Phishing like the first step to gaining access

Sistemnì tehnologìï Pub Date : 2023-11-13 DOI:10.34185/1562-9945-4-147-2023-13

Guda Anton, Klishch Sergey

{"title":"Phishing like the first step to gaining access","authors":"Guda Anton, Klishch Sergey","doi":"10.34185/1562-9945-4-147-2023-13","DOIUrl":null,"url":null,"abstract":"Phishing as a term that means the technique of sending phishing messages will be re-searched based on findings in public access and using the listed links. The process of a phish-ing attack will be analyzed, and then we will pay attention to the technical vectors of how us-ers become victims of the attack. Finally, existing research on phishing attacks and related prevention approaches will be reviewed. Mitigating phishing attacks is an important research topic worth exploring. Although a lot of research has been done, this threat still exists in the real world, and its prevalence is constantly increasing. According to research results, detecting phishing attacks is a difficult problem. There are two main strategies used to mitigate phishing attacks; or improving the performance of phishing detection technology or improving people's awareness of these at-tacks. Developing human expertise is a key way to defeat phishing attacks, as phishing attacks exploit human weaknesses rather than network weaknesses. Also, humans are always the weakest link in social engineering attacks. Compared to phishing website detection, phishing email detection may require user in-volvement to achieve better detection results. Because the success of a phishing email de-pends on its context. Specifically, when the premise of the phishing email is consistent with the user's work context (or current situation). Most anti-phishing solutions are implemented to mitigate general phishing attacks, but they ignore some specific situations, such as advanced phishing attacks. To prevent advanced phishing attacks, phishing websites are difficult to detect if a victim is attacked using stolen DNS data because the URL content and website content are the same as legitimate websites. Most content-based approaches may not work because the content of the accessed URL is an important factor in the decision. To prevent subdomain hijacking attacks, it is difficult to detect a phishing website if the phishers have hosted the website on a subdomain taken from a legitimate website. Regardless of the web content, URL, and SSL certificate information, they will all be the same as the le-gitimate website. Moreover, the approach to enumeration of subdomains needs improvement, as most current tools are based on rough enumeration, existing dictionaries may not cover all instances of subdomains, as some subdomains may be meaningless.","PeriodicalId":493145,"journal":{"name":"Sistemnì tehnologìï","volume":"123 14","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Sistemnì tehnologìï","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.34185/1562-9945-4-147-2023-13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Phishing as a term that means the technique of sending phishing messages will be re-searched based on findings in public access and using the listed links. The process of a phish-ing attack will be analyzed, and then we will pay attention to the technical vectors of how us-ers become victims of the attack. Finally, existing research on phishing attacks and related prevention approaches will be reviewed. Mitigating phishing attacks is an important research topic worth exploring. Although a lot of research has been done, this threat still exists in the real world, and its prevalence is constantly increasing. According to research results, detecting phishing attacks is a difficult problem. There are two main strategies used to mitigate phishing attacks; or improving the performance of phishing detection technology or improving people's awareness of these at-tacks. Developing human expertise is a key way to defeat phishing attacks, as phishing attacks exploit human weaknesses rather than network weaknesses. Also, humans are always the weakest link in social engineering attacks. Compared to phishing website detection, phishing email detection may require user in-volvement to achieve better detection results. Because the success of a phishing email de-pends on its context. Specifically, when the premise of the phishing email is consistent with the user's work context (or current situation). Most anti-phishing solutions are implemented to mitigate general phishing attacks, but they ignore some specific situations, such as advanced phishing attacks. To prevent advanced phishing attacks, phishing websites are difficult to detect if a victim is attacked using stolen DNS data because the URL content and website content are the same as legitimate websites. Most content-based approaches may not work because the content of the accessed URL is an important factor in the decision. To prevent subdomain hijacking attacks, it is difficult to detect a phishing website if the phishers have hosted the website on a subdomain taken from a legitimate website. Regardless of the web content, URL, and SSL certificate information, they will all be the same as the le-gitimate website. Moreover, the approach to enumeration of subdomains needs improvement, as most current tools are based on rough enumeration, existing dictionaries may not cover all instances of subdomains, as some subdomains may be meaningless.

查看原文本刊更多论文

网络钓鱼是获得访问权限的第一步

网络钓鱼作为一个术语，意味着发送网络钓鱼信息的技术将根据公共访问的发现和使用列出的链接进行重新搜索。将分析网络钓鱼攻击的过程，然后我们将关注我们如何成为攻击受害者的技术向量。最后，对网络钓鱼攻击的研究现状及相关的防范方法进行了综述。减轻网络钓鱼攻击是值得探索的重要研究课题。尽管已经做了大量的研究，但这种威胁仍然存在于现实世界中，并且其患病率不断增加。研究结果表明，检测网络钓鱼攻击是一个难题。有两种主要策略用于减轻网络钓鱼攻击;或者提高网络钓鱼检测技术的性能，或者提高人们对这些攻击的认识。开发人类专业知识是打败网络钓鱼攻击的关键方法，因为网络钓鱼攻击利用的是人类的弱点，而不是网络的弱点。此外，在社会工程攻击中，人类总是最薄弱的环节。与网络钓鱼网站检测相比，网络钓鱼邮件检测可能需要用户的参与才能获得更好的检测结果。因为网络钓鱼邮件的成功与否取决于它的上下文。具体来说，当钓鱼邮件的前提与用户的工作环境(或当前情况)一致时。大多数反网络钓鱼解决方案都是为了减轻一般的网络钓鱼攻击而实现的，但它们忽略了一些特定的情况，例如高级网络钓鱼攻击。为了防止高级的网络钓鱼攻击，网络钓鱼网站的URL内容和网站内容与合法网站相同，如果受害者使用窃取的DNS数据进行攻击，则很难被检测到。大多数基于内容的方法可能不起作用，因为访问URL的内容是决策中的一个重要因素。为了防止子域名劫持攻击，如果钓鱼者将网站托管在合法网站的子域名上，则很难检测到钓鱼网站。无论网站内容、URL和SSL证书信息如何，它们都与合法网站相同。此外，子域的枚举方法需要改进，因为当前大多数工具都是基于粗略的枚举，现有的字典可能无法涵盖子域的所有实例，因为有些子域可能毫无意义。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Sistemnì tehnologìï

自引率

0.00%

发文量