Abstract
In the Cyberspace domain, the rate of cyber-attack is rising every day. This reason initiates the need to encourage individuals to become Cyber Warriors. To have a better understanding of a Cyber Warrior, we need to know the training, requirement, skills, and knowledge to obtain and also its difference with a traditional warrior. Social engineering attacks have now become very successful, looking at the fact that most of technical devices are unreliable to prevent such attacks. The best way is that Cyber Warrior should give training to individuals and organizations to prevent such psychological attacks. We illustrated several categories of social engineering attacks in relation to Cyber Warrior training to prevent them.
Keywords—Cyber warrior, Cyberspace, Social engineering attacks
Save your time!
We can take care of your essay
- Proper editing and formatting
- Free revision, title page, and bibliography
- Flexible prices and money-back guarantee
Place an order
I. Introduction
In the world today, Cyber warrior has become an important concern that requires great attention and consideration due to the increase in many cyberattacks we are facing at the present time. The need for a Cyber warrior is highly demanded so as to fill the gap of the cyberspace workforce and to able to create new methodologies and algorithms to solve the problems. Looking at the challenges cyber-warrior faces and possible countermeasures to use. Even though the Era of Cyberwarfare is still a new paradigm, many countries, world organizations, and interested individuals are seeking the required skills, knowledge, and awareness to attain in the field. A Cyber warrior can be defined as a professional individual whose aim is involved in the activities of cyberwarfare by utilizing his/her knowledge and skills in defensive and offensive cyberattacks [1]. Cyber warfare refers to the use of cyberattacks between two parties (for example two countries) which can affect and damage the other parties’ infrastructures like attacking their network services, and computer systems resources which include theft of confidential information, power and electricity disruptions [2]. Recently due to the rise in attacks in many organizations, network facilities, and services, there is a need for studying on the awareness of Social engineering methods and defensive mechanisms which can be helpful in encountering the attacks and effects of the infrastructures that are vulnerable. Social engineering is an extremely critical psychological attack that can affect greatly when conducted successfully.
In this paper, we are going to explore the roles of a Cyber warrior by first understanding who is a Cyber warrior, the desired requirements and training to be a cyber-warrior, and the skills, and differences between a kinetic and cyber warrior domain. We also look at, different social engineering methods of attacks with their defensive mechanisms and how a cyber-warrior will control such methods. Accordingly, section II of this study presents the literature review on two concepts “cyber-warrior” and “social engineering method”, section III cyber-warrior in cyberspace, section IV social engineering methods, and section V describes the relationship between a cyber-warrior and social engineering methods. Finally, section VI presents the conclusion as well as the Recommendations of the study.
II. Literature review
In this section, we are going to view the two concepts of a cyber warrior and Social engineering and bring out what other researchers have conducted. According to [3], the paper presents the important leadership techniques required for a cyber-warrior when comparing it in the military perspective. The paper explains the differences between a kinetic and cyber warrior in the cyber domain. The leadership principles which a cyber-warrior should adopt from a military perspective by understanding one’s strengths and weaknesses for better improvements, be technically proficient, creating groups for training, and other leadership behaviors.
In the paper of T. Vinnakota [4] which is based on an academic perspective, it introduced a new program on how to teach individuals in a virtual computing manner using virtual devices in preparing individuals to become cyber warriors. The explains on how Virtual Education Laboratory can be used in the teaching process, and its functions and by this way, individuals will have the good required training to become cyber warriors. M. S. Bargh, S. Choenni, I. Mulder, and R. Pastoor [5], points out the reasons and roles on why we need individuals to become cyber warriors because these reasons or way will help to reduce the incidences of many cybercrimes. It shows the importance of the warrior paradigm and how this issue have been neglected. Lastly, the paper shows some incidents of cybercrime and solutions by enhancing the warrior paradigm.
