اخبار و اعلانات

 آمار

تعداد نشریات38
تعداد شماره‌ها1,240
تعداد مقالات8,994
تعداد مشاهده مقاله7,844,939
تعداد دریافت فایل اصل مقاله4,706,582
حسینی, سیدحسن, مجیدی قهرودی, نسیم. (1402). بررسی تأثیر روش‌های مهندسی‌ اجتماعی بر آسیب‌پذیری کارکنان (نمونه موردی: کارمندان شهرداری تهران). پدافند الکترونیکی و سایبری, 11(1), 31-46.
سیدحسن حسینی; نسیم مجیدی قهرودی. "بررسی تأثیر روش‌های مهندسی‌ اجتماعی بر آسیب‌پذیری کارکنان (نمونه موردی: کارمندان شهرداری تهران)". پدافند الکترونیکی و سایبری, 11, 1, 1402, 31-46.
حسینی, سیدحسن, مجیدی قهرودی, نسیم. (1402). 'بررسی تأثیر روش‌های مهندسی‌ اجتماعی بر آسیب‌پذیری کارکنان (نمونه موردی: کارمندان شهرداری تهران)', پدافند الکترونیکی و سایبری, 11(1), pp. 31-46.
حسینی, سیدحسن, مجیدی قهرودی, نسیم. بررسی تأثیر روش‌های مهندسی‌ اجتماعی بر آسیب‌پذیری کارکنان (نمونه موردی: کارمندان شهرداری تهران). پدافند الکترونیکی و سایبری, 1402; 11(1): 31-46.

بررسی تأثیر روش‌های مهندسی‌ اجتماعی بر آسیب‌پذیری کارکنان (نمونه موردی: کارمندان شهرداری تهران)

