RADIOELECTRONIC AND COMPUTER SYSTEMS

The primary research goal is to develop a method for constructing a classification model of modern approaches to implementing sociotechnical attacks, to systematize and integrate existing classifications of relevant approaches, with the possibility of expanding with new characteristic features. The development of information technology and data exchange creates new threats to cyber security, including cyber attacks and frauds. Social networks and artificial intelligence contribute to the improvement of sociotechnical methods. Analyzing the data of leading studies, certain methods are identified that social engineers use most often, but these publications do not form a set of signs that characterize the approaches to implementation of the corresponding attacks, which will make it possible to formalize the process of their classification from a systemic standpoint. The research is aimed at solving the following tasks: toconstruct a model for classifying sociotechnical attacks in which it is possible to develop a generalized hierarchical model; to form a generalized set of features, criteria, and sub-criteria, which allows us to select and develop appropriate means of countering sociotechnical attacks from a systemic perspective; and to carry out the modelling of a corresponding cyberattack for a systematic understanding of actions and countermeasures. Given this, the analysis and classification of modern approaches to the implementation of sociotechnical attacks is an important component of a cyber security strategy to ensure protection against ever-growing threats and is an urgent scientific task. Results and conclusions. Based on the multi-theoretical approach, a method is proposed, in which, due to the stages of determining the set: identifiers of signs, criteria, and sub-criteria, it is possible to develop a generalized hierarchical model for classifying socio-technical attacks according to the characteristic principle. Based on the proposed model and the analyzed literature, a generalized set of features, criteria, and sub-criteria has been formed, such as: time aspect, industry affiliation, interaction with security policy, remoteness, initialization, tools, manipulation, violation of characteristics, relational signs, severity level, type of attacked source, type of access, type of appeal, type of sociotechnical technique, and scale, which allows us to select and develop appropriate means of countering sociotechnical attacks from a systemic perspective. The example of conducting a sociotechnical attack is considered, in which, taking into account the MAISA classification model and such steps of their implementation as: target research, preparation of a sociotechnical attack, performing of the attack, exploitation of the information received, hiding traces, made it possible to approach the understanding of the actions of a sociotechnician when implementing a phishing attack from a systemic perspective for the further development of appropriate countermeasures. In addition, based on the obtained criteria, it is possible to develop a method for assessing personnel readiness to counter various classes of sociotechnical attacks.

cyber security; data protection; information security; sociotechnical attacks; sociotechnical attack methods; social engineering

Babak, A., & Ben, B. Combatting Cybercrime and Cyberterrorism. Challenges, Trends and Priorities. Springer International Publishing, 2016. 321 p.

Breda, F., Barbosa, H., & Morais, T. Social engineering and cyber security. International Technology, Education and Development Conference, 2017, pp. 4204–4211. DOI: 10.21125/inted.2017.1008.

Wang, Z., Sun, L., & Zhu, H. Defining Social Engineering in Cybersecurity. IEEE Access, 2020, vol. 8, pp. 85094-85115. DOI: 10.1109/ACCESS.2020.2992807.

Mahmood, S., Chadhar, M., & Firmin, S. Addressing Cybersecurity Challenges in Times of Crisis: Extending the Sociotechnical Systems Perspective. Appl. Sci., 2024, vol. 14, iss. 24, article no. 11610. DOI: 10.3390/app142411610.

Nakhal Akel, A. J., Di Gravio, G., Fedele, L., & Patriarca, R. Learning from Incidents in Socio-Technical Systems: A Systems-Theoretic Analysis in the Railway Sector. Infrastructures, 2022, vol. 7, iss. 7, article no. 90. DOI: 10.3390/infrastructures7070090.

Mokhor, V. V., Tsurkan, O. V., Herasymov, R. P., & Tsurkan, V. V. Information Security Assessment of Computer Systems by Socio-engineering Approach. Selected Papers of the XVII International Scientific and Practical Conference Information Technologies and Security, Kyiv, 2017, pp. 92-98.

Wolert, R., & Rawski, M. Email Phishing Detection with BLSTM and Word Embeddings. Intl journal of electronics and telecommunications, 2023, vol. 69, no. 3, pp. 485–491. DOI: 10.24425/ijet.2023.146496.

Mouton, F., Leenen, L., & Venter, H. Social engineering attack examples, templates and scenarios. Computers & Security, 2016, vol. 59, pp. 186-209. DOI: 10.1016/j.cose.2016.03.004.

Krombholz, K., Hobel, H., Huber, M., & Weippl, E. Advanced social engineering attacks. Journal of information security and applications, 2015, vol. 22, pp. 113–122. DOI: 10.1016/j.jisa.2014.09.005.

Talishinsky, E. Manipulation as a form of information-psychological war. Universidad y Sociedad, 2023, vol. 15, no. 5, pp. 143-150.

Wang, Z., Zhu, H., & Sun, L. Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods. IEEE Access, 2021, vol. 9, pp. 11895-11910. DOI: 10.1109/ACCESS.2021.3051633.

Konstankevych, I., Kostusiak, N., & Shulska, N. Media Manipulation as a Tool of Information Warfare: Typology Signs, Language Markers, Fact Checking Methods. AD ALTA, 2022, vol. 2, Spec. iss. XХІX (12), pp. 224-230.

Ebers, M. Privacy, Data Protection and Data-driven Technologies. Routledge, 2024. 430 p. DOI: 10.4324/9781003502791.

Alotaibi, B. Cybersecurity Attacks and Detection Methods in Web 3.0 Technology: A Review. Sensors, 2025, vol. 25, iss. 2, article no. 342. DOI: 10.3390/s25020342.