In the work of T. Moore, A. Friedman, and A. D. Procaccia [6], introduced two different models which are the game-theoretic model using an attacker and a defender for vulnerability discovery and exploitation. This paper explains how a nation will choose between protecting itself by exposing vulnerability information or looking for an offensive advantage while remaining at risk. The cons of the paper show that it can only be applicable to only two players without consideration of a third player. An interesting paper of C. Herr and D. Allen [7], presents the idea of using video games as training tools for the next generation of cyber warriors. Traditional training will be changed to game-based methods, where individuals can participate fully in reality on how to attack and defend. It also explains the need for cyber warriors due shortage in the workforce.
In the paper [8], explained different factors that affect Social engineering attacks in social networking sites. It is based on how human is also considered as a factor, the importance of motivating individuals to understand social engineering attacks and its characteristics. According to [9], the paper selected one of the social engineering attacks and explored it fully, it presents a literature survey on Phishing attacks in Social engineering. Several types of phishing attacks, methods to prevent it, and analysis.
In the work of P. P. Parthy [10], is based on enterprise concerns and a clear description of enterprise infrastructure. It identifies the different social engineering threats and attacks that effect on enterprise, and different measures to prevent such attacks. In [11], the paper explained in detail the classification of social engineering attacks, their methods, description of the attack as well as the advantages and limitations of countermeasures.
III. Cyber-warrior
For us to have a better understanding in the domain of cyberwarriors, we need to point out four factors and examine questions such as, who is a cyber-warrior? where does it originate from? How can a cyber warrior operate? and what are they going to execute?
- Who can be an individual or group of individuals that cooperate together in the cyber warrior domain?
- Where does it originate from (Department of Defense strategies for operating in cyberspace)?
- How means the methods and procedures to conduct the operations?
- What means the types of attacks and defensives a cyber warrior should accomplish?
All these factors make us to believe that a cyber warrior has an important role to play in the cyberspace domain. The domain of cyber warrior requires to be analyzed as the recent rise in cyber-attacks and cyber weapons. The main reason behind the Cyber Warrior origin is from the five DoD strategies in Cyberspace which indicates its demands. In [12], The DoD’s first principle is that the DoD should manage and control the whole cyberspace activities so that it can be useful for now and in the future. The Second principle means that DoD should develop new mechanisms to secure the networks and system so as to improve its cyber security. The thirds want working collectively to move forward by promoting themselves and to overcome challenges together between US government and others. The fourth is to create a strong connection and cooperation with US partners and international partners to improve cybersecurity. The fifth is to train more people in the field of cyber security so as to enhance knowledge and create awareness to solve problems now and in the future. Considering this strategy, we need to know the training and requirements in becoming a cyber warrior.
A. Training of a Cyber Warrior
The training of individuals to become cyber warriors is not any task because it is very complicated and challenging as the cost is a concern. Several pieces of training like Central/ Joint training (JCAC) Joint Cyber Analysis Course which was a Navy Course that extends to the training of cyber warriors, Service-Specific Trainings, Colleges and Centres of Excellences, Competitions/Outreach, and Industry [13]. The training of cyber warriors should be standardized with both practical and theoretical aspects which will improve the future of cyberspace. The training must be extensively attacking and defensive operations in cyberspace.
B. Requirements and Skills of a Cyber Warrior
A Cyber Warrior is desired to have special skills and knowledge in the field of computing, programming, networking, and security, in [12], these skills include information gathering skills, Attacking/Defensive skills that is computer network operation which includes Computer Network Attack (CNA), Computer Network Defense (CND), and Computer Network Exploitation (CNE). The knowledge of ethics and legal issues is also very important so as to perform operations in the right manner. Leadership skills in relation to the traditional warriors, being responsible and competent in conduction of cyberwarfare operations, creating groups, and assigning the task to each member of the group. Other requirements can be Certifications and working experience.
C. Difference between Cyber Warrior and Traditional Warrior
The difference between a Cyber Warrior and a Traditional Warrior in [12] is that age is not important provided that the knowledge and skills of information security, programming, and other related subjects are acquired while Traditional Warrior needs only young age that can fight. Secondly, attitude will not be an issue while due to the age limit it may affect their attitude, there is also a conducive physical condition in cyber warfare to work which is not a Traditional Warrior. Lastly, credentials are not necessary while it is compulsory.
