Training of information technology personnel through simulations for protection against cyber attacks
Main Article Content
Abstract
Nowadays, the development of information technology, robotics and artificial intelligence, has brought radical changes in every aspect of people's lives and this has made our lives have a lot of access to contemporary information and technology. These technological developments in many areas of business and telecommunications, in addition to their benefits, have also increased the risks. Users should be very careful when using social networks, various applications and navigating the Internet world because the risk of cyber-attacks by irresponsible persons with malicious intentions is very frequent. So, web applications make it possible for website visitors to record data or access data through the browser, where all this data is stored in the website's database, which is often the target of cyber-attacks where the attacker has read access, attempts to modify and delete data from the database. This paper aims to provide the necessary information about attacks and cyber hygiene, where we will recommend the review and analysis of these attacks using tools from the MetaSploit library which is a framework that makes hacking easier and is also a tool essential for many attackers and defenders. So MetaSploit helps developers and web administrators from this library to keep up with the times and take preventive measures against the tricks of irresponsible people.
Article Details
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
References
Gluschke, G., Casin, M. H., & Macori, M. (2018). Cyber security policies and critical infrastructure protection. Institute for Security and Safety Press.
Hyka, D., & Basholli, F. (2023). How secure is our medical data? Is Albania ready for the digitalization of the health care system?. Engineering Applications, 2(3), 235-242.
Breda, F., Barbosa, H., & Morais, T. (2017). Social engineering and cyber security. 11th International Conference on Technology, Education and Development,6-8. https://doi.org/10.21125/inted.2017.1008
Basholli, F. (2022). Cyber warfare, a new aspect of modern warfare. VI International Scientific Conference CONFSEC, 52-54.
Panda Security. (2018). Type of Cybercrime. https://www.pandasecurity.com/mediacenter/panda-security/types-of-cybercrime/
Government of the Netherlands. (2016). Forms of Cybercrime. Available at: https://www.government.nl/topics/cybercrime/forms-of-cybercrime
Van Hee, C., Jacobs, G., Emmery, C., Desmet, B., Lefever, E., Verhoeven, B., De Pauw, G., Daelemans, W., & Hoste, V. (2018). Automatic detection of cyberbullying in social media text. PloS One, 13(10), e0203794. https://doi.org/10.1371/journal.pone.0203794
Salahdine, F., & Kaabouch, N. (2019). Social engineering attacks: A survey. Future internet, 11(4), 89. https://doi.org/10.3390/fi11040089
Rahalkar, S. (2017). Metasploit for beginners. ISBN: 978-1788295970
Basholli, A., Mema, B., Basholli, F., Hyka, D., & Salillari, D. (2023). The role of education in cyber hygiene. Advanced Engineering Days (AED), 7, 178-181.
Timalsina, U., & Gurung, K. (2015). Metasploit framework with kali linux. Technical Report.
Handy, N. (2018). Kali Linux & Metasploit: Getting Started with Pen Testing. https://medium.com/cyberdefenders/kali-linux-metasploit-getting-started-with-pen-testing- 89d28944097b
Morgan, S. (2017). Cybercrime report, cybercrime damages will cost the world us $6 trillion by 2021,” Cybersecurity Ventures, Herjavec Group. Online Report.
Anti-Phishing Working Group. (2018). Phishing Activity Trends Report, 1st Quarter 2018. Unifying the Global Response To Cybercrime. APWG.
Hyka, D., & Basholli, F. (2023). Health care cyber security: Albania case study. Advanced Engineering Days (AED), 6, 121-123.
Anti-Phishing Working Group. (2018). Phishing Activity Trends Report, 2nd Quarter 2018. Unifying the Global Response To Cybercrime. APWG.
Gallaher, M. P., Link, A. N., & Rowe, B. (2008). Cyber security: Economic strategies and public policy alternatives. Edward Elgar Publishing.
Microsoft (2022). https://www.cisa.gov › news-events
Daberdini, A., Basholli, F., Metaj, N., & Skenderaj, E. (2022). Cyber security in mail with Fortiweb and Fortinet for companies and institutions. Advanced Engineering Days (AED), 5, 81-83.
