Global ETD Search

21	Nätfiske : Vad är den underliggande orsaken till att personer faller för nätfiske? Jäverbo, Niklas, Hörnfalk, David January 2018 (has links) Nätfiske inom cybervärlden är ett stort och återkommande problem. Detta är det störst växande viset att sprida malware genom internet. Att utforma en nätfiskeattack kan generera många olika typer av resultat. Få ut känslig information, få den utsatta att ladda ned bifogad fil, för att sprida malware till den utsattas dator eller exempelvis låsa personens system genom ett ransomware. I detta arbete undersöks problematiken med nätfiske, vad det är för något, hur det går till när en nätfiskekampanj utförs samt vad som går att göra för att motverka detta på en mänsklig nivå. Det finns mycket forskning om olika typer av anti- nätfiskesystem och metoder. Detta arbete baserar sig på vad som går att göra för att öka säkerhetsmedvetenhet hos personer. Genom att utföra en enkätundersökning och ett penetrationstest om nätfiske hos en organisation undersöks kunskapen och säkerhetsmedvetenheten hos personalen för denna organisation. Undersökningen genomfördes för att kartlägga vad orsaken är att personer faller för dessa typer av attacker. Social engineering Nätfiske Other Computer and Information Science Annan data- och informationsvetenskap
22	Social Engineering and Internal Threats in Organizations Arenas, Miguel Tames January 2008 (has links) Organizations are taking computer security more seriously every day, investing huge amounts of money in creating stronger defenses including firewalls, anti-virus software, biometrics and identity access badges. These measures have made the business world more effective at blocking threats from the outside, and made it increasingly difficult for hackers or viruses to penetrate systems. But there are still threats that put organizations at risk , this threats are not necessary from external attackers, in this paper we will analyze what are the internal threats in organizations, why are we vulnerable and the best methods to protect our organizations from inside threats. social engineering computer security risks threats Computer Sciences Datavetenskap (datalogi)
23	Social Engineering Threats Towards Non-IT Students : A Case Study on Mitigation Strategies Indzhov, Ognyan, Jost Auf Der Stroth, Axel Isidor Michael January 2022 (has links) Social engineering has been an extremely serious security threat for several years, and the number of social engineering attacks that have been executed, the majority of which have been successful, has been steadily increasing in rapid succession. This increase can be attributed to numerous factors, such as a general increase in the accessibility and affordability of networking services and sites. Furthermore, the COVID-19 pandemic has also led to an increase in the number of attacks that have been executed and has also contributed to social engineering attacks becoming more successful than ever, due to the fear and anxiety that has been become a prevalent issue due to the pandemic. While social engineering is still a detrimental issue to cyber security infrastructure and corporations everywhere no one solution can be implemented, either through the use of hardware or software, that can prevent social engineering attacks from occurring. In order to aid everyday users in gaining a better understanding and to inform them about social engineering, a set of research questions are proposed, where we seek to highlight modern social engineering attacks, present both scientific and practical defence strategies and determine how aware non-IT students are about social engineering attacks. To answer these questions, a literature survey is performed along with a case study, where we seek to gain a deeper insight into the understanding and awareness that both non-IT students and IT experts have about social engineering attacks, techniques and defense strategies. The results of this research project demonstrated that there are a number of practical solutions offered in both state-of-the-art and state-of-the-practice literature that can be used to counter various social engineering attack methods. Additionally, it seems that IT-experts seem to implement some form of these prevention methods in real life. Additionally, the study shows that generally, non-IT students are quite aware about social engineering attacks, but could still benefit from learning about the different mitigation strategies that are available. Social Engineering Defence Mitigation Solutions Computer Sciences Datavetenskap (datalogi)
