Ataques Automatizados de Engenharia Social com o uso de Bots em Redes Sociais Profissionais

Resumo

As interações humanas virtuais têm sido ampliadas com o uso crescente da Internet e redes sociais, elevando os riscos de ameaças cibernéticas de Engenharia Social. O uso de Bots nesses ataques permite escalabilidade na exploração da confiança dos usuários, provocando riscos de segurança. Poucos são os trabalhos com foco nas ações automatizadas de Engenharia Social com o uso de Bots. Este artigo apresenta uma verificação dos controles de uma rede social profissional quanto à identificação e bloqueio desses ataques automatizados, utilizando um Bot de prova de conceito. A análise e discussão dos resultados permite demonstrar as vulnerabilidades de segurança presentes nas redes profissionais que podem ser exploradas para construção da relação de confiança do usuário com um Bot malicioso.

Referências

Al-Charchafchi, A., Manickam, S., and Alqattan, Z. N. (2019). Threats against information privacy and security in social networks: A review. In International Conference on Advances in Cyber Security, pages 358–372. Springer.

Aroyo, A. M., Rea, F., Sandini, G., and Sciutti, A. (2018). Trust and social engineering in human robot interaction: Will a robot make you disclose sensitive information, conform to its recommendations or gamble? IEEE Robotics and Automation Letters, 3(4):3701–3708.

Assenmacher, D., Clever, L., Frischlich, L., Quandt, T., Trautmann, H., and Grimme, C. (2020). Demystifying social bots: On the intelligence of automated social media actors. Social Media+ Society, 6(3):2056305120939264.

Camisani-Calzolari, M. (2012). Analysis of twitter followers of the us presidential election candidates: Barack obama and mitt romney. Online). http://digitalevaluations.com.

Crossler, R. and Bélanger, F. (2014). An extended perspective on individual security behaviors: Protection motivation theory and a unified security practices (usp) instrument. ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 45(4):51–71.

Culot, G., Fattori, F., Podrecca, M., and Sartor, M. (2019). Addressing industry 4.0 cybersecurity challenges. IEEE Engineering Management Review, 47(3):79–86.

Dewangan, M. and Kaushal, R. (2016). Socialbot: Behavioral analysis and detection. In International Symposium on Security in Computing and Communication, pages 450–460. Springer.

Dickerson, J. P., Kagan, V., and Subrahmanian, V. (2014). Using sentiment to detect bots on twitter: Are humans more opinionated than bots? In 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014), pages 620–627. IEEE.

Ferrara, E., Varol, O., Davis, C., Menczer, F., and Flammini, A. (2016). The rise of socialbots. Communications of the ACM, 59(7):96–104.

Freitas, C., Benevenuto, F., Ghosh, S., and Veloso, A. (2015). Reverse engineering socialbot infiltration strategies in twitter. In 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), pages 25–32. IEEE.

Freitas, C., Benevenuto, F., and Veloso, A. (2014). Socialbots: Implicações na segurança e na credibilidade de serviços baseados no twitter. SBRC, Santa Catarina, Brasil, pages 603–616.

Gallegos-Segovia, P. L., Bravo-Torres, J. F., Larios-Rosillo, V. M., Vintimilla-Tapia, P. E., Yuquilima-Albarado, I. F., and Jara-Saltos, J. D. (2017). Social engineering as an attack vector for ransomware. In 2017 CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies (CHILECON), pages 1–6. IEEE.

Greitzer, F. L., Purl, J., Leong, Y. M., and Sticha, P. J. (2019). Positioning your organization to respond to insider threats. IEEE Engineering Management Review, 47(2):75–83.

Grimme, C., Preuss, M., Adam, L., and Trautmann, H. (2017). Social bots: Human-like by means of human control? Big data, 5(4):279–293.

Guzman, A. L. and Lewis, S. C. (2020). Artificial intelligence and communication: A human–machine communication research agenda. New Media & Society, 22(1):70–86.

Huber, M., Kowalski, S., Nohlberg, M., and Tjoa, S. (2009). Towards automating social engineering using social networking sites. In 2009 International Conference on Computational Science and Engineering, volume 3, pages 117–124. IEEE.

Khan, R. and Das, A. (2018). Build better chatbots. A complete guide to getting started with chatbots.

Klimburg-Witjes, N. and Wentland, A. (2021). Hacking humans? social engineering and the construction of the “deficient user” in cybersecurity discourses. Science, Technology, & Human Values, page 0162243921992844.

Libicki, M. (2018). Could the issue of dprk hacking benefit from benign neglect? Georgetown Journal of International Affairs, 19:83–89.

Messias, J., Benevenuto, F., and Oliveira, R. (2018). Bots sociais: Como robôs podem se tornar pessoas influentes no twitter? Revista Eletrônica de Iniciação Científica em Computação, 16(1).

Mitnick, K. D. and Simon, W. L. (2003). The art of deception: Controlling the human element of security. John Wiley & Sons.

Piovesan, L. G., Silva, E. R. C., de Sousa, J. F., and Turibus, S. N. (2019). Engenharia social: Uma abordagem sobre phishing. REVISTA CIENTÍFICA DA FACULDADE DE BALSAS, 10(1):45–59.

Rouse, M. (2013). What is socialbot? WhatIs.com.

Salahdine, F. and Kaabouch, N. (2019). Social engineering attacks: a survey. Future Internet, 11(4):89.

Shafahi, M., Kempers, L., and Afsarmanesh, H. (2016). Phishing through social bots on twitter. In 2016 IEEE International Conference on Big Data (Big Data), pages 3703–3712. IEEE.

Shires, J. (2018). Enacting expertise: Ritual and risk in cybersecurity. Politics and Governance, 6(2):31–40.

Stoeckli, E., Uebernickel, F., and Brenner, W. (2018). Exploring affordances of slack integrations and their actualization within enterprises-towards an understanding of how chatbots create value. In Proceedings of the 51st Hawaii International Conference on System Sciences.

Tioh, J.-N., Mina, M., and Jacobson, D. W. (2019). Cyber security social engineers an extensible teaching tool for social engineering education and awareness. In 2019 IEEE Frontiers in Education Conference (FIE), pages 1–5. IEEE.

Tiwari, V. (2017). Analysis and detection of fake profile over social network. In 2017 International Conference on Computing, Communication and Automation (ICCCA), pages 175–179. IEEE.

Turing, A. M. (2009). Computing machinery and intelligence. In Parsing the turing test, pages 23–65. Springer.
Publicado
2022-09-12
Como Citar
ARIZA, Maurício et al. Ataques Automatizados de Engenharia Social com o uso de Bots em Redes Sociais Profissionais. Anais do Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg), [S.l.], p. 153-166, set. 2022. ISSN 0000-0000. Disponível em: <https://sol.sbc.org.br/index.php/sbseg/article/view/21665>. Acesso em: 18 maio 2024. doi: https://doi.org/10.5753/sbseg.2022.225334.