-
Notifications
You must be signed in to change notification settings - Fork 0
/
C2.Definition.tex
164 lines (98 loc) · 10.6 KB
/
C2.Definition.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
% --------------------------------
% BACKGROUND
% --------------------------------
\chapter{Background\label{chapter:definition}}
\begin{comment}
Guides:
- Pages: 2-3
- Context and terminology (käsitteet), challenges and measurement criteria, values, research question analysis
- Tarkentaa tavoiteet ja osakysymykset, vertailukriteerit (jotka jäsentävät muita lukuja)
TODO:
[ ]
What to cover:
- What is cybersecurity and why it's of paramount importance
- What is social engineering
- Brief history of social engineering
- Phishing in 1996 via AOL
- Attacks, classical social engineering attacks
- Phishing, vishing, smishing
- Countermeasures, classical
- User awareness & training programs
- Company policy & company culture
- Typical challenges
\end{comment}
In recent years, the integration of generative artificial intelligence (AI) into social engineering offensive practices has emerged as a significant concern within the field of cybersecurity~\citep{blauth_AI_Crime_Overview_Malicious_Use_Abuse_2022, king_AI_Crime_Interdisciplinary_Analysis_2019}. This chapter provides an overview of the role of generative AI in social engineering, explaining key concepts and terminologies essential for understanding the evolving threat landscape. After this, Chapter~\ref{chapter:attacks} examines generative AI-powered attack methods and tools.
A strict consensus regarding the definition of a social engineering attack is lacking in the field~\citep{hatfield_SE_Evolution_Concept_2018}. For the purposes of this thesis, social engineering is defined as "\textit{a type of attack wherein the attacker(s) exploit human vulnerabilities by means of social interaction to breach cybersecurity, with or without the use of technical means and technical vulnerabilities}"~\citep{wang_Defining_Social_Engineering_2020}.
Current countermeasures against social engineering attacks, while offering a baseline defense, are ill-equipped to deal with the sophistication of AI-powered threats. As generative AI technologies advance, their application in crafting more convincing and personalized social engineering attacks becomes increasingly evident~\citep{blauth_AI_Crime_Overview_Malicious_Use_Abuse_2022}. This new capability not only enhances the likelihood of success but also complicates the detection and mitigation of such threats~\citep{basit_Comprehensive_Survey_AI_Phishing_Detection_2021}.
The ability of generative AI to produce realistic text, voice, and even full-resolution video content, deepfakes, makes it an invaluable tool for cybercriminals, allowing them to impersonate trusted entities and manipulate victims into divulging sensitive information \citep{mirskyTheCreationAndDetectionOfDeepfakes2021}.
The dynamic nature of AI-driven social engineering poses a significant challenge for traditional cybersecurity frameworks, which often rely on static defenses and predefined patterns of attack~\citep{tsinganosTowardsAnAutomatedRecognitionSystem2018}. As a result, organizations must evolve their security strategies to incorporate more robust, AI-aware defenses that can identify and counteract these sophisticated methods~\citep{mirskyTheCreationAndDetectionOfDeepfakes2021}.
In light of these developments, it is also crucial to foster a culture of awareness and education among users, as human factors still remain a critical element in the success of these social engineering attacks. Training programs should emphasize the importance of skepticism and verification in communications, particularly in scenarios where generative AI is likely to be employed. Additionally, organizations should invest in advanced detection systems that utilize AI to identify anomalous behaviors and potential threats in real-time, such as spear phishing attacks \citep{fakhouriAIDrivenSolutionsForSocialEngineeringAttacks2024} and impersonation with deepfakes \citep{mirskyTheCreationAndDetectionOfDeepfakes2021}.
Defense against AI-enhanced social engineering will require a multifaceted approach that combines technological innovation, user education, and a proactive stance and enforcement of cybersecurity policy \citep{blauthArtificialIntelligenceCrimeOverviewMaliciousUseAbuse2022} As the landscape continues to evolve, staying ahead of these threats will necessitate ongoing research and collaboration across the cybersecurity community to develop effective countermeasures and best practices.
The rest of this chapter goes over some key concepts in more detail that will be necessary for further analysis, namely open-source intelligence, pretexting and generative AI.
% --------------------------------
% Open-Source Intelligence
% --------------------------------
\section{Open-source intelligence}
\begin{comment}
- OSINT, sometimes written as OS-INT?
- Data from publicly available resources
- Company website
- Social networking sites
- Sites like archive.org and Google archives
- Observing people in real life
- Does not include calling the company and asking for information or any other forms of engagement
- How modern AI augments OSINT gathering is analyzed in the last chapter
- Exploration of how AI tools and techniques used for the automation and enhancement of OSINT processes
- Stress the importance of OSINT within SE
- Ethical considerations when it comes to OSINT
- Some case studies highlighting the use of OSINT in real-world social engineering incidents?
