Механізми та методи фішингу як першого кроку до отримання доступу
Loading...
Files
Date
2023
Journal Title
Journal ISSN
Volume Title
Publisher
Український державний університет науки і технологій, ННІ ≪Інститут промислових та бізнес технологій≫, ІВК ≪Системні технології≫, Дніпро
Abstract
UKR: Розглянуто фішинг – техніку надсилання фішингових повідомлень. Аналіз зроблено на підставі даних у відкритому доступі. Проаналізовано процес фішингової атаки, та досліджено технічні вектори того, як користувачі стають жертвами атаки. Також розглянуто існуючі параметри фішингових атак та відповідні підходи до запобігання.
ENG: Phishing as a term that means the technique of sending phishing messages will be researched based on findings in public access and using the listed links. The process of a phishing attack will be analyzed, and then we will pay attention to the technical vectors of how users become victims of the attack. Finally, existing research on phishing attacks and related prevention approaches will be reviewed. Mitigating phishing attacks is an important research topic worth exploring. Although a lot of research has been done, this threat still exists in the real world, and its prevalence is constantly increasing. According to research results, detecting phishing attacks is a difficult problem. There are two main strategies used to mitigate phishing attacks; or improving the performance of phishing detection technology or improving people's awareness of these attacks. Developing human expertise is a key way to defeat phishing attacks, as phishing attacks exploit human weaknesses rather than network weaknesses. Also, humans are always the weakest link in social engineering attacks. Compared to phishing website detection, phishing email detection may require user involvement to achieve better detection results. Because the success of a phishing email depends on its context. Specifically, when the premise of the phishing email is consistent with the user's work context (or current situation). Most anti-phishing solutions are implemented to mitigate general phishing attacks, but they ignore some specific situations, such as advanced phishing attacks. To prevent advanced phishing attacks, phishing websites are difficult to detect if a victim is attacked using stolen DNS data because the URL content and website content are the same as legitimate websites. Most content-based approaches may not work because the content of the accessed URL is an important factor in the decision. To prevent subdomain hijacking attacks, it is difficult to detect a phishing website if the phishers have hosted the website on a subdomain taken from a legitimate website. Regardless of the web content, URL, and SSL certificate information, they will all be the same as the legitimate website. Moreover, the approach to enumeration of subdomains needs improvement, as most current tools are based on rough enumeration, existing dictionaries may not cover all instances of subdomains, as some subdomains may be meaningless.
ENG: Phishing as a term that means the technique of sending phishing messages will be researched based on findings in public access and using the listed links. The process of a phishing attack will be analyzed, and then we will pay attention to the technical vectors of how users become victims of the attack. Finally, existing research on phishing attacks and related prevention approaches will be reviewed. Mitigating phishing attacks is an important research topic worth exploring. Although a lot of research has been done, this threat still exists in the real world, and its prevalence is constantly increasing. According to research results, detecting phishing attacks is a difficult problem. There are two main strategies used to mitigate phishing attacks; or improving the performance of phishing detection technology or improving people's awareness of these attacks. Developing human expertise is a key way to defeat phishing attacks, as phishing attacks exploit human weaknesses rather than network weaknesses. Also, humans are always the weakest link in social engineering attacks. Compared to phishing website detection, phishing email detection may require user involvement to achieve better detection results. Because the success of a phishing email depends on its context. Specifically, when the premise of the phishing email is consistent with the user's work context (or current situation). Most anti-phishing solutions are implemented to mitigate general phishing attacks, but they ignore some specific situations, such as advanced phishing attacks. To prevent advanced phishing attacks, phishing websites are difficult to detect if a victim is attacked using stolen DNS data because the URL content and website content are the same as legitimate websites. Most content-based approaches may not work because the content of the accessed URL is an important factor in the decision. To prevent subdomain hijacking attacks, it is difficult to detect a phishing website if the phishers have hosted the website on a subdomain taken from a legitimate website. Regardless of the web content, URL, and SSL certificate information, they will all be the same as the legitimate website. Moreover, the approach to enumeration of subdomains needs improvement, as most current tools are based on rough enumeration, existing dictionaries may not cover all instances of subdomains, as some subdomains may be meaningless.
Description
А. Гуда: ORCID 0000-0003-1139-1580
Keywords
фішинг, кібербезпека, багатофакторна аутентифікація, соціальна інженерія, phishing, cyber security, multifactor authentication, social engineering, КІТС
Citation
Гуда А. І., Кліщ С. М. Механізми та методи фішингу як першого кроку до отримання доступу. Системні технології. Дніпро, 2023. Т. 4, № 147. С. 141–154. DOI: 10.34185/1562-9945-4-147-2023-13.