IV. Social engineering methods
Social engineering is the process of accessing information by creating a relationship that will lead to an attack in advance. It can be considered as one of the most dangerous attacks due to its strong effect of controlling and deceiving targets. In [12], there are five steps in conducting social engineering methods, Observation, Conversation, Interview, Interrogation, and Torture. In the observation step the attacker will try to find out information about its target, then create a way to communicate and have a conversation, the interview and interrogation is where the information is captured and used by the attacker. According to [11], social engineering attacks can be categorized in different ways;
- Human-based and Computer-based: Human-based attacks are usually face-to-face when the attacker uses his/her approach to access the target.
- Physical, Social, and Technical attacks: Social Engineering attacks can also be categorized based on how the attack is carried out.
- Direct, and Indirect attacks.
Some attacks have a combination of the above. Now let us briefly present them;
- Phishing Attacks: Phishing attacks are intended to deceive its target and get information using technical ways like email, webpages, messages, etc. There are many types of phishing attacks which include spear, whaling, vishing, business email compromise, and interactive voice response [11].
- Pretexting Attacks: Pretexting attacks that claim to be official and will request information from its target. It can be conducted physically or electronically [10].
- Baiting Attacks: Baiting attacks are always tricks to betray its targets. It appears as a Trojan horse that makes its target believe that it's safe by accepting it until later when realizing it malicious intent, it is usually technically [11].
- Tailgating Attacks: These are the physical access attacks or piggybacking attacks where the attacker gets access to a secured and controlled place secretly, bypassing the security point [11].
- Ransomware Attacks: Ransomware attacks is also social engineering attack where the attacker prevents is a target from accessing information and documents from the system using encryption, until they pay some amount of money [11].
- Fake Software Attacks: These are software that appears to be genuine but to its targets but they are fake, targets are required put their personal information before download or accessing the fake software [11].
- Reverse Social Engineering Attacks: Here the attack pretends to fix the computer network fault but ends up attacking the network or accessing related information [11].
- Pop-Up Windows: It is an attack that occurs as a result of a sudden display of a message, advert or other information that needs attention will show up on the target’s computer when responding to it causes the attack. [11].
- Phone/Email Scams Attacks: These attacks are conducted directly to the targets through phone calls, email, and messages so as get the slightest information from the target [11].
- Robocalls Attacks: Robocalls attacks is a type of attack that come up with extensive unknown calls from the computer to its target, as soon as the target picks the call, the Robocalls program will automatically save the number and other information [11].
- Shoulder surfing: A shoulder surfing attack is an act of secretly recording the password and other information of its target [11].
- Dumpstandiving: A dumpster diving attack is an act of collecting discarded information through outdated storage devices and use it to as a weapon to gain information [11]
- Impersonation on help desk calls: It is also an attack where the attack claims to ask for information from the help desk [11].
V. Role of cyber warriors on social engineering attacks
Social engineering attacks can be classified among the major threats in cyberspace, it requires extensive training of individuals or groups to prevent it and reduced it occurrence, considering the fact that technical defensive measures are not reliable and sufficient enough to overcome its consequence. The need for Cyber Warrior is necessary so as to assist in the training of individuals and organizations that will combat these problems.
- Social engineering category
- Training of cyber warrior
- Technical devices
- It can prevent
- It cannot prevent
- It can prevent
- It can prevent but not all
- It can prevent
- It cannot prevent
- It can prevent
- It can prevent but not all
- It can prevent
- It can prevent but not all
- It can prevent
- It cannot prevent
- It can prevent
- It can prevent but not all
Table 1.
