Der Anstieg der Opfererfahrungen durch Internetkriminalität unterstreicht die Notwendigkeit zu verstehen, wie sich Menschen online verhalten und wie unsicheres Online-Verhalten mit Viktimisierung zusammenhängen kann. Bisherige Studien haben sich oft auf selbstberichtete Verhaltensweisen oder Einstellungen zu vorsichtigem Online-Verhalten verlassen. Studien, die sowohl das tatsächliche Online-Verhalten als auch erklärende Faktoren in einer grossen Stichprobe gemessen haben, sind rar. In diesem Beitrag wird das Forschungsinstrument der Online Behaviour and Victimization Study vorgestellt. Das Kapitel skizziert die Entwicklung dieses Instruments, das ein bevölkerungsbasiertes Befragungsexperiment verwendet. Mit diesem Instrument kann das tatsächliche Verhalten von Internetnutzern gemessen werden. Während des Ausfüllens der Umfrage werden die Befragten mit (fiktiven) Cyber-Risikosituationen konfrontiert, wodurch die Forscher analysieren können, wie die Befragten mit diesen Situationen umgehen. Darüber hinaus wurden auf der Grundlage von Theorien und einer umfangreichen Literaturstudie, die in diesem Beitrag kurz skizziert wird, Messungen für zahlreiche erklärende Faktoren in die Studie aufgenommen, darunter Wissen (Bewusstsein), Gelegenheit und Motivation. Schließlich wird die frühere Viktimisierung durch Cyberkriminalität gemessen, was es ermöglicht, den Zusammenhang zwischen dem tatsächlichen Online-Verhalten und der Online-Viktimisierung zu untersuchen.
MULTIFILE
We present a novel anomaly-based detection approach capable of detecting botnet Command and Control traffic in an enterprise network by estimating the trustworthiness of the traffic destinations. A traffic flow is classified as anomalous if its destination identifier does not origin from: human input, prior traffic from a trusted destination, or a defined set of legitimate applications. This allows for real-time detection of diverse types of Command and Control traffic. The detection approach and its accuracy are evaluated by experiments in a controlled environment.
NL samenvatting: In dit verkennend onderzoek werden social engineering-aanvallen bestudeerd, vooral de aanvallen die mislukten, om organisaties te helpen weerbaarder te worden. Fysieke, telefonische en digitale aanvallen werden uitgevoerd met behulp van een script volgens de 'social engineering-cyclus'. We gebruikten het COM-B model van gedragsverandering, verfijnd door het Theoretical Domains Framework, om door middel van een enquête te onderzoeken hoe Capability, Motivational en vooral Opportunity factoren helpen om de weerbaarheid van organisaties tegen social engineering-aanvallen te vergroten. Binnen Opportunity leek sociale invloed van extra belang. Werknemers die in kleine ondernemingen werken (<50 werknemers) waren succesvoller in het weerstaan van digitale social engineering-aanvallen dan werknemers die in grotere organisaties werken. Een verklaring hiervoor zou een grotere mate van sociale controle kunnen zijn; deze medewerkers werken dicht bij elkaar, waardoor ze in staat zijn om onregelmatigheden te controleren of elkaar te waarschuwen. Ook het installeren van een gespreksprotocol over hoe om te gaan met buitenstaanders was een maatregel die door alle organisaties werd genomen waar telefonische aanvallen faalden. Daarom is het moeilijker voor een buitenstaander om toegang te krijgen tot de organisatie door middel van social engineering. Dit artikel eindigt met een discussie en enkele aanbevelingen voor organisaties, bijvoorbeeld met betrekking tot het ontwerp van de werkomgeving, om hun weerbaarheid tegen social engineering-aanvallen te vergroten. ENG abstract: In this explorative research social engineering attacks were studied, especially the ones that failed, in order to help organisations to become more resilient. Physical, phone and digital attacks were carried out using a script following the ‘social engineering cycle’. We used the COM-B model of behaviour change, refined by the Theoretical Domains Framework, to examine by means of a survey how Capability, Motivational and foremost Opportunity factors help to increase resilience of organisations against social engineering attacks. Within Opportunity, social influence seemed of extra importance. Employees who work in small sized enterprises (<50 employees) were more successful in withstanding digital social engineering attacks than employees who work in larger organisations. An explanation for this could be a greater amount of social control; these employees work in close proximity to one another, so they are able to check irregularities or warn each other. Also, having a conversation protocol installed on how to interact with outsiders, was a measure taken by all organisations where attacks by telephone failed. Therefore, it is more difficult for an outsider to get access to the organisation by means of social engineering. This paper ends with a discussion and some recommendations for organisations, e.g. the design of the work environment, to help increase their resilience against social engineering attacks. https://openaccess.cms-conferences.org/publications/book/978-1-958651-29-2/article/978-1-958651-29-2_8 DOI: 10.54941/ahfe1002203
Despite the benefits of the widespread deployment of diverse Internet-enabled devices such as IP cameras and smart home appliances - the so-called Internet of Things (IoT) has amplified the attack surface that is being leveraged by cyber criminals. While manufacturers and vendors keep deploying new products, infected devices can be counted in the millions and spreading at an alarming rate all over consumer and business networks. The objective of this project is twofold: (i) to explain the causes behind these infections and the inherent insecurity of the IoT paradigm by exploring innovative data analytics as applied to raw cyber security data; and (ii) to promote effective remediation mechanisms that mitigate the threat of the currently vulnerable and infected IoT devices. By performing large-scale passive and active measurements, this project will allow the characterization and attribution of compromise IoT devices. Understanding the type of devices that are getting compromised and the reasons behind the attacker’s intention is essential to design effective countermeasures. This project will build on the state of the art in information theoretic data mining (e.g., using the minimum description length and maximum entropy principles), statistical pattern mining, and interactive data exploration and analytics to create a casual model that allows explaining the attacker’s tactics and techniques. The project will research formal correlation methods rooted in stochastic data assemblies between IoT-relevant measurements and IoT malware binaries as captured by an IoT-specific honeypot to aid in the attribution and thus the remediation objective. Research outcomes of this project will benefit society in addressing important IoT security problems before manufacturers saturate the market with ostensibly useful and innovative gadgets that lack sufficient security features, thus being vulnerable to attacks and malware infestations, which can turn them into rogue agents. However, the insights gained will not be limited to the attacker behavior and attribution, but also to the remediation of the infected devices. Based on a casual model and output of the correlation analyses, this project will follow an innovative approach to understand the remediation impact of malware notifications by conducting a longitudinal quasi-experimental analysis. The quasi-experimental analyses will examine remediation rates of infected/vulnerable IoT devices in order to make better inferences about the impact of the characteristics of the notification and infected user’s reaction. The research will provide new perspectives, information, insights, and approaches to vulnerability and malware notifications that differ from the previous reliance on models calibrated with cross-sectional analysis. This project will enable more robust use of longitudinal estimates based on documented remediation change. Project results and methods will enhance the capacity of Internet intermediaries (e.g., ISPs and hosting providers) to better handle abuse/vulnerability reporting which in turn will serve as a preemptive countermeasure. The data and methods will allow to investigate the behavior of infected individuals and firms at a microscopic scale and reveal the causal relations among infections, human factor and remediation.
