A social-engineering-centric data collection initiative to study phishing

Phishers nowadays rely on a variety of channels, ranging from old-fashioned emails to instant messages, social networks, and the phone system (with both calls and text messages), with the goal of reaching more victims. As a consequence, modern phishing became a multi-faceted, even more pervasive threat that is inherently more difficult to study than traditional, email-based phishing. This short paper describes the status of a data collection system we are developing to capture different aspects of phishing campaigns, with a particular focus on the emerging use of the voice channel. The general approach is to record inbound calls received on decoy phone lines, place outbound calls to the same caller identifiers (when available) and also to telephone numbers obtained from different sources. Specifically, our system analyzes instant messages (e.g., automated social engineering attempts) and suspicious emails (e.g., spam, phishing), and extracts telephone numbers, URLs and popular words from the content. In addition, users can voluntarily submit voice phishing (vishing) attempts through a public website. Extracted telephone numbers, URLs and popular words will be correlated to recognize campaigns by means of cross-channel relationships between messages

Georgia’s Cybersecurity Environment in the AI Era

This research paper explores the development of artificial intelligence (AI), international cyber threats, and Georgia's changing cybersecurity environment. This paper describes Georgia's transformation from a weak cybersecurity outpost to a nation that emphasizes promoting cybersecurity capabilities, drawing on theoretical frameworks and historical context.Georgia experienced a paradigm shift after the 2008 cyberattack, seeing the link between cybersecurity requirements and national security. In this regard, legislative turning points were crucial in determining Georgia's cybersecurity laws. Important turning points were reached by adopting the "Law on Information Security" and ratifying the Council of Europe's cyber security convention, which laid the theoretical and practical groundwork for an all-encompassing governmental cybersecurity policy. This policy aimed to strengthen the country's national security apparatus and protect its digital infrastructure.Georgia's efforts to strengthen its cybersecurity environment paid off over the next few years. The article details how Georgia has implemented action plans to incorporate cybersecurity concerns within the larger national security framework. Acclaim from international organizations like the International Telecommunication Union (ITU) confirmed Georgia's progress in the industry. However, the piece also gathers the ongoing weaknesses and vulnerabilities that must be addressed in the Georgian cybersecurity landscape. The cooperative endeavor yielded focused suggestions, stressing flexibility as a fundamental principle against ever-changing cyber threats.The analysis offers valuable insights into Georgia's cybersecurity efforts and can guide other countries amidst the complex AI-driven cyber threats. The essay analyzes Georgia's strategy to defend itself against transnational cyber threats. This essay enhances knowledge of the complex interactions between transnational cyber threats and AI and the necessity of robust cybersecurity frameworks on a global scale

A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks

Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed web- sites and scareware to name a few. This paper presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial

Ingeniería social: psicología aplicada a la seguridad informática

Castellano: Este proyecto recoge los fundamentos de los ataques de ingeniería social en los sistemas informáticos, especialmente en las grandes plataformas de Internet. El objetivo principal es lograr comprender su naturaleza y ser capaces de valorarlos como la amenaza que representan. Por tal de conseguir el objetivo se realizan pruebas de concepto para valorar el riesgo, cambiando a menudo la perspectiva a la del atacante. A raíz de este proyecto, se espera formar una base, para que en un futuro sea posible incrementar la seguridad de dichas plataformas con tecnologías de prevención, detección e intercepción de estos ataques, proponiendo la `Interacción Humano-Computador Segura¿ como punto de partida. El lector, aún no siendo responsable del mal diseño de las plataformas de Internet ni culpable de la pérdida de sus propios datos, puede concienciarse con los ejemplos mencionados y reaccionar más sabiamente en futuras situaciones delicadas

Автоматизація процесів управління розподіленими командами з використанням технології чат-ботів

У роботі проведено дослідження процесів управління в компанії ТОВ «Центр мережевих технологій ВЕБ100» (QATestLab) і сформовано вимоги до автоматизованої інформаційної системи. Виконано проектування архітектури автоматизованої інформаційної системи. Створено прототип автоматизованої інформаційної системи на основі чат-бота.The master's thesis conducted research on management processes in the company "Center Network Technology WEB100" (QATestLab) and the requirements for the automated information system were composed. The architecture of the automated information system has been designed. A prototype of an automated chatbot information system has been developed

Автоматизація процесів управління розподіленими командами з використанням технології чат-ботів

У роботі проведено дослідження процесів управління в компанії ТОВ «Центр мережевих технологій ВЕБ100» (QATestLab) і сформовано вимоги до автоматизованої інформаційної системи. Виконано проектування архітектури автоматизованої інформаційної системи. Створено прототип автоматизованої інформаційної системи на основі чат-бота.The master's thesis conducted research on management processes in the company "Center Network Technology WEB100" (QATestLab) and the requirements for the automated information system were composed. The architecture of the automated information system has been designed. A prototype of an automated chatbot information system has been developed

Autonomous Exchanges: Human-Machine Autonomy in the Automated Media Economy

Contemporary discourses and representations of automation stress the impending “autonomy” of automated technologies. From pop culture depictions to corporate white papers, the notion of autonomous technologies tends to enliven dystopic fears about the threat to human autonomy or utopian potentials to help humans experience unrealized forms of autonomy. This project offers a more nuanced perspective, rejecting contemporary notions of automation as inevitably vanquishing or enhancing human autonomy. Through a discursive analysis of industrial “deep texts” that offer considerable insights into the material development of automated media technologies, I argue for contemporary automation to be understood as a field for the exchange of autonomy, a human-machine autonomy in which autonomy is exchanged as cultural and economic value. Human-machine autonomy is a shared condition among humans and intelligent machines shaped by economic, legal, and political paradigms with a stake in the cultural uses of automated media technologies. By understanding human-machine autonomy, this project illuminates complications of autonomy emerging from interactions with automated media technologies across a range of cultural contexts