Exploiting trust: Stealthy attacks through socioware and insider threats

Aditya K. Sood, Sherali Zeadally, Rohit Bansal

Research output: Contribution to journalArticlepeer-review

5 Scopus citations

Abstract

Online social networks (OSNs) provide a new dimension to people's lives by giving birth to online societies. OSNs have revolutionized the human experience, but they have also created a platform for attackers to distribute infections and conduct cybercrime. An OSN provides an opportunistic attack platform for cybercriminals through which they can spread infections at a large scale. We describe a category of malware (or attacks) known as socioware that exploits OSN environments for performing unauthorized and nefarious activities. Socioware can be an executable, an extension, an exploit code, etc., that conducts malicious operations in OSNs with serious impact on users. Furthermore, we discuss the socioware taxonomy highlighting the characteristics of socioware to illustrate the design and exploitation tactics of OSN malware. In contrast, insider threats (employees or contractors) are posing a grave threat to organizations, with a motivation to steal critical data and monetize it for financial gains. Insider threats have become a serious concern for many organizations today. We present a complete attack model to demonstrate how an insider threat exploits the online trust and confidentiality by transforming an OSN into a socioware distribution platform that infects other employees' systems. Finally, we discuss security defenses that can be adopted to defend against socioware.

Original languageEnglish
Pages (from-to)415-426
Number of pages12
JournalIEEE Systems Journal
Volume11
Issue number2
DOIs
StatePublished - Jun 2017

Bibliographical note

Publisher Copyright:
© 2007-2012 IEEE.

Keywords

  • Attack
  • cybercrime
  • insider threats
  • malware
  • online social networks (OSNs)
  • vulnerability

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Information Systems
  • Computer Science Applications
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Exploiting trust: Stealthy attacks through socioware and insider threats'. Together they form a unique fingerprint.

Cite this