International Journal of Advances in Engineering and Management (IJAEM)

Volume 5, Issue 7 July 2023, pp: 434-444 www.ijaem.net ISSN: 2395-5252

Hacking Techniques and Future Trend:

Social Engineering (Phishing) and Network
Attacks (DOS/DDOS)
Teoh Chun Hwung1, Mohamad Fadli Zolkipli2
1 Awang Had Salleh Graduate School, School of Computing, Universiti Utara Malaysia, Kedah, Malaysia
2 School of Computing,Universiti Utara Malaysia,Kedah, Malaysia..

----------------------------------------------------------------------------------------------------------------------------- ----------
Date of Submission: 10-07-2023 Date of Acceptance: 20-07-2023
------------------------------------------------------------------------------------------------------------------------- --------------
ABSTRACT: The world of social engineering, attacks, ultimately ensuring a secure digital
specifically phishing, and network attacks, with a environment for individuals and organizations alike.
focus on understanding the hacking techniques KEYWORDS:social engineering, hacking
employed and exploring the future trends in these techniques, network attacks, vulnerabilities,
domains. It examines the significance of social Mitigation strategies, countermeasures, emerging
engineering in exploiting human psychology and trends, Internet of Things
manipulating individuals to divulge sensitive
information, emphasizing the growing threat of I. INTRODUCTION
phishing attacks. Additionally, investigates In today's interconnected world,
community attacks including denial-of-provider the rapid advancement of technology has brought
(DoS) and allotted denial-of-carrier (DDoS) about numerous opportunities, but it has also given
assaults, losing light on their disruptive nature and rise to significant security risks and threats. The
the potential effects for organizations. Mitigation statistics provided by Cybersecurity Malaysia's
strategies and countermeasures to protect against MyCert indicate a concerning increase in reported
these attacks are discussed, highlighting the incidents across various categories of cyber
importance of proactive defence mechanisms and threats[1].
robust security measures. Besides that, explores the Examining the most recent data available
rising traits in healthcare Internet of Things (IoT) for the year 2023 (from January to May), we
networks, analyzing the vulnerabilities and observe that the total reported incidents stand at
protection challenges they present, especially within 2,363, indicating a potential continuation of the
the context of the COVID-19 trend. Notably, categories like fraud (1,509 cases)
pandemic.Furthermore, emphasizing the need for and malicious codes (259 cases) are prominently
continuous research, collaboration, and the featured, underscoring the persistent nature of these
implementation of effective security measures to threats[1].
safeguard against social engineering and network

Figure 1: General Incident Classification Statistics 2023 (Jan-May)[1]

DOI: 10.35629/5252-0507434444 |Impact Factorvalue 6.18| ISO 9001: 2008 Certified Journal Page 434
 International Journal of Advances in Engineering and Management (IJAEM)
Volume 5, Issue 7 July 2023, pp: 434-444 www.ijaem.net ISSN: 2395-5252