پدافند الکترونیکی و سایبری
دوره 11، شماره 1 - شماره پیاپی 41، خرداد 1402، صفحه 31-46    اصل مقاله (1.14 M)
نوع مقاله: مقاله پژوهشی
نویسندگان
سیدحسن حسینی1؛ نسیم مجیدی قهرودی* 2
1دانشجوی دکترای تخصصی علوم ارتباطات، واحد علوم و تحقیقات، دانشگاه آزاد اسلامی، تهران، ایران
2استادیار، گروه ارتباطات، روزنامه‌نگاری و رسانه، واحد تهران مرکز، دانشگاه آزاد اسلامی، تهران، ایران
تاریخ دریافت: 14 دی 1400،  تاریخ بازنگری: 06 اسفند 1400،  تاریخ پذیرش: 03 دی 1401 
چکیده
مهندسی‌اجتماعی هنر فریب انسانها به گونه‌ای است که بدون استفاده از زور و تهدید، اقدامی را انجام دهند یا اطلاعاتی را ارائه دهند که مورد نظر مهندس‌اجتماعی است. مهندس‌اجتماعی می‌تواند منافع شخصی،سازمانی یا ملّی را تهدید کند. هکرها، کلاهبرداران، جاسوسان، خرابکاران و ... همگی از مهندسی‌اجتماعی برای پیشبرد اهدافشان بهره می‌برند. مهندس‌اجتماعی از تکنیکهای مختلفی بهره می‌برد. در این تحقیق به تأثیر این روشها بر آسیب‌پذیری کارکنان پرداختیم و از روش ترکیبی(کیفی و کمّی) برای سنجش این تأثیر استفاده شد. ابتدا تکنیکهای مختلف مهندسی‌اجتماعی با بهره‌برداری از مرور تحقیقات صورت‌گرفته قبلی و استفاده از نظرات کارشناسان حوزه مهندسی‌اجتماعی احصاء‌ گردید و تکنیکهای مختلف در انواع فنی،اجتماعی، فیزیکی و فنی-اجتماعی دسته‌بندی‌ شدند. سپس در مرحله کمّی با ایجاد گویه‌های مختلف در قالب طیف لیکرت و ارائه پرسشنامه به جامعه هدف(کارمندان شهرداری تهران)، میزان آسیب‌پذیری افراد نسبت به هرکدام از تکنیکها به دست آمده و در نهایت با میانگین‌گیری از پاسخ‌های ارائه شده میزان آسیب‌پذیری کل افراد نسبت به انواع تکنیکهای مهندسی‌اجتماعی حاصل شد. مشخص شد آسیب‌پذیری جامعه هدف به ترتیب نسبت به تکنیکهای فنی، اجتماعی، فنی-اجتماعی و فیزیکی بیشتر است. جهت پیشگیری از وقوع مهندسی‌اجتماعی نیز راهکارهای انسان‌محور و فناوری‌محور پیشنهاد شد.
کلیدواژه‌ها
مهندسی‌اجتماعی؛ آسیب‌پذیری؛ امنیت ارتباطات؛ فریب
عنوان مقاله [English]
Investigating The Effect of Social Engineering Techniques on Employees Vulnerability (Case study: Tehran Municipality Employees)
نویسندگان [English]
Seyyedhasan Hoseini1؛ nasim majidi gahrodi2
1PhD student in Communication Sciences, Science and Research Unit, Islamic Azad University, Tehran, Iran
2Assistant Professor, Department of Communication, Journalism and Media, Central Tehran Branch, Islamic Azad University, Tehran, Iran
چکیده [English]
Social engineering is the art of deceiving people in a way that no use of force and threat, something to do or provide that information to social engineer . Social engineering can follow self-interest or organizational or national interest. Hackers, criminals, spies, saboteurs and ... all use social engineering to achieve their goals .social engineer uses Various techniques. In this study, the effect of this techniques on the vulnerability of people looked at the combined method (qualitative and quantitative ) to measure this effect .First, various social engineering techniques as well as their vulnerability conducted by reviewing previous research and the interviewing with the experts in the field of engineering social was obtained and different techniques in a variety of technical, social, physical and technical – social were categorized. Afterwards in quantitative stage, By creating a questionnaire and various Items In the form of Likert scale and Provide the questionnaire to the target community(Employees of Tehran Municipality) The degree of vulnerability of people to a variety of social engineering techniques was obtained. It was found vulnerability of the target population is more than to the techniques of technical, social, technical – social and physical respectively . to prevent social engineering, human –driven and technology –based solutions were proposed that human –centered mainly on training personnel and IT solutions based on the provision of the right equipment, computers and creating a right information access cycle in organizations .
کلیدواژه‌ها [English]
social engineering, vulnerability, communication security, deception, tehran municipality
مراجع

[1] K.Mitnick,W.Simon and S.Wozniak,”The Art of Deception: Controlling the  Human Element of Security”, NJ: Wiley, 2002.

[2] Social Engineer, “Security though education”, Retrieved March 29, 2016, from The Social Engineering Framework: http://www.social-engineer. org/framework/psychological, 2016.

[3] Symantec Corporation,”INTERNET SECURITY THREAT REPORT”,Retrieved 31 03,2016,from http://www.symantec.com/content/en/us/enterprise/other_resources/bistr_main_report_v19_21291018.en-us.pdf, 2014. 

[4] R.Ballagas, M.Rohs, J.Sheridan and J.Borchers, “Byod: Bring your own device”, In Proceedings of the Workshop on Ubiquitous Display Environments, Ubicomp, 2004.

[5] W.Shen, “Active Social Engineering Defense (ASED)”, Defense Advanced Research Projects Agency Program Information. Accessed February 1, 2019. https://www.darpa.mil/program/active-social engineering-defense, 2019.

[6] A.Chantler and R.Broadhurst, “Social Engineering and Crime Prevention in Cyberspace”, Queensland University of Technology, 2006.

[7] C.Hadnagy, “Social Engineering: The Art of Human Hacking”, NJ: Wiley, 2011.

[8] T.Qin and J.Burgoon, “An Investigation of Heuristics of Human Judgment in Detecting Deception and Potential Implications in Countering Social Engineering. Intelligence and Security Informatics”, IEEE, pp. 152–159, 2007.

