Automated Social Engineering Attacks Using Bots in Professional Social Networks
Abstract
Virtual human interactions have been intensified with the increasing use of the Internet and social networks, raising the risk of Social Engineering cyber threats. The usage of Bots in those attacks allow scalability in the exploitation of users trust, causing security risks. There are few papers focusing on automated Social Engineering actions using Bots. This paper presents an assessment of the controls used in a professional social network to identify and block automated attacks, using a Bot as a proof of concept. The analysis and discussion of the results allow demonstrating the security vulnerabilities present in professional networks that can be exploited to build a trust relationship between the user and a malicious Bot.
Keywords:
Application Security, Social Engineering, Automation, Bots, Social Networks
References
Al-Charchafchi, A., Manickam, S., and Alqattan, Z. N. (2019). Threats against information privacy and security in social networks: A review. In International Conference on Advances in Cyber Security, pages 358–372. Springer.
Aroyo, A. M., Rea, F., Sandini, G., and Sciutti, A. (2018). Trust and social engineering in human robot interaction: Will a robot make you disclose sensitive information, conform to its recommendations or gamble? IEEE Robotics and Automation Letters, 3(4):3701–3708.
Assenmacher, D., Clever, L., Frischlich, L., Quandt, T., Trautmann, H., and Grimme, C. (2020). Demystifying social bots: On the intelligence of automated social media actors. Social Media+ Society, 6(3):2056305120939264.
Camisani-Calzolari, M. (2012). Analysis of twitter followers of the us presidential election candidates: Barack obama and mitt romney. Online). http://digitalevaluations.com.
Crossler, R. and Bélanger, F. (2014). An extended perspective on individual security behaviors: Protection motivation theory and a unified security practices (usp) instrument. ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 45(4):51–71.
Culot, G., Fattori, F., Podrecca, M., and Sartor, M. (2019). Addressing industry 4.0 cybersecurity challenges. IEEE Engineering Management Review, 47(3):79–86.
Dewangan, M. and Kaushal, R. (2016). Socialbot: Behavioral analysis and detection. In International Symposium on Security in Computing and Communication, pages 450–460. Springer.
Dickerson, J. P., Kagan, V., and Subrahmanian, V. (2014). Using sentiment to detect bots on twitter: Are humans more opinionated than bots? In 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014), pages 620–627. IEEE.
Ferrara, E., Varol, O., Davis, C., Menczer, F., and Flammini, A. (2016). The rise of socialbots. Communications of the ACM, 59(7):96–104.
Freitas, C., Benevenuto, F., Ghosh, S., and Veloso, A. (2015). Reverse engineering socialbot infiltration strategies in twitter. In 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), pages 25–32. IEEE.
Freitas, C., Benevenuto, F., and Veloso, A. (2014). Socialbots: Implicações na segurança e na credibilidade de serviços baseados no twitter. SBRC, Santa Catarina, Brasil, pages 603–616.
Gallegos-Segovia, P. L., Bravo-Torres, J. F., Larios-Rosillo, V. M., Vintimilla-Tapia, P. E., Yuquilima-Albarado, I. F., and Jara-Saltos, J. D. (2017). Social engineering as an attack vector for ransomware. In 2017 CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies (CHILECON), pages 1–6. IEEE.
Greitzer, F. L., Purl, J., Leong, Y. M., and Sticha, P. J. (2019). Positioning your organization to respond to insider threats. IEEE Engineering Management Review, 47(2):75–83.
Grimme, C., Preuss, M., Adam, L., and Trautmann, H. (2017). Social bots: Human-like by means of human control? Big data, 5(4):279–293.
Guzman, A. L. and Lewis, S. C. (2020). Artificial intelligence and communication: A human–machine communication research agenda. New Media & Society, 22(1):70–86.
Huber, M., Kowalski, S., Nohlberg, M., and Tjoa, S. (2009). Towards automating social engineering using social networking sites. In 2009 International Conference on Computational Science and Engineering, volume 3, pages 117–124. IEEE.
Khan, R. and Das, A. (2018). Build better chatbots. A complete guide to getting started with chatbots.