These statistics highlight the pressing need proliferation of social engineering, phishing, and
to understand and address the hacking techniques network attacks. These strategies exploit human
that cybercriminals employ to exploit vulnerabilities vulnerabilities and manage pc structures to
in both technological infrastructure and human advantage unauthorized get right of entry to
behaviour. sensitive data and sources.
Cybercriminals have become increasingly Analyzing General Incident Classification
sophisticated, utilizing the internet to carry out Statistics for the years 2021 and 2022 reveals the
cyber-attacks, often targeting technological magnitude of the problem. In 2021, a total of 10,016
infrastructure and exploiting human weaknesses[2]. incidents were reported, with categories such as
The dissemination of big data and the pursuit of fraud (7,098 cases) and malicious codes (648 cases)
competitive advantages have further incentivized being particularly prevalent. While there was a
these activities [3]. Importantly, the weak link often decrease in reported incidents in 2022, with a total
lies with users themselves, making them susceptible of 7,292 cases, threats such as fraud (4,741 cases)
targets for exploitation [4]. and malicious codes (1,023 cases) remained
The sizeable adoption of statistics and significant concerns [1].
communique technology has extended the risk
panorama, particularly thru avenues which include B. SOCIAL ENGINEERING AND PHISHING
social engineering attack (SE) and denial-of-carrier Social engineering encompasses a number
(DoS) attack[5][6]. DoS attacks aim to render strategies hired to misinform people into revealing
network resources and systems unavailable, private statistics or acting harmful moves. Phishing,
disrupting connectivity and impeding access for a specific sort of social engineering attack, entails
legitimate users [7]. These attacks can exhaust the use of fraudulent emails or text messages
critical resources and bring entire systems to a halt impersonating legitimate resources like banks or
[8]. credit score card organizations. These deceptive
Understanding the mechanisms and communications often prompt victims to click on
implications of hacking techniques such as social malicious links or attachments, leading to malware
engineering (phishing) and network attacks installation or redirection to fake websites for the
(DoS/DDoS) is crucial for individuals and purpose of stealing personal information [9].
organizations to effectively protect themselves in an DoS attacks aim to render computer
evolving cybersecurity landscape. By examining systems or network resources inaccessible to
these techniques and their future trends, this legitimate users. Attackers achieve this by
research paper aims to provide valuable insights and overwhelming targets with excessive traffic or
recommend mitigation strategies to combat these exploiting software vulnerabilities. Distributed
threats effectively. denial-of-service (DDoS) attacks, on the other hand,
In conclusion, as cyber threats continue to employ multiple computers, typically controlled by
proliferate, it is imperative to comprehend the a single attacker through a botnet, to launch the
hacking techniques used by malicious actors and attack [10].
remain vigilant against evolving trends. By
exploring the various aspects of social engineering C. IMPLICATIONS AND CASE STUDIES
and network attacks, this research paper seeks to Social engineering, phishing, and network
contribute to the understanding of cybersecurity attacks have had severe repercussions in Malaysia,
challenges and foster a proactive approach to including substantial financial losses, theft of
protecting digital assets and personal information. personal data, and disruptions to critical
infrastructure. A notable social engineering incident
II. LITERATURE REVIEW is the 2020 Maybank data breach, where hackers
A. BACKGROUND gained unauthorized access to Maybank's systems
The field of cybersecurity has undergone [11]. Millions of customers' personal facts, such as
significant transformations in recent decades, driven credit card numbers and Social Security numbers,
by the evolving motivations and tactics of hackers. were compromised. AirAsia was the subject of a
Initially pushed via curiosity or a preference to DDoS assault in March 2019 that lasted for a
showcase technical abilities, hackers have number of hours. Customers found it challenging to
increasingly more shifted toward malicious make airline reservations or check in for flights as a
activities including facts theft, denial-of-services result of the attack on AirAsia's website and mobile
(DoS) attacks, and malware deployment. app [12].
In Malaysia, one of the foremost challenges
faced by cybersecurity professionals relates to the

DOI: 10.35629/5252-0507434444 |Impact Factorvalue 6.18| ISO 9001: 2008 Certified Journal Page 435
 International Journal of Advances in Engineering and Management (IJAEM)
Volume 5, Issue 7 July 2023, pp: 434-444 www.ijaem.net ISSN: 2395-5252

