An Analysis in Current Social Engineering Attacks and Countermeasures
Author
Duvarci, Hac Memet
Term
4. semester
Education
Publication year
2023
Submitted on
2023-10-18
Pages
79
Abstract
Dette speciale undersøger aktuelle social engineering-angreb og de tekniske og ikke-tekniske tiltag, som organisationer bruger til at forebygge, opdage og håndtere dem, med særligt fokus på at øge cyberbevidsthed og styrke modstandskraften. Studiet er baseret på ekspertinterviews og en survey blandt professionelle, understøttet af en struktureret gennemgang af angrebstyper, platforme og udførelsesmetoder (fx spear-phishing, impersonation, baiting og bulk-phishing) samt en mapping til etablerede cybersikkerhedsrammer og de organisatoriske konsekvenser. Det belyser valg og implementering af modforanstaltninger som awareness-træning, simulationsøvelser, sikkerhedspolitikker, device management, adgangskodepraksis og multi-faktor-autentifikation, samt udfordringer med ressourcer, kompetencegab, udviklende angribertaktikker og effektmåling. Dataindsamlingen foregik iterativt via en skriftlig bankinterview, et ekspertinterview og et spørgeskema; analysen munder ud i anbefalinger og best practices til at integrere tekniske og ikke-tekniske modforanstaltninger i organisationers cybersikkerhedsstrategi. Rapporten anerkender begrænsninger, herunder begrænset virksomhedssamarbejde og dybde i afdækning af forsvarstiltag, og peger på behov for videre forskning. Resultatafsnittene adresserer indsigter om aktuelle angrebstendenser, vedvarende brug af traditionelle teknikker, vurdering af sårbarheder (inklusive OSINT-overvejelser), evaluering af succes og AI’s rolle i social engineering.
This thesis examines contemporary social engineering attacks and the technical and non-technical measures organizations use to prevent, detect, and respond to them, with a focus on raising cyber awareness and strengthening resilience. Informed by expert interviews and a survey of professionals, the study outlines common attack types, platforms, and execution methods (e.g., spear-phishing, impersonation, baiting, and bulk phishing), maps them to established cybersecurity frameworks, and discusses organizational impacts. It explores the selection and implementation of countermeasures such as awareness training, simulation exercises, security policies, device management, password hygiene, and multi-factor authentication, alongside challenges including resource constraints, expertise gaps, evolving attacker tactics, and measuring effectiveness. Data were collected iteratively through a written interview with a bank, an expert interview, and a questionnaire; the analysis culminates in recommendations and best practices for integrating technical and non-technical countermeasures into cybersecurity strategies. The report acknowledges limitations, including restricted company participation and limited depth in surveying the full range of defenses, indicating areas for future research. The results sections address insights on current attack trends, persistence of traditional techniques, assessing vulnerabilities (including OSINT considerations), evaluating success, and the role of AI in social engineering.
[This summary has been generated with the help of AI directly from the project (PDF)]
Keywords
Documents