- Countermeasures will also be covered later
- Strategies for companies to mitigate the risks associated with OSINT-based attacks
- Integration of AI algorithms for analyzing and extracting valuable insights from OSINT data
- Impact of AI-powered intelligence gathering of SE attacks
\end{comment}
In social engineering, publicly available information is referred to as \textbf{open-source intelligence} \citep{hadnagySocialEngineering2018}. Like the name implies, it involves gathering of intelligence data from publicly locatable sources, such as from the target company's website, or from the social networking profiles of an individual or from other public records.
Various online tools have been created for the purposes of gathering intelligence on an individual or an organization. They often offer automated forensic gathering and visualizes the found data, making it easier to identify patterns and connections.
Social engineering attacks typically begin with the gathering of open-source intelligence, which is subsequently used in conjunction with pretexting to attack an individual or an organization.
% --------------------------------
% Pretexting
% --------------------------------
\section{Pretexting}
\begin{comment}
- General info about what is pretexting
- Fabricated scenario that is plausible but fraudulent
- Originally used by FBI
- Impersonation
- Discussion about how modern AI can aid with pretexting is in the final chapter
- Role in the deception-based SE attacks
- Common pretexting tactics will be covered later
- How AI powers up pretexting will be discussed later
- How AI tech can be utilized to create more sophisticated and convincing pretexts
- Examples of successful pretexting attacks and their impacts
- AI and automated pretexting attacks and their effectiveness
- Analysis of pretexting evolving landscape with AI
- Ethical considerations?
- Countermeasures will be covered later also
- How to identify and mitigate attempts
- Recommendations for organiations to enhance their defenses against pretexting attacks
\end{comment}
Pretexting involves fabricating a story or a scenario, a \textbf{pretext}, that is plausible but fraudulent, to engage the target with \citep{contehCybersecurityRisksVulnerabilities2016}. With this story, the attacker hopes to gain the victim's trust by appearing legitimate. This type of attack relies heavily on the gathered open-source intelligence in assisting with the creation of the story \citep{hadnagySocialEngineering2018}.
Pretexting uses psychological manipulation, trust and relationship-building, making it a potent tool for attackers \citep{mitnick_The_Art_of_Deception_2003}. The attacker, often assuming the likeness and character of a legitimate entity such as a trusted colleague, an IT service worker, a government official, or a 3rd party service provider, creates a believable narrative story tailored to the target victim's context.
%The success of pretexting is based on the attacker's ability to gather background OSINT and use it convincingly, making the pretext appear legitimate and aligned with the target victim's expectations or experiences \citep{mitnick_The_Art_of_Deception_2003}.
% --------------------------------
% Generative AI
% --------------------------------
\section{Generative AI}
\begin{comment}
Artificial Intelligence, Generative AI (ChatGPT, etc)
What to cover:
- Mitä tekoäly oikeastaan edes on?
- What is Generative AI
- OpenAI releasing ChatGPT to the public in 2022
- NLP Natural Language Processing
What to skip:
- GPT:n historian (versiot 1, 2, 3, 3.5 jne) eli keskitytään vain GPT versioon 4 ja uudempiiin
\end{comment}
When AI is used to generate content, it is called \textbf{generative AI} \citep{goodfellowGenerativeAdversarialNetworks2020}. Unlike traditional AI, which follows programmed rules, generative AI utilizes machine learning to learn patterns from large training datasets to produce new outputs, such as text, images, audio and video \citep{fakhouriAIDrivenSolutionsForSocialEngineeringAttacks2024}.
A key example of generative AI is ChatGPT\footnote{https://openai.com/index/chatgpt (accessed 2024-08-19)}, a chatbot released by OpenAI in 2022. While far from being the first \citep{weizenbaumELIZA1996}, this chatbot revolutionized how people use and interact with generative AI systems, reaching over 100 million users in just two months\footnote{https://explodingtopics.com/blog/chatgpt-users (accessed 2024-08-11)}. Built on the GPT (Generative Pre-trained Transformer) architecture, ChatGPT is designed to understand and generate human-like text by predicting the next word in a sequence.
ChatGPT utilizes natural language processing (NLP), and leverages vast amounts of data to achieve contextually relevant responses. The underlying mechanics of ChatGPT involve a transformer model, which excels at capturing the nuances of language and context, allowing it to generate coherent and contextually appropriate text. The model learns not just from static datasets but also from continuous user interactions, improving its performance over time.