D. MITIGATION STRATEGIES AND and networks.. Understanding these techniques is

COUNTERMEASURES crucial for comprehending the evolving landscape of
In order to address the risks presented by cybersecurity threats.
social engineering, phishing, and network attacks, One outstanding hacking method is social
several strategies and countermeasures have been engineering, which exploits human psychology to
identified. One approach is user awareness training, misinform and manipulate individuals into revealing
which involves educating individuals about the risks sensitive information or performing certain moves.
associated with these types of attacks. By increasing Social engineering attacks often leverage various
their knowledge and understanding, individuals are psychological techniques to gain the trust of
better equipped to recognize and avoid potential unsuspecting victims. Phishing is a common social
threats [13]. engineering attack where attackers send fraudulent
Another effective countermeasure is the emails or messages that appear like from legitimate
implementation of multi-factor authentication. This resources, tricking recipients into divulging non-
approach calls for customers to provide more than public information or visiting fake websites.
one sorts of identity, such as passwords and safety Pretexting involves creating a false scenario to gain
codes, to gain get admission to sensitive information the victim's trust, while a watering hole attack
or systems. By adding this additional layer of targets specific websites or online communities to
security, organizations can significantly strengthen infect them with malware. Additionally, quid pro
their defences against unauthorized access attempts quo attacks offer something desirable to victims in
[14]. exchange for their personal information, and baiting
To avoid denial-of-service (DoS) and involves leaving enticing objects or media in public
distributed denial-of-service (DDoS) attacks, traffic places to tempt individuals into accessing malicious
filtering and rate limiting measures can be websites.
employed. Firewalls and intrusion detection systems Another category of hacking techniques is
can be used to filter out malicious traffic, reducing network attacks, which exploit vulnerabilities within
the likelihood of successful attacks. Additionally, network systems. Denial-of-Service (DoS) attack
implementing rate limiting controls can restrict the intention to render a specific device or network
volume of traffic that can be directed towards unavailable via overwhelming it with immoderate
specific systems or networks, further enhancing site visitors, making it incapable of responding to
defense mechanisms against DoS and DDoS valid requests. Distributed Denial-of-Service
attacks[15]. (DDoS) attacks, a more sophisticated variation,
Network monitoring performs a critical involve multiple computers coordinating to launch
role in figuring out and mitigating capacity DoS and simultaneous attacks, making them even more
DDoS attacks. Constantly monitoring network challenging to mitigate. Furthermore, social
traffic allows for the timely detection of suspicious engineering attacks are often employed in network
activities, enabling organizations to take immediate attacks, using deceptive methods such as phishing
action to mitigate the threats. emails to compromise network security and steal
sensitive information.
E. SUMMARY OF KEY FINDINGS Exploiting software vulnerabilities is
Social engineering, phishing, and network another prevalent hacking technique. Hackers
attacks pose an increasing threat to individuals, actively seek weaknesses in various software,
organizations, and society in Malaysia. These including operating systems and web applications,
attacks can have significant financial, operational, to gain unauthorized access to computer systems.
and reputational consequences for the victims Buffer overflow attacks occur when an attacker
involved. However, implementing the appropriate overwhelms a buffer with excessive data, which can
strategies and countermeasures discussed above can overwrite other memory locations and enable the
assist organizations in Malaysia in mitigating the execution of arbitrary code on the system. Cross-
risks associated with these attacks, enhancing their Site Scripting (XSS) attacks inject malicious code
overall security posture and protecting against into web pages, exploiting vulnerabilities in web
potential damage. applications to steal sensitive information or
compromise user sessions. Given the complexity of
III. LITERATURE REVIEW software and the ever-evolving nature of
A. OVERVIEW OF HACKING TECHNIQUES vulnerabilities, maintaining up-to-date software
Hacking techniques embody an extensive versions, applying security patches, and
range of techniques utilized by malicious actors to implementing robust firewall and security software
benefit unauthorized access to computer structures

DOI: 10.35629/5252-0507434444 |Impact Factorvalue 6.18| ISO 9001: 2008 Certified Journal Page 436
 International Journal of Advances in Engineering and Management (IJAEM)
Volume 5, Issue 7 July 2023, pp: 434-444 www.ijaem.net ISSN: 2395-5252