Klimburg-Witjes, N. and Wentland, A. (2021). Hacking humans? social engineering and the construction of the “deficient user” in cybersecurity discourses. Science, Technology, & Human Values, page 0162243921992844.
Libicki, M. (2018). Could the issue of dprk hacking benefit from benign neglect? Georgetown Journal of International Affairs, 19:83–89.
Messias, J., Benevenuto, F., and Oliveira, R. (2018). Bots sociais: Como robôs podem se tornar pessoas influentes no twitter? Revista Eletrônica de Iniciação Científica em Computação, 16(1).
Mitnick, K. D. and Simon, W. L. (2003). The art of deception: Controlling the human element of security. John Wiley & Sons.
Piovesan, L. G., Silva, E. R. C., de Sousa, J. F., and Turibus, S. N. (2019). Engenharia social: Uma abordagem sobre phishing. REVISTA CIENTÍFICA DA FACULDADE DE BALSAS, 10(1):45–59.
Rouse, M. (2013). What is socialbot? WhatIs.com.
Salahdine, F. and Kaabouch, N. (2019). Social engineering attacks: a survey. Future Internet, 11(4):89.
Shafahi, M., Kempers, L., and Afsarmanesh, H. (2016). Phishing through social bots on twitter. In 2016 IEEE International Conference on Big Data (Big Data), pages 3703–3712. IEEE.
Shires, J. (2018). Enacting expertise: Ritual and risk in cybersecurity. Politics and Governance, 6(2):31–40.
Stoeckli, E., Uebernickel, F., and Brenner, W. (2018). Exploring affordances of slack integrations and their actualization within enterprises-towards an understanding of how chatbots create value. In Proceedings of the 51st Hawaii International Conference on System Sciences.
Tioh, J.-N., Mina, M., and Jacobson, D. W. (2019). Cyber security social engineers an extensible teaching tool for social engineering education and awareness. In 2019 IEEE Frontiers in Education Conference (FIE), pages 1–5. IEEE.
Tiwari, V. (2017). Analysis and detection of fake profile over social network. In 2017 International Conference on Computing, Communication and Automation (ICCCA), pages 175–179. IEEE.
Turing, A. M. (2009). Computing machinery and intelligence. In Parsing the turing test, pages 23–65. Springer.
Aroyo, A. M., Rea, F., Sandini, G., and Sciutti, A. (2018). Trust and social engineering in human robot interaction: Will a robot make you disclose sensitive information, conform to its recommendations or gamble? IEEE Robotics and Automation Letters, 3(4):3701–3708.
Assenmacher, D., Clever, L., Frischlich, L., Quandt, T., Trautmann, H., and Grimme, C. (2020). Demystifying social bots: On the intelligence of automated social media actors. Social Media+ Society, 6(3):2056305120939264.
Camisani-Calzolari, M. (2012). Analysis of twitter followers of the us presidential election candidates: Barack obama and mitt romney. Online). http://digitalevaluations.com.
Crossler, R. and Bélanger, F. (2014). An extended perspective on individual security behaviors: Protection motivation theory and a unified security practices (usp) instrument. ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 45(4):51–71.
Culot, G., Fattori, F., Podrecca, M., and Sartor, M. (2019). Addressing industry 4.0 cybersecurity challenges. IEEE Engineering Management Review, 47(3):79–86.
Dewangan, M. and Kaushal, R. (2016). Socialbot: Behavioral analysis and detection. In International Symposium on Security in Computing and Communication, pages 450–460. Springer.
Dickerson, J. P., Kagan, V., and Subrahmanian, V. (2014). Using sentiment to detect bots on twitter: Are humans more opinionated than bots? In 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014), pages 620–627. IEEE.
Ferrara, E., Varol, O., Davis, C., Menczer, F., and Flammini, A. (2016). The rise of socialbots. Communications of the ACM, 59(7):96–104.
Freitas, C., Benevenuto, F., Ghosh, S., and Veloso, A. (2015). Reverse engineering socialbot infiltration strategies in twitter. In 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), pages 25–32. IEEE.
