security and law enforcement intervention. And two, taking into account the overlapping research efforts of the information security and crime science communities towards preventing cybercrime, this research aims to identify mitigation strategies and intervention points to disrupt this criminal economy more effectively

    Cognitive triaging of phishing attacks

    Get PDF

    An Overview on Cyber Attacks and its Types for Enhancing Data Security in Business World

    Get PDF
    For sensitive data of organizations there arises a need of ensuring privacy and protection measures in systems especially at various high-tech firms. Cyber attacks are a wide form of threat confronted on web by several users on daily basis. These attacks are fundamentally used to challenge system security of others yet there are likewise some moral programmers who get into other people frameworks' to aware them about their vulnerabilities and get paid in return for securing their systems. In any case, these assaults have caused a great deal of concern for businessmen. The research covers the major types of cyber attacks that can affect the business world in an immense manner along with an overview that how these threats work and how they can be possibly prevented from. The hacking procedures are showing signs of improvement step by step and so should our frameworks to remain safe from all sorts of latest attacks on our data in various forms

    Modelling Anti-Phishing Authentication Ceremonies

    Get PDF

    Do you bend or break?:Preventing online banking fraud victimization through online resilience

    Get PDF
    This doctoral thesis is about the human aspects of online banking safety andsecurity. Preparations for this thesis, part of The Dutch Research Program onSafety and Security of Online Banking, started when online banking fraud figures were relatively high in the Netherlands. In this thesis, online banking fraud is limited to phishing and malware attacks. This thesis investigated a specific partof the issue of how to reduce this type of fraud, namely the extent to which the safety and security of online banking can be improved from an end-userpers pective. Hence, it examined how the online resilience of end users can be enhanced; making them better able to protect themselves against onlinebanking fraud. Next to the practical goal of this thesis, it also aimed to contribute to scientific theory in the behavioural information security domain.This thesis starts with an introductory Chapter (1) in which the context of studyis described and the goal and research questions are highlighted. The empiricalpart of this thesis is divided into two smaller parts. In order to get acomprehensive overview of the human aspects of online banking safety andsecurity, it is important to study the threats as well as people-focussedsafeguards. Therefore, Part I (Chapters 2 to 5) deals with studies on end-users’perceptions of and victimization due to online banking fraud. Learning moreabout risk perceptions, how and why victimization takes place, victimcharacteristics and how victims recover from incidents may lead to moreknowledge on how to combat online banking fraud effectively. Part II of thisthesis (Chapters 6 to 9) consequently deals with studies on precautionary onlinebehaviour of end users and how that behaviour can be improved. Knowledge onthis subject may contribute to strengthening one of the most essential links inthe safety and security of online banking: the end user. The concluding Chapter(10) provides an answer to the central and main research questions and dealswith the theoretical and practical implications of the findings. The main researchquestions are:1: What are the perceptions of end users regarding the safety and security ofonline banking?2: How can online banking fraud victimization be explained from an end-userperspective?3: How can precautionary online behaviour of end users be explained andimproved?To answer these questions, several studies were conducted; these areelaborated in Part I and Part II of this thesis. The contents of the chapters areoutlined below.In Chapter 2, end-user risk perceptions of online bank fraud are studied.Secondary analysis of data based on a survey among 1,200 Dutch onlinebanking users shows that online banking fraud is not considered to be a majorrisk. End users perceive the potential impact of online banking fraud to besevere, but the chances of falling victim themselves to be slim. However, theyestimate the chances of others being victimized to be higher. Furthermore,online banking customers mainly come into contact with online banking fraudthrough media communications. Indirect victimization in the social environmentand direct victimization were less common. In addition, online banking users, ingeneral, have reasonable levels of trust in online banking. Finally, this chapterreveals – using partial least squares path modelling – that risk perceptions aremainly affected by the estimated chance of becoming a victim of online bankingfraud. The perceived impact of online banking fraud and the degree of trust inonline banking affected risk perception to some extent. Direct and indirectvictimization and demographic characteristics hardly affected risk perceptions.In Chapter 3, an analysis of 600 phishing and malware incidents obtained from aDutch bank is presented. The goal of this chapter is to shed light on thecircumstances in which bank customers are victimized in phishing and malwareattacks and how these attacks manifest in practice. This chapter shows that anessential step in the fraudulent process entails customers giving away theirpersonal information to fraudsters. Phishing victimization mainly occurred byresponding to a fraudulent e-mail, a fraudulent phone call or a combination ofthese. Malware