[9] N.Verma, “Social Engineering: A Means to Violate a Computer System”, Publisher Global Vision Publishing House, 2011.

[10] K.D.Mitnick, “The Art of Deception - Controlling the Human Element of Security”,  Indiana,Wiley Publishing, p.16, 2003.

[11] B.Oosterloo, “Managing Social Engineering Risk”, University of Twente, 2008

[12] N.Pavkovic and L.Perkov, “Social Engineering Toolkit—A systematic approach to social engineering”, 34th IEEE International Convention MIPRO, Opatija, Croatia, pp.1485–1489, 2011.

[13] A.V.Grebmer, “Information and IT Risk Management in a Nutshell: A Pragmatic Approach to Information Security”. Publisher. BoD – Books on Demand. pp.58-74, 2008.

[14] M.Erbschloe, “Social Engineering-Hacking systems,nations and societies”, Translated by Seyyedhasan Hoseiny, Tehran, Sabah, 1400.(In Persian)

[15] H.Kim, D.Yoo, J.Kang and Y.Yeom,  “Dynamic ransomware protection using deterministic random bit generator”, In Proceedings of the IEEE Conference on Applications, Information and Network Security, Miri, Malaysia, pp.1–6, 2017.

[16] S.Wang, S.Zhu and Y.Zhang, “Blockchain-based mutual authentication security protocol for distributed RFID systems”, In Proceedings of the IEEE Symposium on Computers and Communications, Natal, Brazil, pp.74–77, 2018.

[17] L.Segovia, F.Torres, M.Rosillo, E.Tapia, F.Albarado and D.Saltos, “Social engineering as an attack vector for ransomware”, In Proceedings of the Conference on Electrical Engineering and Information Communication Technology, Pucon, Chile, pp.1–6, 2017.

[18] D.F.Sittig and H.Singh, “Asocio-technical approach to preventing, mitigating and recovering from ransomware attacks”, Appl. Clin. Inform, pp. 624–632, 2016.

[19] B.Arya and K.Chandrasekaran, “A client-side anti-pharming (CSAP) approach”, In Proceedings of the IEEE International Conference on Circuit, Power and Computing Technologies (ICCPCT), Nagercoil, India, pp.1–10, 2016. 

[20] Kaspersky, “Pharming definition”, https://www.kaspersky.com/resource-center/definitions/pharming, 2021.

[21] E.Aharoni, “What is a Watering Hole attack and how to prevent them” https://blog.cymulate.com/watering-hole-attack-dont-drink-water, 2021

[22] N.Pokrovskaia, “Social engineering and digital technologies for the security of the social capital’development”, In Proceedings of the International Conference of Quality Management, Transport and Information Security, Petersburg, Russia, pp.16–19, 2017.

[23] K.Krombholz, H.Hobel, M.Huber and  E.Weippl, “Advanced social engineering attacks”. J. Inf. Secur. Appl, pp. 113–122, 2014

[24] K.Axelton, “what is shoulder surfing” https://www.experian.com/blogs/ask-experian/what-is-shoulder-surfing/, 2020

[25] L.Xiangyu, L.Qiuyang and S.Chandel, “Social engineering and Insider threats”, In Proceedings of the International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, Nanjing, China, pp.25–34, 2017.

[26] Y.Diogenes and E.Ozkaya, “Cybersecurity –Attack and Defense Strategies”, https://www.oreilly.com/library/view/cybersecurity-attack/9781788475297/6a6d16cf-64bb-411e-bba2-ecbd10ad2d88.xhtml, 2021

[27] P.Patil and P.Devale, “A literature survey of phishing attack technique”, Int. J. Adv. Res. Comput. Commun. Eng, pp.198–200, 2016.

[28] S.Granger, “Social engineering fundamentals”, www.securityfocus.com/infocus/1527 and 1533, 2006.

