OVERVIEW OF MODERN METHODS AND MEANS OF DETECTING OF SOCIOTECHNICAL ATTACKS
DOI:
https://doi.org/10.32782/IT/2024-3-9Keywords:
cyber security, information security, social engineering, sociotechnical attacks, sociotechnical attack methods, classification of sociotechnical attacksAbstract
Relevance. The rapid development of information technology and intensive data exchange are significantly changing the modern cybersecurity environment, creating new threats in the form of cyberattacks and fraud. Socio-technical attacks that use psychological manipulation to obtain confidential information or access to secure systems are particularly dangerous. Objective. Given this, the purpose of this paper is to provide a comprehensive review of existing solutions, technologies, and methods that can help organizations and private users combat sociotechnical threats. Methodology. The article studies modern methods of detecting sociotechnical attacks that use manipulative techniques. Various approaches to detecting such attacks are considered, including signature, behavioral, machine learning, metadata analysis, as well as social and psychological approaches. Particular attention is paid to interactive and simulation methods that allow organizations to test their preparedness for attacks by simulating real-world conditions. Scientific novelty. Hardware and software tools are described according to nine criteria (high level of protection, centralized management, ease of use, integration with other platforms, artificial intelligence, adaptability, offline capabilities, high cost, complexity of configuration) to detect and block sociotechnical attacks, which provide multi-level protection against sociotechnical threats. Conclusions. The findings show that educational and organizational measures remain key to raising user awareness and reducing the risk of successful attacks, and modern approaches to protecting against sociotechnical threats should be comprehensive and include both technical solutions and staff training. It is also important to continuously improve existing security measures and introduce the latest technologies to increase the effectiveness of protecting information systems from sociotechnical attacks.
References
Анна Корченко. Методи ідентифікації аномальних станів для систем виявлення вторгнень. Монографія, Київ, ЦП «Компринт», 2019. 361 с.
Scarfone K., Mell P. Guide to Intrusion Detection and Prevention Systems (IDPS). National Institute of Standards and Technology (NIST). NIST Special Publication 800-94. 2007.
Hee-Yong Kwon. Advanced Intrusion Detection Combining Signature-Based and Behavior-Based Detection Methods. Hee-Yong Kwon, Taesic Kim, Mun-Kyu Lee. Electronics 2022, Special Issue Real-Time Control of Embedded Systems. Vol. 11(6), Рр 867. doi.org/10.3390/electronics11060867.
Moustafa N., Hu J. Deep Learning for Cyber Security Intrusion Detection: Approaches, Datasets, and Comparative Evaluation. IEEE Access, 2019, Vol. 7, Рр. 104821–104845. URL: https://doi.org/10.1109/ACCESS.2019.2932754 (дата звернення: 21.08.2024).
Kisiel J., O’Neill D. Contextual Analysis for Secure Communication: A Survey. Computers & Security, 2018, Vol. 74, Рр. 172–191. URL: https://doi.org/10.1016/j.cose.2018.01.002 (дата звернення: 18.08.2024).
Кузьма К., Зівенко В. Аналіз методів фільтрації електронної пошти від спаму. Геометричне моделювання та інформаційні технології, Миколаїв, № 1 (3), 2017, стр. 84–89.
Kevin D. Mitnick, William L. Simon. The Art of Deception: Controlling the Human Element of Security. John Wiley & Sons, 2003. Computers – 368 pages.
Rahman T., Rohan R., Pal D. Human Factors in Cybersecurity: A Scoping Review. In Proceedings of the 12th International Conference on Advances in Information Technology (IAIT 2021), Bangkok, Thailand. ACM. 2021. URL: https://doi.org/10.1145/3468784.3468789 (дата звернення: 18.08.2024).
Войтович О. П., Буда А. Г., Головенько В. О. Дослідження методів аналізу соціальних мереж як середовища інформаційних війн. Сучасні інформаційні технології. 2023, стр. 76–80.
Cyber.academy. Підвищуємо кіберобізнаність громадського сектору України (cyber.academy). URL: https://www.cyber.academy/post/cyber_awareness_public_sector-1 (дата звернення: 19.08.2024).
González-Granadillo G., González-Zarzosa S., Diaz R. Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures. Sensors 2021, Vol. 21, Pp. 4759. URL: https://doi.org/10.3390/s21144759 (дата звернення: 19.08.2024).
Bamanga Ahmad M., Ahmed Shehu M. Enhancing Phishing Awareness Strategy Through Embedded Learning Tools: A Simulation Approach. Archives of Advanced Engineering Science. 2023, Vol. XX. Рр. 1–14. DOI:10.47852/bonviewAAES32021392.
Forbes Advisor. Best Phishing Simulators To Prepare Employees And Defend Your Network. URL: https://www.forbes.com/advisor/business/best-phishing-simulators/ (дата звернення: 20.08.2024).
Proofpoint. Products. URL: https://www.proofpoint.com/us (дата звернення: 21.08.2024).
Mimecast. Our Platform. URL: https://www.mimecast.com (дата звернення: 21.08.2024).
PhishMe Cofense. Products. URL: https://cofense.com (дата звернення: 21.08.2024).
KnowBe4. Products+Pricing. URL: https://www.knowbe4.com (дата звернення: 21.08.2024).
Barracuda. Products. URL: https://www.barracuda.com/ (дата звернення: 21.08.2024).
Microsoft. Microsoft Defender for Office 365. URL: https://www.microsoft.com/en-gb/security/business/siem-and-xdr/microsoft-defender-office-365 (дата звернення: 21.08.2024).
Mandiant. Products. URL: https://www.mandiant.com (дата звернення: 22.08.2024).
Cisco. Configure Cisco Security Awareness Integration with Cisco Secure Email Gateway – Cisco. URL: https://www.cisco.com/c/en/us/support/docs/security/secure-email-gateway/220332-configure-cisco-securityawareness-integ.html (дата звернення: 22.08.2024).
Network security. Products. URL: https://www.paloaltonetworks.com/network-security/wildfire (дата звернення: 22.08.2024).
SonicWall. Products. URL: https://www.sonicwall.com/products/secure-email/cloud-email-security (дата звернення: 22.08.2024).
Fortinet. Products A–Z. URL: https://www.fortinet.com/products/email-securityт (дата звернення: 22.08.2024).
Sophos Firewall. Products and Services. URL: https://news.sophos.com/en-us/2020/02/18/xg-firewallv18-is-now-available/ (дата звернення: 22.08.2024).
