Pemodelan Attack Tree Pada Spear Phishing Attack di Instansi Publik dengan Metrik Granularitas Data

Anisa Wahyu Pratiwi; A. Widjajarto; Avon Budiyono

doi:10.47065/josh.v6i3.5876

Anisa Wahyu Pratiwi * Universitas Telkom, Bandung, Indonesia
A. Widjajarto Universitas Telkom, Bandung, Indonesia
Avon Budiyono Universitas Telkom, Bandung, Indonesia

(*) Corresponding Author

DOI: https://doi.org/10.47065/josh.v6i3.5876

Keywords: Spear Phishing Attack; Social Engineering; Open Source Intelligence (OSINT); Attack Tree; Data Granularity Metric

Abstract

Data security is important to protect personal and sensitive information. Data leakage cases that have occurred in Indonesia have recorded that 80% of Indonesian citizens' data is sold on dark forums (dark web), this will certainly cause losses to individuals and organizations. Factors that cause data leaks can be the lack of security protocols, direct attacks, or phishing attacks. One type of phishing attack that targets more specific individuals is called a spear phishing attack. This research aims to identify potential data leakage from public data in public institutions by formulating an attack tree based on the Data Flow Diagram (DFD) of a spear phishing attack using data granularity metrics with a combination of attacks from Open Source Intelligence (OSINT) tools, social engineering tools, and email spoofing. This research generates and compares four attack tree models with no attack launching or exploitation. First OSINT TheHarvester, social engineering SEToolkit, and email spoofing. Second OSINT Metagoofil, social engineering ZPhisher, and email spoofing. Third OSINT Recon-ng, social engineering SEToolkit, and email spoofing. The fourth OSINT Snov.io, social engineering ZPhisher, and email spoofing. Spear phishing attack using OSINT Snov.io is the best attack combination because it has varied data details, namely getting five types of data and a high level of data granularity with a total of 367 data so that there are more opportunities to carry out attack planning and security analysis.

Downloads

Download data is not yet available.

References

Y. Yuliadarnita, M. Febriansyah, A. Wijaya, Y. Apridiansyah, dan R. Toyib, “Analisis Komparatif Aplikasi Open Source Intelligence Berbasis Website dengan Tools Osint Command Line Kominfo Bengkulu,” Jurnal Media Infotama, vol. 19, no. 2, hlm. 256–263, Okt 2023, doi: 10.37676/jmi.v19i2.3944.

W. Febriyani, D. Fathia, A. Widjajarto, dan M. Lubis, “Security Awareness Strategy for Phishing Email Scams: A Case Study One of a Company in Singapore,” JOIV : International Journal on Informatics Visualization, vol. 7, no. 3, hlm. 808–814, Sep 2023, doi: 10.30630/joiv.7.3.2081.

R. Milafebina, I. Putra Lesmana, dan M. R. Syailendra, “Perlindungan Data Pribadi terhadap Kebocoran Data Pelanggan E-commerence di Indonesia”, 2023, doi: https://doi.org/10.33648/jtm.v4i1.331.

M. P. Aji, “Sistem Keamanan Siber dan Kedaulatan Data di Indonesia dalam Perspektif Ekonomi Politik (Studi Kasus Perlindungan Data Pribadi) [Cyber Security System and Data Sovereignty in Indonesia in Political Economic Perspective],” Jurnal Politica Dinamika Masalah Politik Dalam Negeri dan Hubungan Internasional, vol. 13, no. 2, hlm. 222–238, Jan 2023, doi: 10.22212/jp.v13i2.3299.

S. Parulian, D. A. Pratiwi, dan M. Cahya Yustina, “Ancaman dan Solusi Serangan Siber di Indonesia,” 2021

M. A. B. Dewanto, M. Fathurrahman, D. R. Firdaus, dan A. Setiawan, “Penipuan Penambah Followers Instagram: Analisis Serangan Phising dan Dampaknya pada Keamanan Data,” Journal of Internet and Software Engineering, vol. 1, no. 4, hlm. 11, Jun 2024, doi: 10.47134/pjise.v1i4.2672.

R. E. P. R. Palaloi dan R. Rahman, “Analisis dan Pencegahan Serangan Sosial Engineering Pada Jaringan Komputer Studi Kasus Penipuan Investasi Crypto,” Jurnal Riset Sistem Informasi, vol. 1, no. 3, hlm. 08–16, Jul 2024, doi: 10.69714/8b7xtv35.