Mema, B., Basholli, F., & Hyka, D. (2023). ChatGPT in Albanian higher education: Transformation of learning and virtual interaction. Advanced Engineering Days (AED), 8, 23-27.
Spahiu, A., Panxhi, D., & Dhamo, D. (2022). Increasing productivity and energy efficiency in cement industry by using VSM. Advanced Engineering Days (AED), 5, 64-67.
Singh, J., Kaur, S., Kaur, G., & Kaur, G. (2016). A detailed survey and classification of commonly recurring cyber attacks. International Journal of Computer Applications, 141(10), 15-19.
Popoola, S. I., Iyekekpolo, U. B., Ojewande, S. O., Sweetwilliams, F. O., John, S. N., & Atayero, A. A. (2017, October). Ransomware: Current trend, challenges, and research directions. Proceedings of the World Congress on Engineering and Computer Science, 1, 169-174.
Metalla, J., Dume, G., Basholli, F., & Ndokaj, E. (2023). Modeling and simulation of robotic hand pressure sensor in Simscape. Advanced Engineering Days (AED), 7, 151-154.
Igbe, O., Ajayi, O., & Saadawi, T. (2017, October). Denial of service attack detection using dendritic cell algorithm. 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), 294-299. https://doi.org/10.1109/UEMCON.2017.8249054
Bendovschi, A. (2015). Cyber-attacks–trends, patterns and security countermeasures. Procedia Economics and Finance, 28, 24-31. https://doi.org/10.1016/S2212-5671(15)01077-1
Basholli, F., & Daberdini, A. (2023). Monitoring and assessment of the quality of electricity in a building. Engineering Applications, 2(1), 32-48.
Wu, M., Miller, R. C., & Garfinkel, S. L. (2006, April). Do security toolbars actually prevent phishing attacks?. In Proceedings of the SIGCHI conference on Human Factors in computing systems, 601-610. https://doi.org/10.1145/1124772.1124863
Patel, R. S. (2013). Kali Linux Social Engineering: Effectively perform efficient and organized social engineering tests and penetration testing using Kali Linux. Birmingham, VIC: Packt Publishing Ltd.
Mouton, F., Leenen, L., Malan, M. M., & Venter, H. S. (2014). Towards an ontological model defining the social engineering domain. In ICT and Society: 11th IFIP TC 9 International Conference on Human Choice and Computers, HCC11 2014, Turku, Finland, July 30–August 1, 2014. Proceedings 11, 266-279. https://doi.org/10.1007/978-3-662-44208-1_22
Mouton, F., Leenen, L., & Venter, H. S. (2016). Social engineering attack examples, templates and scenarios. Computers & Security, 59, 186-209. https://doi.org/10.1016/j.cose.2016.03.004
Basholli, F., Daberdini, A., & Basholli, A. (2023). Possibility of protection against unauthorized interference in telecommunication systems. Engineering Applications, 2(3), 265-278.
InsightIDR Overview, (2019). Insightidr.help.rapid7.com
Basholli, F. (2022). Assessment of airspace surveillance and control in Albanian territory from the current and historical prospective. Advanced Engineering Days (AED), 5, 71-73.
Townsend, M. (2017). What is the different between cyber-crime and cyber- attack?. https://www.quora.com/What-is-the-different-between-cyber-crime-and- cyber-attack
Cisco Corporation. (2023). What Is Cybersecurity?. https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html
Basholli, F., Minga, J., & Grepcka, A. (2023). Protection of buildings on a university campus from lightning strikes. Advanced Engineering Days (AED), 8, 35-38.
Hyka, D., Hyra, A., Basholli, F., Mema, B., & Basholli, A. (2023). Data security in public and private administration: Challenges, trends, and effective protection in the era of digitalization. Advanced Engineering Days (AED), 7, 125-127.
Dey, P. K. (2016). Prashant's algorithm for password management system. International Journal of Engineering Science, 2424.
Basholli, F. (2022). Electronic interference and protection from it. Advanced Engineering Days (AED), 5, 74-76.
