论文信息 - Security Strategies for Hindering Watering Hole Cyber Crime Attack

Security Strategies for Hindering Watering Hole Cyber Crime Attack

Abstract The signiﬁcant increase of Advanced Persistent Threat (APT) attacks, especially via watering hole leads to a huge loss to the company as they enable Bring Your Own Devices (BYOD) in the workplace. Higher education institutions also faced the same threat since BYOD has been adopted into their institution. In this paper, a simulation on watering hole attack and spear phishing; comparison between these two APT variants, as well as the survey design based on the Protection Motivation Theory (PMT) are presented. The result of the survey is analyzed using PLS-SEM. The result demonstrated that severity factor and vulnerability factor moderately explained the Protection Behaviour factor; and Protection Behaviour factor is a moderately strong predictor to self-eﬃcacy, but avoidance behavior does not predict self-eﬃcacy directly. Based on this result, a set of security policy for hindering watering hole and spear phishing attack is designed and implemented. The new policy will then be adapted to the university e-learning portal.

Manmeet Mahinderjit Singh | Pantea Keikhosrokiani | Zakiah Zulkefli | Khairun Ashikin Ismail | Norlia Mustaﬀa

[1] Rex B. Kline,et al. Book Review: Psychometric theory (3rd ed.) , 1999 .

[2] Eden Dahlstrom,et al. ECAR Study of Undergraduate Students and Information Technology, 2014. , 2014 .

[3] R. W. Rogers,et al. A Protection Motivation Theory of Fear Appeals and Attitude Change1. , 1975, The Journal of psychology.

[4] H. Raghav Rao,et al. Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[5] Ashwin Pillay,et al. Does BYOD increase risks or drive benefits , 2013 .

[6] Edgar R. Weippl,et al. Advanced social engineering attacks , 2015, J. Inf. Secur. Appl..

[7] Daniele Sgandurra,et al. A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.

[8] Azman Samsudin,et al. Trusted Security Policies for Tackling Advanced Persistent Threat via Spear Phishing in BYOD Environment , 2015 .

[9] Scott Emery. Factors for Consideration when Developing a Bring Your Own Device (BYOD) Strategy in Higher Education , 2012 .

[10] Mikko T. Siponen,et al. Motivating IS security compliance: Insights from Habit and Protection Motivation Theory , 2012, Inf. Manag..

[11] E. Seydel,et al. Protection Motivation Theory , 2022 .

[12] Siddhi Pittayachawan,et al. Comparing intention to avoid malware across contexts in a BYOD-enabled Australian university: A Protection Motivation Theory approach , 2015, Comput. Secur..