Social Engineering Attacks
file
Advanced Persistent Threat (APT) attackers accomplish their attack objectives by co-opting users' credentials. Traditional cyber defenses leave users vulnerable to APT attacks which employ spearphishing. The success of spearphishing attacks is not a data processing failure, but is the result of defenders failing to apply the principles of Human System Integration to the problem of spearphishing. We discuss an alternative defensive strategy which addresses human performance capabilities and limitations to disrupt spearphishing attacks.
biblio
Submitted by Katie Dey on Thu, 04/07/2016 - 5:53pm
file
The information environment consists of three interrelated dimensions which are the physical, the informational and the cognitive. The most important of these is the cognitive dimension which encompasses the minds of people who interact with information and make decisions using information. Employing cyberspace operations, attackers use spearphishing to engage in espionage, sabotage and other intelligence-related activities. We discuss the use of an enhanced user interface as a means of counterintelligence to disrupt spearphishing attacks.
file
Technical defenses (such as email filtering, malware detection, firewalls, limited user privileges, and system monitoring) leave systems unnecessarily exposed to phishing attacks because the human attack surface remains easily accessible and subject to successful attacks based on principles of psychology which are exploited using military deception. The authors propose deception countermeasures which modify the email interface, thereby making the user less susceptible to email-based deception.
biblio
Submitted by rzager on Mon, 02/23/2015 - 6:57pm
biblio
Submitted by emerson on Wed, 09/17/2014 - 6:30pm
biblio
Submitted by Laurie Williams on Wed, 09/17/2014 - 6:30pm