Freitas, C., Benevenuto, F., and Veloso, A. (2014). Socialbots: Implicações na segurança e na credibilidade de serviços baseados no twitter. SBRC, Santa Catarina, Brasil, pages 603–616.
Gallegos-Segovia, P. L., Bravo-Torres, J. F., Larios-Rosillo, V. M., Vintimilla-Tapia, P. E., Yuquilima-Albarado, I. F., and Jara-Saltos, J. D. (2017). Social engineering as an attack vector for ransomware. In 2017 CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies (CHILECON), pages 1–6. IEEE.
Greitzer, F. L., Purl, J., Leong, Y. M., and Sticha, P. J. (2019). Positioning your organization to respond to insider threats. IEEE Engineering Management Review, 47(2):75–83.
Grimme, C., Preuss, M., Adam, L., and Trautmann, H. (2017). Social bots: Human-like by means of human control? Big data, 5(4):279–293.
Guzman, A. L. and Lewis, S. C. (2020). Artificial intelligence and communication: A human–machine communication research agenda. New Media & Society, 22(1):70–86.
Huber, M., Kowalski, S., Nohlberg, M., and Tjoa, S. (2009). Towards automating social engineering using social networking sites. In 2009 International Conference on Computational Science and Engineering, volume 3, pages 117–124. IEEE.
Khan, R. and Das, A. (2018). Build better chatbots. A complete guide to getting started with chatbots.
Klimburg-Witjes, N. and Wentland, A. (2021). Hacking humans? social engineering and the construction of the “deficient user” in cybersecurity discourses. Science, Technology, & Human Values, page 0162243921992844.
Libicki, M. (2018). Could the issue of dprk hacking benefit from benign neglect? Georgetown Journal of International Affairs, 19:83–89.
Messias, J., Benevenuto, F., and Oliveira, R. (2018). Bots sociais: Como robôs podem se tornar pessoas influentes no twitter? Revista Eletrônica de Iniciação Científica em Computação, 16(1).
Mitnick, K. D. and Simon, W. L. (2003). The art of deception: Controlling the human element of security. John Wiley & Sons.
Piovesan, L. G., Silva, E. R. C., de Sousa, J. F., and Turibus, S. N. (2019). Engenharia social: Uma abordagem sobre phishing. REVISTA CIENTÍFICA DA FACULDADE DE BALSAS, 10(1):45–59.
Rouse, M. (2013). What is socialbot? WhatIs.com.
Salahdine, F. and Kaabouch, N. (2019). Social engineering attacks: a survey. Future Internet, 11(4):89.
Shafahi, M., Kempers, L., and Afsarmanesh, H. (2016). Phishing through social bots on twitter. In 2016 IEEE International Conference on Big Data (Big Data), pages 3703–3712. IEEE.
Shires, J. (2018). Enacting expertise: Ritual and risk in cybersecurity. Politics and Governance, 6(2):31–40.
Stoeckli, E., Uebernickel, F., and Brenner, W. (2018). Exploring affordances of slack integrations and their actualization within enterprises-towards an understanding of how chatbots create value. In Proceedings of the 51st Hawaii International Conference on System Sciences.
Tioh, J.-N., Mina, M., and Jacobson, D. W. (2019). Cyber security social engineers an extensible teaching tool for social engineering education and awareness. In 2019 IEEE Frontiers in Education Conference (FIE), pages 1–5. IEEE.
Tiwari, V. (2017). Analysis and detection of fake profile over social network. In 2017 International Conference on Computing, Communication and Automation (ICCCA), pages 175–179. IEEE.
Turing, A. M. (2009). Computing machinery and intelligence. In Parsing the turing test, pages 23–65. Springer.
Published
2022-09-12
How to Cite
ARIZA, Maurício; AZAMBUJA, Antonio João G. de; NOBRE, Jéferson C.; GRANVILLE, Lisandro Z..
Automated Social Engineering Attacks Using Bots in Professional Social Networks. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 153-166.
DOI: https://doi.org/10.5753/sbseg.2022.225334.