24	ENVIRONMENTAL FACTORS AFFECT SOCIAL ENGINEERING ATTACKS Minglu Li (10994988) 23 July 2021 (has links) <div> <div> <div> <div> <p>Social engineering attacks can have serious consequences when it comes to information security. A social engineering attack aims at sensitive personal information by using personality weaknesses and using manipulation techniques. Because the user is often seen as the weakest link, techniques like phishing, baiting, and vishing, and deception are used to glean important personal information successfully. This article will analyze the relationship between the environment and social engineering attacks. This data consists of 516 people taking a survey. When it comes to discovering the relationship, there are two parts of the analysis. One is a high-dimensional analysis using multiple algorithms to find a connection between the environment and people’s behavior. The other uses a text analysis algorithm to study the pattern of survey questions, which can help discover why certain people have the same tendency in the same scenario. After combining these two, we might show how people have different reactions when dealing with social engineering attacks due to environmental factors. </p> </div> </div> </div> </div> social engineering
25	COMPARING SOCIAL ENGINEERING TRAINING IN THE CONTEXT OF HEALTHCARE Giovanni Ordonez (12481197) 03 May 2022 (has links) <p>Social Engineering attacks have been a rising issue in recent years, affecting a multitude of industries. One industry that has been of great interest to hackers is the Healthcare industry due to the high value of patient information. Social Engineering attacks are mainly common because of the ease of execution and the high probability of victimization. A popular way of combatting Social Engineering attacks is by increasing the user’s ability to detect indicators of attack, which requires a level of cybersecurity education. While the number of cybersecurity training programs is increasing, Social Engineering attacks are still very successful. Therefore, education programs need to be improved to effectively increase the ability of users to notice indicators of attack. This research aimed to answer the question - what teaching method results in the greatest learning gains for understanding Social Engineering concepts? This was done by investigating text-based, gamification, and adversarial thinking teaching methods. These three teaching methods were used to deliver lessons on an online platform to a sample of Purdue students. After conducting analysis, both text-based and adversarial thinking showed significant improvement in the understanding of Social Engineering concepts within the student sample. After conducting a follow-up test, a single teaching method was not found to be better among the three teaching methods. However, this study did find two teaching methods that can be used to develop training programs to help decrease the total number of successful Social Engineering attacks across industries. </p> Computer System Security Social Engineering Teaching Methods Healthcare Security
26	Hack the Human : A qualitative research study exploring the human factor and social engineering awareness in cybersecurity and risk management among Swedish organizations. Andersson, Isak, Bjursell, Liza, Palm, Isak January 2023 (has links) Background: With the rapid advancements in technology, cybersecurity has become a topic of great importance. However, the weakest link in cybersecurity programs is mainly due to human error. Proper cyber-behavior training and up-to-date information are crucial for employees to defend against cybercrimes, as criminals continue to exploit human vulnerabilities. Cybersecurity has become a critical aspect of today's digital world, necessitating comprehensive policies and practices that align with an organization's overall risk management strategy. Social engineering, a tactic employed by cybercriminals, exploits human weaknesses and biases, making prevention and detection more challenging. There are limited understanding of how human behavior affects leaders in engaging with social engineering practices, as well as a lack of consensus on implementing policies related to social engineering. Purpose: Considering the limited understanding of human behavior in cybersecurity, the purpose of this thesis is to investigate and analyze how different Swedish organizations perceive, enact, and are influenced by the awareness of social engineering in cybersecurity and risk management. Method: This is a qualitative thesis that has followed a case study research design and a positivism research philosophy, the approach has been inductive, and data has been collected through semi-structured interviews. Conclusion: Cybersecurity is an ongoing arms race with no foreseeable end in sight, as strategies and methods of attack are constantly evolving. With the data gathered, we discovered that there is a lack of awareness of how the threats can be approached and how to manage them, as well as different strategies that different organizations had employed to tighten the margin of error. The findings suggest a need for increased awareness and education to improve cybersecurity in Swedish organizations. We became aware that organizations exhibit a greater level of naivety than previously assumed, accompanied by the presence of optimism bias. Considering these findings, we strongly advise raising awareness through comprehensive employee education and adopting the Principle of Least Privilege (POLP) to enhance security measures and the awareness that is necessary. To adopt a more holistic perspective, we have derived a modified version of the risk appetite framework that can effectively facilitate the implementation of these recommendations. Cybersecurity risk management social engineering risk appetite Business Administration Företagsekonomi