[29] S.A.Moosavi, “Social Engineering,Art of Psychological War, Human Hacking,Persuation and Deception”, Tehran.Nasleroshan, 2020.(In Persian)

[30] S.Aslany and H.Eskandary, “An overview of the Importance of Compassion in Community Security”, Rooyesh-e-Ravanshenasi, vol.7, no.11, Serial no.32, pp.341-354, 2019. (In Persian)

[31] G.Seidman, “Why Do We Like People Who Are Similar to Us?”,  https://www.psychologytoday.com/us/blog/close-encounters/201812/why-do-we-people-who-are-similar-us, 2021.

[32] R.Cialdini, “Influence: The Psychology of Persuasion”, New York,Harper Business, 2006

[33] US Commodity Futures Trading Commission, “Foreign Currency Trading (Forex) Fraud”,  https://www.cftc.gov/ConsumerProtection/FraudAwarenessPrevention/CFTCFraudAdvisories/fraudadv_forex.html, 2019

[34] D.Gragg, “A Multi-Level Defense Against Social Engineering”, SANS Institute, InfoSec Reading Room, pp.13-18, 2003.

[35] S.Stasiukoni, “ Social Engineering, the USB Way”, http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=208803634,  2013.

[36] L.J.Janczewski and  A.Colarik, “Cyber Warfare and Cyber Terrorism”, Pennsylvania, Idea Group Inc, 2008.

[37] K.Beckers, S.Pape, “A serious game for eliciting social engineering security requirements”, In Proceedings of the International Requirements Engineering Conference, Beijing, China,pp.16–25, 2016.

[38] L.Peotta, M.D.Holtz, B.M.David, F.G.Deus and R.T.De Sousa, “A formal classification of internet banking attacks and vulnerabilities”,Int. J. Comput. Sci. Inf. Technol. 3,pp.186–197, 2011.

[39] G.Ho, A.Sharma, M.Javed, V.Paxson and  D.Wagner, “Detecting credential spearphishing in enterprise settings”, In Proceedings of the 26th USENIX Security Symposium, Vancouver, BC, Canada, pp.469–485, 2017.

[40] Techopedia Dictionary, “Whaling Definition”, https://www.techopedia.com/definition/28643/whaling, 2016.

[41] E.O.YeboahBoateng and P.M.Amanor, “Phishing,SMiShing&Vishing:Anassessment of threats against mobile devices” J. Emerg. Trends Comput. Inf. Sci. 5, pp.297–307, 2014

[42] H.Tu, A.Doupé, Z.Zhao and G.J.Ahn, “Everyone hates robocalls: A survey of techniques against telephone spam”, In Proceedings of the IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA. pp. 320–338, 2016.

[43] T.Braun, B.C.Fung, F.Iqbal and B.Shah, “Security and privacy challenges in smart cities”, Sustain. Cities Soc, pp.39,499-507, 2018

[44] Sophos, “Sophos facebook id probe shows 41% of users happy to reveal all to potential identity thieve”. http://www.sophos.com/en-us/press, 2007

[45] I.Ghafir, “Social engineering attack strategies and defence approaches”, In Proceedings of the IEEE International Conference on Future Internet of Things and Cloud, Vienna, Austria,PP.1–5, 2016

[46] G.Costantino, A.La Marra, F.Martinelli, and I.Matteucci, “CANDY: A social engineering attack to leak information from infotainment system”, In Proceedings of the IEEE Vehicular Technology Conference, Porto, Portugal, pp.1– 5, 2018.

[47] Federal Financial Institutions Examination Council, “Security Culture”, https://ithandbook.ffiec.gov/it-booklets/information-security/i-governance-of-the-information-security-program/ia-security-culture.aspx, 2019

[48] S.Abraham, “An overview of social engineering malware: Trends, tactics, and implications”, Technology in Society, p.183, 2010.

[49] D.Ashenden, “Information Security management: A human challenge?”,  Information Security Technical Report, 2008.

[50] R.Heartfield and G.Loukas, “ A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks”, ACM Comput, Surv, pp.48, 1–37, 2016.

آمار
تعداد مشاهده مقاله: 280
تعداد دریافت فایل اصل مقاله: 299