are crucial in safeguarding systems against such giving up their personal information or clicking on
attacks. malicious links [16].Some of the most common
Malware, including Advanced Persistent social engineering attack techniques are phishing,
Threats (APTs), represents another significant pretexting, watering hole attack, quid pro quo and
hacking technique. Malware refers to malicious baiting.
software designed to compromise computer systems Phishing is a sort of email scam that is
or networks. APTs are a particularly sophisticated designed to appear to be its miles from a valid
form of malware tailored to target specific source, including a financial institution or credit
organizations or individuals. Viruses replicate card business enterprise. The email will regularly
themselves and propagate across computer systems, comprise a hyperlink that, whilst clicked, will take
causing damage such as file deletion, data the victim to a fake internet site that looks as if the
corruption, and operational disruption. Worms, on real website. Once the sufferer enters their private
the other hand, autonomously spread through facts at the fake website, the attacker can thieve it.
networks, exploiting vulnerabilities to consume Pretexting is a sort of social engineering
bandwidth, compromise performance, and attack wherein the attacker creates a fake scenario
compromise the security of connected devices. that allows you to benefit the victims believe. For
Trojans, named after the deceptive wooden horse in example, the attacker might pose as a customer
Greek mythology, masquerade as legitimate files or service consultant from an agency and call the
programs and, once activated, can carry out various victim, claiming that there is a problem with their
malicious actions, including installing additional account. The attacker will then ask the victim for
malware, creating backdoors for unauthorized non-public information, which includes their Social
access, or compromising system security and Security number or credit card number.
stability. Ransomware, a highly destructive form of A watering hole attack is a form of social
malware, encrypts files on victims' systems, engineering attack in which the attacker objectives a
rendering them inaccessible and demanding a specific internet site or online community. The
ransom payment for their restoration. Ransomware attacker will then infect the website or network with
attacks can cause significant financial losses, malware. When victim go to the internet site or
operational disruptions, and compromised data community, they may be infected with the malware.
security. A quid pro quo attack is a type of social
APTs, on the other hand, are often more engineering attack wherein the attacker offers the
sophisticated than traditional malware. They employ sufferer something in alternate for his or her private
a range of techniques to gain access to target data. For instance, the attacker might provide the
systems, such as spear phishing, where tailored sufferer an unfastened gift or a reduction in
emails are sent to specific individuals to deceive exchange for their electronic mail address or phone
them into revealing sensitive information, watering number.
hole attacks, which exploit trusted websites Baiting is a form of social engineering
frequented by the target, and zero-day exploits, attack wherein the attacker leaves a bait, such as a
taking advantage of previously unknown USB pressure or a chunk of paper with a hyperlink
vulnerabilities. APTs can remain undetected for on it, in a public area. When a person picks up the
extended periods while conducting reconnaissance, bait and clicks on the link, they'll be taken to a
exfiltrating data, or carrying out other malicious malicious website.
activities.
These hacking techniques is essential for C. NETWORK ATTACK
organizations and individuals to enhance their Network attack techniques are a broad
cybersecurity defenses. By staying informed about category of hacking techniques that involve
the tactics employed by hackers, implementing exploiting vulnerabilities in network systems. These
robust security measures, educating users about techniques can be used to disrupt network traffic,
potential threats, and maintaining up-to-date steal data, or gain unauthorized access to a
software and system patches, individuals and network[17].
organizations can mitigate the risks posed by these One of the most common community
hacking techniques and ensure the security and assault techniques is a denial-of-service (DoS)
integrity of their computer systems and networks. attack. A DoS attack is a try to make a computer
device or network unavailable to its supposed
B. SOCIAL ENGINEERING TECHNIQUES customers. DoS attack generally contain flooding
Social engineering is a type of hacking that the goal with so much traffic that it's far not able to
relies on human psychology to trick victims into reply to valid requests.

DOI: 10.35629/5252-0507434444 |Impact Factorvalue 6.18| ISO 9001: 2008 Certified Journal Page 437
 International Journal of Advances in Engineering and Management (IJAEM)
Volume 5, Issue 7 July 2023, pp: 434-444 www.ijaem.net ISSN: 2395-5252