victimization primarily occurred by responding to a maliciouspop-up and by installing a malicious application on a mobile device. Customerscooperated because the fraudulent messages were perceived to be professionaland trustworthy and because customers were not sufficiently suspicious of whatwas happening. The results suggest that victims have an unintended andsubconscious, but active role in the fraudulent process. An interesting finding isthat the victims did not always seem to trust the fraudster’s intentions, but werementally unable to stop the process. Reasons for this include not being aware ofhow fraudulent schemes manifest in practice, not being alert at the rightmoment and having insufficient knowledge of online banking procedures andprecautionary measures.Chapter 4 explores factors that may explain online banking fraud victimizationbased on interviews with 30 victims using the routine activity approach andprotection motivation theory as theoretical lenses. A qualitative approach was chosen because previous quantitative studies failed to identify such factors. Theinterview data were analysed using computer-assisted qualitative data analysissoftware. This chapter demonstrates that no specific factors from the routineactivity approach and protection motivation theory that increase the chance ofonline banking fraud victimization could be identified. Moreover, victims weredistributed across genders, age categories and levels of education. Ultimately,end-user attributes that lead to higher chances of being victimized throughonline banking fraud could not be identified. This suggests that everyone issusceptible to online banking fraud victimization to some degree.In order to find out whether victims adequately recover from phishing andmalware incidents, it is important to gain insight into its effects and impact onvictims first. However, there was not much literature available on the impact ofthese cybercrimes. This gap is addressed in Chapter 5, in which interview datafrom the above mentioned 30 victims are analysed again. Besides (initial)financial effects (most victims were reimbursed), victims also described variouskinds of psychological and emotional effects, such as feeling awful and stressed,and various kinds of secondary impact, such as time loss and not being treatedproperly during the handling of the incident. Furthermore, this chapterdemonstrates that the level of impact varies among victims, ranging from littleor no impact to severe impact. Moreover, while some victims were only affectedfor a few days, some felt the effects in the long term. The impact of thesefraudulent schemes on victims should therefore not be underestimated.In addition, the interview data provided insight into cognitive and behaviouralchange in order to cope with the incident. Cognitive strategies were mainlyconcerned with reducing psychological and emotional distress, and increasingonline resilience to future attacks. The main behavioural strategies that wereidentified are reporting the incident to the bank and the police and seekingsupport from the social environment. Furthermore, various other actions weretaken, such as enhancing the safety and security of devices and being moreattentive during online banking sessions. However, it was observed that some ofthese actions were only of limited duration. Some victims adopted avoidancebehaviours, such as making less use of online banking services. Victims whowere left with financial damages rationalized the incident, thereby minimizingvictimization for themselves. Chapter 5 concludes that the coping approach thatwas applied provides a useful framework to study the effects and impact ofcybercrime victimization and how victims recover from it.In Chapters 6 and 7, survey data on 1,200 Dutch online banking users areexamined and analysed using partial least squares path modelling. In Chapter 6,three social cognitive models are compared with respect to their ability to explain the intentions of precautionary online behaviour. The models are:protection motivation theory, the reasoned action approach and an integratedmodel comprising variables of these models. The three models were successfullyapplied to online banking. The individual models equally explain much of thevariance in precautionary online behaviour. In the integrated model, thesignificant predictors of the two models remained significant and the level ofexplained variance was highest. Precautionary online behaviour is largely drivenby response efficacy, self-efficacy and attitude towards that behaviour. Thischapter concludes that both protection motivation theory and the reasonedaction approach make a unique contribution in explaining variance forprecautionary online behavioural intention. The integrated model explained mostvariance in protection motivation, which means that integrating theoreticalperspectives from different domains is worthwhile. However, protectionmotivation theory is used as the main theoretical basis in the following chapters,because of its applicability to interventions.Chapter 7 builds on the preceding chapter and continues to study a model ofprecautionary behaviour in the domain of online banking. The aim was to gaininsight into factors that encourage customers to take measures to protectthemselves against online threats. The analyses that were conducted for thischapter provided support for most of the hypothesized relationships and showedthat the model explains high levels of variance for precautionary onlinebehaviour as well as for risk perception. Threat and coping appraisal successfullypredicted the protection motivation of online banking users; in particular,response efficacy and self-efficacy were the most important predictors for takingprecautions. Secondary predictors include locus of control, perceived