Basholli, F., Mezini, R., & Basholli, A. (2023). Security in the components of information systems. Advanced Engineering Days (AED), 7, 185-187.
Whitty, M. T., & Buchanan, T. (2012). The online romance scam: A serious cybercrime. CyberPsychology, Behavior, and Social Networking, 15(3), 181-183. https://doi.org/10.1089/cyber.2011.0352
Hopkins, M., & Dehghantanha, A. (2015, November). Exploit Kits: The production line of the Cybercrime economy?. In 2015 second international conference on Information Security and Cyber Forensics (InfoSec), 23-27. https://doi.org/10.1109/InfoSec.2015.7435501
Basholli, F., & Daberdini, A. (2022). Monitoring and evaluation of the quality of electricity in a building. Advanced Engineering Days (AED), 5, 77-80.
Sheme, E., Tafa, I., & Basholli, F. (2023). BattSim-GDC Simulator: How much battery your green datacenter needs?. Advanced Engineering Days (AED), 6, 162-164.
Pajaziti, A., Basholli, F., & Zhaveli, Y. (2023). Identification and classification of fruits through robotic system by using artificial intelligence. Engineering Applications, 2(2), 154-163.
Kurniawan, A., & Fitriansyah, A. (2018). What is Exploit Kit and How Does it Work?. International Journal of Pure and Applied Mathematics, 118(20), 509-516.
GREAT-Global Research and Analysis Team. (2017). Attacks with Exploits: From Everyday Threats to Targeted Campaigns. https://media.kaspersky.com/en/business- security/enterprise/KL_Report_Exploits_in_2016_final.pdf
Basholli, F., Daberdinİ, A., & Basholli, A. (2023). Detection and prevention of intrusions into computer systems. Advanced Engineering Days (AED), 6, 138-141.
Samani, R., McFarland, C. (2015). Hacking the human operating system: The role of social engineering within cybersecurity. Santa Clara, CA: McAfee.
Broadhurst, R., & Chantler, A. N. (2008). Social Engineering and Crime Prevention in Cyberspace
Frumento, E., Puricelli, R., Freschi, F., Ariu, D., Weiss, N., Dambra, C., Cotoi, I., Roccetti, P., Rodriguez, M., Adrei, L., Marinelli, G., Kandela, G., Pachego, B. (2016). The role of social engineering in evolution of attacks.
Mema, B., & Basholli, F. (2023). Internet of things in the development of future businesses in Albania. Advanced Engineering Science, 3, 196-205.
Vaisla, K. S., & Saini, R. (2014). Analyzing of zero day attack and its identification techniques. In Proceedings of First International Conference on Advances in Computing & Communication Engineering (ICACCE-2014)
Yeboah-Boateng, E. O., & Amanor, P. M. (2014). Phishing, SMiShing & Vishing: an assessment of threats against mobile devices. Journal of Emerging Trends in Computing and Information Sciences, 5(4), 297-307.
Harizaj, M., Bisha, I., & Basholli, F. (2023). IOT integration of electric vehicle charging infrastructure. Advanced Engineering Days (AED), 6, 152-155.
Remorin, L., Flores, R., & Matsukawa, B. (2018). Tracking trends in business email compromise (BEC) schemes. Trend Micro, 18(1).
De Ryck, P., Nikiforakis, N., Desmet, L., & Joosen, W. (2013, May). Tabshots: Client-side detection of tabnabbing attacks. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, 447-456. https://doi.org/10.1145/2484313.2484371
Koops, B. J., & Leenes, R. E. (2006). ID theft, ID fraud and/or ID-related crime-definitions matter. Datenschutz und Datensicherheit, 30(9), 553-556.
Cornell Law School, Legal Information Institute. (2011). U.S. Code § 1028.Fraud and related activity in connection with identification documents, authentication features, and information. https://www.law.cornell.edu/uscode/text/18/1028
Moore, R. (2014). Cybercrime: Investigating high-technology computer crime. Routledge.
Basholli, F., Hyka, D., Basholli, A., Daberdini, A., & Mema, B. (2023). Analysis of cyber-attacks through simulation. Advanced Engineering Days (AED), 7, 120-122.