27	The Social Engineering Attack Spiral (SEAS) Cullen, Andrea J., Armitage, Lorna January 2016 (has links) Yes / Cybercrime is on the increase and attacks are becoming ever more sophisticated. Organisations are investing huge sums of money and vast resources in trying to establish effective and timely countermeasures. This is still a game of catch up, where hackers have the upper hand and potential victims are trying to produce secure systems hardened against what feels like are inevitable future attacks. The focus so far has been on technology and not people and the amount of resource allocated to countermeasures and research into cyber security attacks follows the same trend. This paper adds to the growing body of work looking at social engineering attacks and therefore seeks to redress this imbalance to some extent. The objective is to produce a model for social engineering that provides a better understanding of the attack process such that improved and timely countermeasures can be applied and early interventions implemented. Information security Social engineering Iterative spiral model Targeted attack
28	Moderna sociala manipuleringsangrepp : En kvalitativ intervjustudie med penetrationstestare / Modern social engineering attacks : A qualitative interview study of penetration testers Ödman, Alina January 2019 (has links) Dagens samhälle präglas av den växande digitaliseringen. Information flödar på alla håll och kanter, den bearbetas, lagras och kommuniceras konstant. Nuförtiden kan systemen byggas ganska säkra, men så fort man sätter en människa bakom tangentbordet introducerar man en rejäl sårbarhet och äventyrar att vår information hamnar i fel händer. SE (social engineering, social manipulering) är konsten att nyttja social interaktion som ett medel oavsett om det kräver ett tekniskt system eller övertygelse för att få tillgång till känslig information. Detta är en kvalitativ intervjustudie som försöker skildra hur penetrationstestare ser och arbetar med/mot SE (social engineering, social manipulering) sker. Studien tolkar penetrationstestares perspektiv på dagens sociala manipulerings angrepp, hur de arbetar med det och vad vi som individer kan göra för att skydda oss. Slutsatserna från studiens delfrågor hjälper att besvara studiens forskningsfråga “Hur ser penetrationstestare på dagens SE?” Studien visar på att majoriteten av respondenterna är överens om hur SE ser ut idag. Konklusionen visar på att angreppet “phishing” är en av de vanligaste angreppsformerna idag både trendmässigt och arbetsrelaterat just nu. Vidare skildrades även “varför sociala manipulatörer ofta lyckas med sina angrepp” vilket resulterade i att den psykologiska aspekten är ett av de viktigaste förbättringsområdena inom SE. Slutligen, redogjorde respondenterna viktiga skyddsåtgärder som kan tillämpas av både organisationer och privatpersoner. / Our modern World is filled with information everywhere. Information isconstantly processed, stored and communicated. However,we all know that information usuallyhas some value;therefore,we build secure and complex systems, whichare packed with data. Valuable data. Then we put humans behind those systems and introduce ahuge vulnerability and by that,we are risking our data falling into the wrong hands. Social engineering –it is used to deceive people and letting themgive up sensitive information. This qualitative interview study will attempt to disclose the perception of social engineering from people who perform penetration-testingservices. The results of the study are showing that participators are partially decided of their view of social engineering. They almost all agree that “phishing” is a common attack in bothinternet occurrences and in work-related matters. Furthermore, the conclusion shows that the psychological aspect of social engineering is an important improvement area. Lastly, the participants explain several preventative actions, whichcan be used by organizations and by individuals to minimize the risk of exposure to social engineering. Social engineering social engineer social engineering attack penetration testers. Social manipulering social manipulatör sociala manipuleringsangrepp penetrationstestare Engineering and Technology Teknik och teknologier