A more sophisticated form of DoS attack is Another type of malware which is worms,
a distributed denial-of-service (DDoS) attack. A are distinct from viruses in that they can spread
DDoS attack involves multiple computers attacking autonomously through computer networks without
the target simultaneously. DDoS attacks can be requiring human intervention. Worms exploit
much more difficult to defend against than DoS vulnerabilities in network protocols or software to
attacks. infiltrate and infect connected devices. Once inside
a system, they can consume substantial amounts of
D. EXPLOITING SOFTWARE bandwidth, congest network resources, and
VULNERABILITIES compromise the performance of both local and
Software vulnerabilities are one of the most remote machines. Furthermore, worms may also
common ways that hackers gain access to computer engage in unauthorized data exfiltration, stealing
systems. These vulnerabilities can be found in all sensitive information such as passwords or personal
types of software, from operating systems to web data, which can result in severe privacy breaches
applications. Once a hacker finds a vulnerability, and financial losses.
they can exploit it to gain unauthorized access to the Trojans, named after the deceptive wooden
system [18]. horse in Greek mythology, are a particularly
One of the most common ways that treacherous form of malware. They disguise
attackers exploit software vulnerabilities is through themselves as legitimate files or programs, often
buffer overflow attacks. A buffer overflow attack enticing users to download or execute them
occurs when too much data is written to a buffer, unknowingly. Once activated, Trojans can carry out
which can overwrite other memory locations. This a range of malicious actions, including installing
can allow the attacker to execute arbitrary code on additional malware, creating backdoors for
the system. unauthorized access, or initiating unauthorized
Another common way that attackers exploit processes that may compromise the security and
software vulnerabilities is through cross-site stability of the infected system. Due to their ability
scripting (XSS) attacks. XSS attacks occur when to deceive users and remain undetected, Trojans
malicious code is injected into a web page. This pose significant risks to the confidentiality,
code can then be executed by the victim's browser, integrity, and availability of data and resources.
which can allow the attacker to steal cookies or Ransomware has gained significant
other sensitive information. notoriety in recent years as a highly destructive form
Software vulnerabilities can be very difficult to find of malware. This form of malicious software
and fix. This is because software is often complex program encrypts files and information on a victim's
and there are many different ways that it can be pc device, rendering them inaccessible and
used. unusable. Cybercriminals at the back of ransomware
attacks then demand a ransom payment, usually in
E. MALWARE AND ADVANCED PERSISTENT cryptocurrency, in change for supplying the
THREATS (APTS) decryption key or device to repair the compromised
Malware is a form of software that is files. Ransomware attack could have devastating
designed to damage a pc device or community. It effects for people, corporations, and even vital
can be used to steal data, deploy backdoors, or infrastructure structures, causing sizeable economic
disrupt operations. APTs are a sort of malware that losses, disruption of operations, and compromised
is mainly designed to goal specific companies or statistics protection. The exponential rise of
individuals. They are frequently very state-of-the-art ransomware attacks has made cybersecurity
and tough to discover.[19]. awareness and preventive measures more crucial
Among this, viruses are a form of than ever to mitigate the risks and protect against
malicious software, commonly known as malware, these malicious threats.
that possess the ability to replicate themselves and APTs are often more sophisticated than
propagate from one computer to another. Their traditional malware. They may use a variety of
primary purpose is to cause harm and disruption to techniques to gain access to a target system, such as
the infected systems. Viruses can inflict damage in spear phishing, watering holes, or zero-day exploits.
various ways, such as deleting important files, Once they have gained access, they may remain
corrupting data, or interfering with the normal undetected for long periods of time while they
functioning of computer operations. These actions gather information or carry out malicious activities.
can lead to significant consequences, including loss
of valuable information, system instability, and
compromised security.

DOI: 10.35629/5252-0507434444 |Impact Factorvalue 6.18| ISO 9001: 2008 Certified Journal Page 438
 International Journal of Advances in Engineering and Management (IJAEM)
Volume 5, Issue 7 July 2023, pp: 434-444 www.ijaem.net ISSN: 2395-5252