- Social engineering category
- Training of cyber warrior
- Technical devices
- Phishing Attacks
- It can prevent
- It cannot prevent
- Pretexting Attacks
- It can prevent
- It can prevent but not all
- Baiting Attacks
- It can prevent
- It can prevent
- Tailgating Attacks
- It can prevent
- It cannot prevent
- Ransomware Attacks
- It can prevent
- It can prevent but not all
- Fake Software Attacks
- It can prevent
- It can prevent but not all
- Reverse Social Engineering Attacks
- It can prevent
- It can prevent
- Pop-Up Windows
- It can prevent
- It can prevent
- Phone/Email Scams Attacks
- It can prevent
- It can prevent but not all
- Robocalls Attacks
- It can prevent
- It cannot prevent
- Shoulder surfing
- It can prevent
- It cannot prevent
- Dumpsters Diving
- It can prevent
- It cannot prevent
- Impersonation of help desk Attacks
- It cannot prevent
- It cannot prevent
Table 2.
VI. Conclusion and future work
In this paper, we present the role of a Cyber Warrior in preventing social engineering attacks. A Cyber Warrior has the capability and requirement to tackle social engineering attack considering that social engineering attack is psychological and need intelligence in solving. The technical tools are not always reliable in detecting and preventing social engineering attacks, therefore a qualified and trained individual is required to help other individuals and organizations by creating awareness to prevent themselves against social engineering attacks. Now that we have understand the need for a Cyber Warrior, in the future, we may look at the measures and skills a Cyber Warrior will apply in a real-life that will help to preventing social engineering attacks.
References
- TechnoPedia, 'What is a CyberWarrior,' [Online]. Available: https://www.techopedia.com/definition/28615/cyber-warrior. [Accessed 11 11 2019].
- K. J. a. H. J. M.Robinson, 'Cyber warfare: Issues and Challenges,' Computer Security, no. 49, pp. 70-94, 2015.
- G. Conti and D. Raymond, 'Leadership of Cyber Warriors: Enduring Principles and New Directions,' Small Wars J, 2011.
- T. Vinnakota, 'Understanding of cyberspace using cybernetics: An imperative need for cybersecurity of enterprises,' in Proceeding - IEEE Cybern. 2013 IEEE Int. Conf. Comput. Intell. Cybern, 2013.
- S. C. I. M. a. R. P. M. S. Bargh, 'Exploring a warrior paradigm to design out cybercrime,” Proc. - 2012 Eur. Intell. Secur. Informatics Conf. EISIC 2012,' in Proc. - 2012 Eur. Intell. Secur. Informatics Conf. EISIC 2012, 2012.
- A. F. T. Moore and A. D. Procaccia, 'Would a ‘cyber warrior’ protect us? Exploring trade-offs between attack and defense of information systems,” Proc. New Secur. Paradig. Work., pp. 85–94, 2010.,' Proc. New Secur. Paradig. Work, p. 85–94, 2010.
- C. Herr and D. Allen, 'Video games as a training tool to prepare the next generation of cyber warriors,' Proc. 2015 ACM SIGMIS Conf. Comput. People Res, pp. 23-29, 2015.
- A. Model, 'Social Engineering in Social Networking Sites,' Inf. Sci. Technol. (ICIST), pp. 508-515, 2013.
- S. Gupta, A. Singhal, and A. Kapoor, 'A literature survey on social engineering attacks: Phishing attack,' in IEEE Int. Conf. Comput. Commun. Autom. ICCCA 2016, pp. 537–540, 2017.
- P. P. Parthy, 'Identification and prevention of social engineering attacks on an enterprise,' IEEE, 2016.
- F. Salahdine and N. Kaabouch, 'Social Engineering Attacks: A Survey,' Futur. Internet, vol. 11, no. 4, p. 89, 2019.
- J. Andress and S. Winterfeld, CYBER WARFARE Techniques, Tactics and Tools for Security Practitioners second edition, Elesevier.com, 2014.
- L. D. Jennifer J. Li, Training Cyber Warriors, Santa Monica, Califonia: Published by the RAND Corporation , 2015.
- J. A. a. W. Steve, Cyber Warfare and Techiques, Tactics and Tools for Security Practitioners, Elesevier.com, 2014.