Explore chapters and articles related to this topic
Searching for IoT Resources in Intelligent Transportation Cyberspace (T-CPS)—Requirements, Use-Cases and Security Aspects
Published in Yassine Maleh, Mohammad Shojafar, Ashraf Darwish, Abdelkrim Haqiq, Cybersecurity and Privacy in Cyber-Physical Systems, 2019
Md. Muzakkir Hussain, Mohammad Saad Alam, M. M. Sufyan Beg, Rashid Ali
Since an IoT-aided ITS infrastructure comprises of multiple sensors, computer chips and devices etc., its deployment in varying different geographic locations results in an increased attack vector of involved objects. As a nontrivial extension of traditionally centralized search engines, it is inevitable that some issues will continue to persist in a distributed TCS, especially security and privacy issues. For instance, edge-based TCS solutions are deployed by different service providers and utilities that may not be fully trusted and thus, devices are vulnerable to be compromised. The IoT nodes in T-CPS are confronted with various threats and attack vectors, a landscape of which is presented in Figure 10.12. The IoT endpoints in ITS networks have constrained store, compute, and network resources that are easy to be hacked, broken or stolen. Examples of attack vector may be human-caused sabotage of network infrastructure, malicious programs provoking data leakage, or even physical access to devices.
Cybersecurity Incident Response in the Enterprise
Published in Mohiuddin Ahmed, Nour Moustafa, Abu Barkat, Paul Haskell-Dowland, Next-Generation Enterprise Security and Governance, 2022
Nickson M. Karie, Leslie F. Sikos
Attack Vector: This is usually any method, path, or means that attackers use to breach or infiltrate a computer or network and deliver a payload or malicious outcome. Common examples of attack vectors that can be used to exploit system vulnerabilities or launch cyber-attacks include malware and ransomware, man-in-the-middle attacks, compromised credentials, and phishing. Note that attack vectors can contain one or more malicious payloads.
An Overview about the Cyberattacks in Grid and Like Systems
Published in Fadi Al-Turjman, Smart Grid in IoT-Enabled Spaces, 2020
Attack vectors are the path or means by which a threat agent gains access to a computer or network for the purpose of malicious activity. There is a large taxonomy of attack vectors. A short list includes the human element, web and browser attacks, Internet exposed threat, mobile app stores, and malicious USB drives.
A quarter century of usable security and privacy research: transparency, tailorability, and the road ahead
Published in Behaviour & Information Technology, 2022
Christian Reuter, Luigi Lo Iacono, Alexander Benlian
Key questions to answer in this area are amongst others: (1) Which phishing attack vector (e.g. email, URL, website, malware) does the intervention address? (2) When (pre-decision, during decision, post-decision) does the intervention take place? (3) Does the intervention require user interaction? Research and practice have developed a number of user-oriented interventions against phishing attacks to address these questions. Among those are education and training approaches (e.g.Canova et al. 2015; Kumaraguru et al. 2009), where users develop knowledge and skills that they can apply to real-world phishing attempts. Moreover, awareness-raising measures or design considerations (e.g.Marforio et al. 2016; Nicholson, Coventry, and Briggs 2017; Petelka, Zou, and Schaub 2019) aim to guide users towards secure online behaviour in situ. More recent research has developed a taxonomy of user-oriented phishing interventions (Franz et al. 2021) including educational interventions (e.g.Text-based, video-based, or in-class education), training (e.g. serious games, embedded training, mindfulness-based training), awareness-raising warnings (e.g. interactive warnings, passive warnings), and anti-phishing designs (e.g. colour coding, highlighting, customising), which users need to navigate through when being pushed towards secure online behaviour.
A survey of phishing attack techniques, defence mechanisms and open research challenges
Published in Enterprise Information Systems, 2022
In this paper, we have discussed the phishing problem in detail along with its distribution methods, attack vector and countermeasures. The paper discussed how the attacker acquires the credentials from the individual uses and enterprises. The attackers target the users and enterprises through various ways like emails, online social networks, SMS, blogs, and so on. Furthermore, the paper discussed the phishing attacking techniques from traditional methods to emerging phishing methods like data URI, OSN, Smishing, and so on. Internet users and enterprises people get trapped under phishing attacks due to lack of awareness, ignorance of security indicators, and high visual resemblance of phishing websites. The survey classified the phishing countermeasures into six major categories and presented the advantages and limitations of each category. Moreover, we have explained approaches with their pros and cons under the individual category. We have identified the user education is necessary for creating awareness among the users to avoid the phishing attacks. However, user education cannot detect the phishing webpages automatically. Therefore, user education along with software solutions is required to mitigate this brutal attack. We have observed the machine learning-based approaches are able to catch most of the phishing vector. However, accuracy of these approaches depends on the feature selection and classification algorithm. We have also discussed various open issues and challenges in the existing approaches which may be used to address in the future research.