Al-Thani, N. A. Adolescents’ and social engineering: The role of psychometrics factors in determining vulnerability and designing interventions. 2022 9th International Conference on Behavioural and Social Computing (BESC), Matsuyama, Japan, 2022, pp. 1-5. DOI: 10.1109/BESC57393.2022.9995705.

Conheady, S. Social Engineering in IT Security: Tools, Tactics, and Techniques. New York, McGraw-Hill Education, 2014. 254 p.

Momoh, I., Adelaja, G., & Ejiwumi, G. Analysis of the Human Factor in Cybersecurity: Identifying and Preventing Social Engineering Attacks in Financial Institution. IEEE, 2023. DOI: 10.13140/RG.2.2.35640.52489.

Ghafir, I., Prenosil, V., Alhejailan, A., & Hammoudeh, M. Social engineering attack strategies and defence approaches. 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), Vienna, Austria, 2016, pp. 145-149. DOI: 10.1109/FiCloud.2016.28.

ISO/IEC 27032:2023 Cybersecurity - Guidelines for Internet security. Available at: https://www.iso.org/standard/76070.html (accessed 22 April 2025)

Breda, F., Barbosa, H., & Morais, T. Social engineering and cyber security, 2017, pp. 4204–4211. DOI: 10.21125/inted.2017.1008.

Malatji, M., Marnewick, A., & von Solms, S. Validation of a socio-technical management process for optimising cybersecurity practices. Computers & Security. 2020, vol. 95, article no. 101846. DOI: 10.1016/j.cose.2020.101846.

Hadnagy, C. Social Engineering: The Science of Human Hacking. John Wiley & Sons, Inc., 2018. 362 p.

Edwards, L., Zahid Iqbal, M., & Hassan, M. A multi-layered security model to counter social engineering attacks: a learning-based approach. International Cybersecurity Law Review, 2024, vol. 5, pp. 313–336. DOI: 10.1365/s43439-024-00119-z.

Moraitis, G., Sakki, G.-K., Karavokiros, G., Nikolopoulos, D., Tsoukalas, I., Kossieris, P., & Makropoulos, C. Exploring the Cyber-Physical Threat Landscape of Water Systems: A Socio-Technical Modelling Approach. Water, 2023, vol. 15, iss. 9, article no. 1687. DOI: 10.3390/w15091687.

Borowiec, Ł., Demidowski, K., Pecka, M., & Jonarska, A. The analysis of social engineering methods in attacks on authentication systems. Advances in Web Development Journal, 2023, vol. 1, no. 7, pp. 83–106.

Ruffo, G., Semeraro, A., Giachanou, A., & Rosso, P. Studying fake news spreading, polarisation dynamics, and manipulation by bots: A tale of networks and language. Computer Science Review, 2023, vol. 47, article no. 100531. DOI: 10.1016/j.cosrev.2022.100531.

Korchenko, О. H., Patsira, Ye. V., & Pukha, D. А. Klasyfikatsiya metodiv sotsialʹnoho inzhynirynhu [Classification of social engineering methods]. Zakhyst informatsii – Ukrainian Information Security Research Journal, 2007, vol. 9, no. 4(36), pp. 37-45. DOI: 10.18372/2410-7840.9.4129. (In Ukrainian).

Korchenko, О. H., Hornitska, D. А., & Hololobov, А. Yu. Rozshyrena klasyfikatsiyia metodiv sotsialnoho inzhenirynhu [Extended classification of methods of social engineering]. Bezpeka informatsii – Ukrainian Scientific Journal of Information Security, 2014, vol. 20, iss. 2, pp. 197-205. Available at: http://jrnl.nau.edu.ua/index.php/Infosecurity (accessed 10.02.2025) (In Ukrainian).

Koyun, A., & Al Janabi, E. Social Engineering Attacks. Journal of Multidisciplinary Engineering Science and Technology, 2017, vol. 4, iss. 6, pp. 7533-7538. Available at: https://scholar.archive.org/work/rtexlf6nyrgjtgc76gzorss6aq (accessed 10.02.2025)

Troyer, L. Expanding sociotechnical systems theory through the trans-disciplinary lens of complexity theory. Transdisciplinary Perspectives on Complex System, Springer, Cham, 2017, pp. 177–192. DOI: 10.1007/978-3-319-38756-7_7.

Hadnagy, C. Social Engineering. The art of Human Hacking. Wiley Publishing, Inc., 2011. 477 p.

Somepalli, S. H., Tangella, S. K. R., & Yalamanchili, S. Information Security Management. HOLISTICA – Journal of Business and Public Administration, 2020, vol. 11, iss. 2, pp. 1-16. DOI: 10.2478/hjbpa-2020-0015.

Goutam, R. Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals. BPB Publications,2021. 260 p.

Lewandowski, B., Paffenroth, R., & Campbell, K. Improving Network Intrusion Detection Using Autoencoder Feature Residuals. 4th International Conference on Data Intelligence and Security (ICDIS), Shenzhen, China, 2022, pp. 31-39. DOI: 10.1109/ICDIS55630.2022.00013.

Rabii, A., Assoul, S., Touhami, K., & Roudies, O. Information and cyber security maturity models: a systematic literature review. Information & Computer Security, 2020, vol. 28, no. 4, pp. 627-644. DOI: 10.1108/ICS-03-2019-0039.

Parhizkari, S. Anomaly Detection - Recent Advances, AI and ML Perspectives and Applications, 2024. 168 p. DOI: 10.5772/intechopen.110988.