A. Arizal, Dendi Risman Saputra, dan Girinoto, “Investigasi Insiden Kebocoran Data Menggunakan Integrasi Melalui Pendekatan Open Source Intelligence dan Detection Maturity Level Model,” Info Kripto, vol. 17, no. 3, Des 2023, doi: 10.56706/ik.v17i3.86.

H. B. Setiawan, & Fatma, dan U. Najicha, “Perlindungan Data Pribadi Warga Negara Indonesia Terkait dengan Kebocoran Data,” Jurnal Kewarganegaraan, vol. 6, no. 1, 2022.

K. Z. Ansyafa, M. Fajarudin, M. Fadhil, dan S. N. Neyman, “Analisis Keamanan Media Sosial terhadap Serangan Phising Online menggunakan Metode Zphisher dan Social Engineering Toolkit,” Journal of Internet and Software Engineering, vol. 1, no. 4, hlm. 10, Jun 2024, doi: 10.47134/pjise.v1i4.2641.

Sutarti, Siswanto, dan A. Bachtiar, “Analisis Web Phishing Menggunakan Metode Network Forensic dan Block Access Situs dengan Router Mikrotik,” PROSISKO: Jurnal Pengembangan Riset dan Observasi Sistem Komputer, vol. 10, no. 1, hlm. 71–83, Agu 2023, doi: 10.30656/prosisko.v10i1.7048.

Yusuf Raharja, “Implementasi Metode Osint untuk Mengidentifikasi Serangan Judi Online pada Website,” Jurnal Informatika Polinema, vol. 10, no. 3, hlm. 359–364, Mei 2024, doi: 10.33795/jip.v10i3.4847.

A. Harbani dan A. Sidiyantoro, “Implementasi Simple Mail Transfer Protocol Relay Pada Mail Gateway Untuk Menentukan Konten Email Spam,” Jurnal Ilmiah Teknologi-Informasi & Sains, vol. 12, hlm. 57–66, 2022, doi: 10.36350/jbs.v12i1.

I. P. A. Pratama Eka, “Smart Security Risk Management pada Bali Smart Island menggunakan OSINT, OTGv4.2, dan ISO 310002018,” Jurnal Teknologi Informasi Komunikasi (e-Journal), vol. 10, 2023.

N. K. A. T. Wahyuni, Putu Putri Cahayani, I Gusti Ngurah Yogi Wicaksana, dan Ida Ayu Kadek Bintang Wijayanti, “Analisis Kerentanan Kejahatan Online Phising Menggunakan Tools Zphiser, Shellphish dan Whphisher,” Jurnal Teknik Mesin, Elektro dan Ilmu Komputer, vol. 3, no. 1, hlm. 23–31, Mar 2023, doi: 10.55606/teknik.v3i1.915.

S. Wahyuni, I. M. Raazi, dan I. Dwitawati, “Analisis Teknik Penyerangan Phishing Pada Social Engineering Terhadap Keamanan Informasi di Media Sosial Profesional Menggunakan Kombinasi Black Eye dan Setoolkit,” Jurnal Nasional Komputasi dan Teknologi Informasi (JNKTI), vol. 5, no. 1, hlm. 49–55, Feb 2022, doi: 10.32672/jnkti.v5i1.3962.

H. Ahmadian dan A. Sabri, “Teknik Penyerangan Phishing Pada Social Engineering Menggunakan SET dan Pencegahannya,” Djtechno Jurnal Teknologi Informasi, vol. 2, no. 1, hlm. 13–20, Jul 2021, doi: 10.46576/djtechno.v2i1.1251.

M. Haidar Bagir, B. E. Putro, J. Pasir, dan G. Cianjur, “Analisis Perancangan Sistem Informasi Pergudangan di CV. Karya Nugraha,” Jurnal Media Teknik & Sistem Industri, vol. 2, no. 1, hlm. 20–29, 2018

L. Kuipers, “Analysis of Attack Trees: fast algorithms for subclasses,” 2020.

D. Cirillo, I. Núñez‐Carpintero, dan A. Valencia, “Artificial intelligence in cancer research: learning at different levels of data granularity,” Mol Oncol, vol. 15, no. 4, hlm. 817–829, Apr 2021, doi: 10.1002/1878-0261.12920.

Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel Pemodelan Attack Tree Pada Spear Phishing Attack di Instansi Publik dengan Metrik Granularitas Data