Title Porast rizika od kibernetičkih napada u odnosu na svijest o potencijalnim posljedicama Title (english) Increased risk of cyber threats in relation with awareness of potential consequences Author Ivana Jergan Mentor Mario Spremić (mentor)Committee member Božidar Jaković (član povjerenstva)Committee member Dalia Suša Vugec (član povjerenstva)Granter University of Zagreb Defense date and country 2024-09-17, Croatia Scientific / art field, SOCIAL SCIENCES Abstract Cilj ovoga rada prikazati je porast razine prijetnja kibernetičkih napada na svim razinama funkcioniranja današnjeg društva - od zabavnih sadržaja društvenih mreža i računalnih igara do ozbiljnih ugroza poduzeća pa čak i nacionalne sigurnosti. Iako je spektar napada širok i mogu ga izvesti i manje vješti pojedinci, svijest o zaštiti i dalje je na niskoj razini. Razvoj društva ne prati razvoj tehnologije te ono što predstavlja moćan alat za digitalizaciju procesa i napredak društva i njegova poslovanja, u krivim rukama vrlo brzo postaje moćno oružje. Većoj sigurnosti i održavanju pozitivnog aspekta primjene digitalizacije u poslovanju i društvu doprinostimo ulaganjem u edukaciju i preventivne mjere. U ovome radu obrađuju se dva slučaja kibernetičkih napada. Prvi je slučaj prošlogodišnji napad na MOVEit platformu za prijenos datoteka koji je pogodio milijune korisnika, a financijska šteta još se uvijek broji. MOVEit je platforma koja pruža nekoliko vrsta usluga sigurnog prijenosa podataka i koriste ju tisuće korisnika iz različitih sektora poslovanja za pohranu i prijenos povjerljivih podataka. Platforma se suočila s ranjivosti nultog dana koje je iskoristila grupa Cl0p i ukrala mnoge osjetljive podatke za koje traži otkupninu. U radu se obrađuju pitanja uzroka napada, mogućnosti preventivnog djelovanja za sprječavanje napada i minimizaciju nastale štete. Drugi slučaj usmjeren je na ranjivost fizičkih osoba. Mnogo je vrsta napada usmjerenih na fizičke osobe s ciljem krađe identiteta, otuđivanjem financijskih sredstava i dr. Društveni inženjering, phishing, smishing, porezne prijevare (engl. tax frauds), prijevare dobrotvornih aktivnosti (engl. charity frauds), upoznavanje putem interneta (engl. online dating) samo su neke od prijetnji fizičkim osobama. U radu se obrađuje slučaj prevare korisnice društvene mreže Instagrama Anite Sikme kojoj se prevarant predstavio kao bliska prijateljica koja ne može pristupiti svojem računu i tako ju naveo da omogući pristup svojem računu koji je ubrzo postao inkriminiran. Slučaj je izabran s ciljem povećanja svjesnosti rizika kojem su izloženi svi korisnici interneta bez iznimke, a pogotovo korisnici društvenih mreža jer ih većina nije svjesna da naizgled bezazlene aktivnosti mogu uzrokovati ozbiljne posljedice.
Abstract (english) The aim of this graduate thesis is to show the increase in the level of threats of cyberattacks at all levels of the functioning of today's society - from entertainment content of social networks and computer games to serious threats to companies and even national security. Although the spectrum of attacks is wide and can also be carried out by less skilled individuals, protection awareness is still at a low level. The development of society is not accompanied by the development of technology, and what represents a powerful tool for the digitization of processes and the progress of society and its business, very quickly becomes a powerful weapon in the wrong hands. We contribute to greater security and maintaining the positive aspect of digitization in business and society by investing in education and preventive measures. This thesis deals with two cases of cyberattacks. The first case was last year's attack on the MOVEit file transfer platform, which affected millions of users and the financial damage is still counting. MOVEit is a platform that provides several types of secure data transmission services and is used by thousands of users from different business sectors to store and transmit confidential data. The platform faced a zero-day vulnerability exploited by the Cl0p group and stole many sensitive data for which is demanded ransom. The thesis deals with the issues of the cause of the attack, the possibility of preventive action to prevent the attack and the minimization of the resulting damage. The second case focuses on the vulnerability of individuals. There are many types of attacks directed at individuals with the aim of identity theft, stealing of financial resources, etc. Social engineering, phishing, smishing, tax frauds, charity frauds, online dating are just some of the threats to individuals. The thesis deals with the case of fraud commited to Instagram social network user Anita Sikma, to whom the fraudster introduced as a close friend who cannot access her account and thus led her to provide access to her account, which soon became incriminated. The case was chosen with the aim of increasing awareness of the risk to which all Internet users are exposed, without exception, especially social network users because most of them are not aware that seemingly harmless activities can cause serious consequences.
Keywords
Sigurnost
tehnologija
digitalizacija
svijest
kibernetički napad
Keywords (english)
Security
technology
digitalization
awareness
cyber attack
Language croatian URN:NBN urn:nbn:hr:148:276766 Study programme Title: Electronic business in private and public sector Type of resource Text File origin Born digital Access conditions Access restricted to students and staff of home institution Terms of use Created on 2024-09-17 14:40:32