severity(direct effect) and the negative predictor response costs. Finally, somedifferences in precautionary online behavioural intentions were observed basedon gender and level of education.In Chapter 8, insight is gained into what protective measures self-employedentrepreneurs take in order to protect themselves against online threats andwhat motivates them to do so. Information technology is becoming increasinglyimportant for entrepreneurs. Protecting their technical infrastructure and storeddata is, therefore, also growing in importance. Nevertheless, research into thesafety and security of entrepreneurs in general, and online threats targeted atentrepreneurs in particular, are still limited. Based on secondary analyses ondata collected from 1,622 Dutch entrepreneurs, it was observed that themajority implement technical and personal coping measures. Entrepreneurs arelikely to implement protective measures if they believe a measure is effective, ifthey are capable of using internet technology, if their attitude towardsinformation security is positive and if they believe they are responsible for their own online security. These findings are similar to those of private users outlinedin Chapters 6 and 7. Finally, some differences in precautionary online behaviourwere observed based on age and education level.Chapter 9 examines the impact of fear appeal messages on user cognitions,attitudes, behavioural attentions and precautionary behaviour regarding onlineinformation-sharing to protect against the threat of phishing attacks. A pre-testpost-test design was used in which 768 internet users filled out an onlinequestionnaire. Participants were grouped in one of three fear appeal conditions:strong-fear appeal, weak-fear appeal and control condition. Claims regardingvulnerability of phishing attacks and claims concerning response efficacy ofprotective online information-sharing behaviour were manipulated in the fearappeal messages. This chapter demonstrates positive effects of fear appeals onheightening end-users’ cognitions, attitudes and behavioural intentions.However, future studies are needed to determine how subsequent securitybehaviour can be promoted, as the effects on this crucial aspect were notdirectly observed. Nonetheless, fear appeals have great potential for promotingsecurity behaviour by making end users aware of threats and simultaneouslyproviding behavioural advice on how to mitigate these threats.All things considered, this thesis investigated online banking fraud victimizationand precautionary online behaviour. Specifically, human aspects were the focusof the present research. This thesis demonstrates that good security is inpeople’s heads. It seems easier, cheaper and more successful for criminals toattack end users using psychology rather than the technology surrounding onlinebanking. Hence, even the best security engineers cannot stop end users fromgiving away their security codes. Therefore, using psychology to defend againstonline banking attacks also makes sense. This is especially the case for attacksusing social engineering (phishing), but to some extent also for attacks usingtechnical engineering (malware). Considering the further digitization of oursociety and the increasing dependability on information systems, the case ismade that people have to ‘bend’ with these developments and become resilientwhen online. This is necessary to stop people from ‘breaking’ and potentiallybecoming victims of online banking fraud.While this thesis obtained information on how safety and security of onlinebanking can be improved from an end-user perspective, it should be noted thatend users will always be confronted with numerous potential threats. It isunrealistic to believe that people can protect themselves against all threats at alltimes. Therefore, we have to accept that bad things will continue to happenonline, but optimistically they can be kept to a minimum if end users are morevigilant about what they do online and are aware of how some people abuse the advantages that the internet offers. At the very least, the impact of theseattacks can be reduced. The following main recommendations from this thesismay be helpful:1: Continue to invest in security education, training and awareness campaignsconcerning threats aimed at online banking.2: Focus on underlying cognitive dimensions in security education, training andawareness campaigns, most notably on response efficacy and self-efficacy.3: Make clear that banks and customers are partners in keeping online bankingsafe and secure.4: Facilitate victims in their recovery process, primarily by providing feedback.5: Continue with research on the human aspects of online banking safety andsecurity.In conclusion, security education, training and awareness remain an importantpriority, especially for combatting social risks. It is very important to promoteonline resilience. The research indicates that in order to strengthen the role ofcustomers in the safety and security of online banking, threat appraisals as wellas coping appraisals should be improved. If customers or end users believe thatprotective measures make a difference (response efficacy) and if they are ableto perform these measures (self-efficacy), it is likely that end users will adoptprecautionary behaviour and become a strong link in the information securitychain. Proper information security practices should become part of our generalskill set as people in this day and age. However, it should not be forgotten thatsafety and security is something that should be worked on together, with allparties involved. And when things do go wrong, we need to help one another torecover from it. All in all, an important requirement for a safer and more secureinternet is that the human factor takes a central place in information security