29	Social-engineering ett hot mot informationssäkerheten? Palmqvist, Stefan January 2008 (has links) <p>Den här rapporten tar upp ett annorlunda hot mot informationssäkerheten, som inte hårdvara</p><p>eller mjukvara kan stoppa. Detta hot kallas för social-engineering, och det som gör detta hot</p><p>farligt är att de anställda och chefer i en organisation, kan hjälpa utövaren av socialengineering</p><p>utan att de själva vet om det.</p><p>Det går inte att förhindra att dessa attacker sker, men man kan förhindra de negativa</p><p>konsekvenserna av en sådan attack. Denna rapport tar upp hur man ska göra för att en</p><p>organisation ska kunna fortsätta med sin verksamhet, efter en attack av social-engineering. I</p><p>värsta fall kan en attack av social-engineering innebära att ett företag aldrig återhämtar sig.</p><p>Detta kan bero på att organisationen har förlorat alla sina kunder, förlorat marknads andelar,</p><p>eller för att de ansvariga och viktiga personerna i organisationen har blivit dömda för</p><p>oaktsamhet och sitter i fängelse.</p><p>Denna rapport ska informera och få er att vara uppmärksamma och medvetna om dessa</p><p>hot, som ni kanske inte vet finns. Ni ska få kunskap och lära er känna igen de olika</p><p>förklädnaderna en utövare av social-engineering antar.</p> / <p>This paper discusses a different threat against information security, which can not be</p><p>prevented by either hardware or software. This Threat is called social engineering and the</p><p>main issue that makes this threat so dangerous is that the victims, like executives and the</p><p>employees in an organization are not aware that they actually helps the practician of social</p><p>engineering.</p><p>These attacks can not be avoided, but there is a way to prevent negative consequences of</p><p>such an attack. This paper discusses how an organization can manage to continue with the</p><p>activity, despite an attack of social engineering. In worse case the scenarios of an attack of</p><p>social engineering can mean that an organization never fully recovers. The different scenarios</p><p>of this can be as following. The organization could lose all the clients, they could have lost</p><p>market share or the responsible important people in the organization could be convicted and</p><p>sent to jail.</p><p>This paper will make you aware of these threats that you might even don’t know exists.</p><p>You will be given the knowledge to be able to recognize de different disguises a practician of</p><p>social engineering can assume.</p> social engineering information security hacker policy for security work risk social-engineering informationssäkerhet hacker säkerhetspolicy riskanalys Computer science Datalogi
30	Social-engineering ett hot mot informationssäkerheten? Palmqvist, Stefan January 2008 (has links) Den här rapporten tar upp ett annorlunda hot mot informationssäkerheten, som inte hårdvara eller mjukvara kan stoppa. Detta hot kallas för social-engineering, och det som gör detta hot farligt är att de anställda och chefer i en organisation, kan hjälpa utövaren av socialengineering utan att de själva vet om det. Det går inte att förhindra att dessa attacker sker, men man kan förhindra de negativa konsekvenserna av en sådan attack. Denna rapport tar upp hur man ska göra för att en organisation ska kunna fortsätta med sin verksamhet, efter en attack av social-engineering. I värsta fall kan en attack av social-engineering innebära att ett företag aldrig återhämtar sig. Detta kan bero på att organisationen har förlorat alla sina kunder, förlorat marknads andelar, eller för att de ansvariga och viktiga personerna i organisationen har blivit dömda för oaktsamhet och sitter i fängelse. Denna rapport ska informera och få er att vara uppmärksamma och medvetna om dessa hot, som ni kanske inte vet finns. Ni ska få kunskap och lära er känna igen de olika förklädnaderna en utövare av social-engineering antar. / This paper discusses a different threat against information security, which can not be prevented by either hardware or software. This Threat is called social engineering and the main issue that makes this threat so dangerous is that the victims, like executives and the employees in an organization are not aware that they actually helps the practician of social engineering. These attacks can not be avoided, but there is a way to prevent negative consequences of such an attack. This paper discusses how an organization can manage to continue with the activity, despite an attack of social engineering. In worse case the scenarios of an attack of social engineering can mean that an organization never fully recovers. The different scenarios of this can be as following. The organization could lose all the clients, they could have lost market share or the responsible important people in the organization could be convicted and sent to jail. This paper will make you aware of these threats that you might even don’t know exists. You will be given the knowledge to be able to recognize de different disguises a practician of social engineering can assume. social engineering information security hacker policy for security work risk social-engineering informationssäkerhet hacker säkerhetspolicy riskanalys Computer Sciences Datavetenskap (datalogi)

Search results