    A Demographic Analysis to Determine User Vulnerability among Several Categories of Phishing Attacks.

    Get PDF
    Phishing attacks have been on a meteoric rise in the last number of years, with 2016 seeing a 65% increase. The attacks range from targeting individuals with personalised messages to spam attacks from bot accounts. With the chances of being targeted by a phishing attack increasing, it is important to identify who is most at risk in order to help alleviate this threat. The aim of this study is to examine members from several demographics and their vulnerability to three types of phishing using data collected from a survey (n = 198). The survey tested the participant’s ability to recognise spoofed phishing emails, SMS phishing (Smishing) and content spoofing attacks. The respondents were presented with questions in the form of screenshots using real world phishing examples. Their answers were collected which recorded whether they got each question correct or incorrect. The data collected was analysed using a two sample t-test or one-way Anova depending on the number of categories per demographic. This study addressed demographic vulnerability to different types of phishing and highlighted who is most at risk. The results of the research revealed that gender and income did not play a part in a participant’s vulnerability to phishing when analysing their total scores across each type of phishing. However, age, education and occupation presented statistically significant results to indicate they do

    A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks

    Get PDF
    Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed web- sites and scareware to name a few. This paper presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial

    A framework to mitigate phishing threats

    Get PDF
    We live today in the information age with users being able to access and share information freely by using both personal computers and their handheld devices. This, in turn, has been made possible by the Internet. However, this poses security risks as attempts are made to use this same environment in order to compromise the confidentiality, integrity and availability of information. Accordingly, there is an urgent need for users and organisations to protect their information resources from agents posing a security threat. Organisations typically spend large amounts of money as well as dedicating resources to improve their technological defences against general security threats. However, the agents posing these threats are adopting social engineering techniques in order to bypass the technical measures which organisations are putting in place. These social engineering techniques are often effective because they target human behaviour, something which the majority of researchers believe is a far easier alternative than hacking information systems. As such, phishing effectively makes use of a combination of social engineering techniques which involve crafty technical emails and website designs which gain the trust of their victims. Within an organisational context, there are a number of areas which phishers exploit. These areas include human factors, organisational aspects and technological controls. Ironically, these same areas serve simultaneously as security measures against phishing attacks. However, each of these three areas mentioned above are characterised by gaps which arise as a result of human involvement. As a result, the current approach to mitigating phishing threats comprises a single-layer defence model only. However, this study proposes a holistic model which integrates each of these three areas by strengthening the human element in each of these areas by means of a security awareness, training and education programme

    Operating system auditing and monitoring

    Get PDF
    Ph.DDOCTOR OF PHILOSOPH
    corecore