IV. FUTURE HACKING TREND hacking. Once an attacker gains access to an IoT
A. ARTIFICIAL INTELLIGENCE (AI) AND device, a wide array of malicious activities can be
MACHINE LEARNING (ML) IN HACKING carried out. These include launching Distributed
Artificial Intelligence (AI) and Machine Denial-of-Service (DDoS) attacks, where the
Learning (ML) have emerged as significant attacker overwhelms a target server with excessive
technological advancements with potential traffic, rendering it inaccessible to legitimate users.
implications for hacking techniques and future Additionally, attackers can pilfer sensitive data,
trends. The recent developments in AI have sparked ranging from personal information to financial
discussions on the consequences of deploying AI records, stored within IoT devices. Moreover, they
systems in various domains, including the realm of can commandeer compromised devices to assemble
hacking. botnets—networks of infected computers under the
The workers' perspectives on AI systems in attacker's control.
the context of hacking reflect a realistic Exploiting IoT devices is poised to become
understanding of the technology. The AI systems as a prevalent hacking trend in the future, driven by
powerful tools rather than collaborators or partners. several factors. Firstly, the number of IoT devices is
They acknowledge the potential benefits of AI in projected to skyrocket in the coming years,
augmenting human capabilities, such as assisting providing hackers with an expanded pool of
with decision-making processes and analyzing large potential targets. Secondly, the growing complexity
amounts of information efficiently. However, AI of IoT networks poses a significant challenge to
systems as having the ability to truly cooperate or securing them effectively, leaving vulnerabilities
collaborate with humans on a human-to-human ripe for exploitation. Lastly, the increased
level, which echoes the limitations of earlier human- integration of IoT devices in critical infrastructure,
machine cooperation models. As AI continues to such as power grids and transportation systems,
evolve, it is essential to consider the implications of amplifies the risk of impactful and far-reaching
AI and ML in the field of hacking. The primarily attacks [21].
focused on workers' perspectives in France and
specific domains, it sheds light on the realistic view C. MOBILE DEVICE EXPLOITATION
of AI systems as tools and the need for Mobile devices have become an integral
understanding their outputs, explainability, and part of our daily lives, providing us with instant
trustworthiness [20] .These factors play a crucial connectivity and access to a wealth of information.
role in determining the adoption and utilization of As technology continues to evolve, so do the
AI systems in hacking practices. methods employed by hackers to exploit
In workers' viewpoints and experiences vulnerabilities in mobile devices. Understanding and
regarding AI systems in hacking is vital for preparing for future hacking trends in mobile device
anticipating future hacking trends and developing exploitation is crucial in ensuring the security of our
effective countermeasures. By considering the personal and sensitive information [22].
potential benefits and limitations of AI and ML in The widespread use of smartphones and
hacking, policymakers, researchers, and tablets, hackers are increasingly focusing on
cybersecurity professionals can develop developing sophisticated malware specifically
comprehensive strategies to mitigate the emerging designed for mobile platforms. These malicious
risks associated with the use of AI-powered hacking programs can compromise a device's security, steal
techniques. sensitive data, or even gain unauthorized access to
personal information. As mobile operating systems
B. INTERNET OF THINGS (IOT) become more complex, hackers are finding new
EXPLOITATION ways to exploit vulnerabilities, making it essential
In the realm of cybersecurity, a prominent for mobile users to remain vigilant and employ
trend on the horizon is the exploitation of Internet of robust security measures.
Things (IoT) devices. The IoT, a burgeoning Social engineering attacks have been a
network of interconnected physical objects linked to prevalent hacking technique, and they are expected
the internet, holds vast potential for transforming to grow in the realm of mobile device exploitation.
various industries. However, alongside its benefits, Hackers often employ psychological manipulation
the IoT also introduces new security vulnerabilities. to deceive users into divulging sensitive information
Among these vulnerabilities is the ease or installing malicious applications. This trend is
with which IoT devices can be compromised. likely to continue as hackers leverage the increasing
Oftentimes, these devices suffer from inadequate reliance on mobile devices for various online
security measures, rendering them susceptible to activities. It is crucial for users to be cautious when

DOI: 10.35629/5252-0507434444 |Impact Factorvalue 6.18| ISO 9001: 2008 Certified Journal Page 439
 International Journal of Advances in Engineering and Management (IJAEM)
Volume 5, Issue 7 July 2023, pp: 434-444 www.ijaem.net ISSN: 2395-5252

interacting with unsolicited messages, links, or associated with these evolving social engineering
requests for personal information, even on trusted tactics.
platforms. The rise of deepfake technology and
The rise of mobile banking and digital artificial intelligence (AI), hackers may exploit these
payment systems, hackers are shifting their focus tools to deceive individuals and manipulate their
towards exploiting vulnerabilities in these platforms. behaviour. Deepfakes are synthetic media, such as
Mobile devices often store financial data and videos or audio recordings, that are convincingly
payment credentials, making them lucrative targets altered to depict false information or events. In the
for cybercriminals. The future trend of mobile future, hackers might use deepfakes to impersonate
device exploitation will likely involve sophisticated trusted individuals, such as company executives or
attacks aimed at intercepting sensitive financial friends, and manipulate targets into divulging
information, compromising transaction security, or sensitive information or performing malicious
gaining unauthorized access to banking applications. actions. Combating these threats will require
Users must adopt robust security practices, such as advanced detection algorithms, increased media
two-factor authentication and regular software literacy, and critical thinking skills to identify and
updates, to mitigate these risks. verify authentic communication.
As the Internet of Things (IoT) continues to As social media platforms continue to play
expand, mobile devices are increasingly becoming a significant role in our lives, hackers are likely to
the central control hubs for various connected exploit psychological vulnerabilities associated with
devices. This integration creates new avenues for online interactions. Social media platforms provide
hackers to exploit vulnerabilities in mobile devices a wealth of personal information that can be
and gain unauthorized access to IoT networks. leveraged to manipulate individuals and influence
Future hacking trends in mobile device exploitation their actions. Future hacking trends may involve the
may involve attacks that compromise IoT devices, use of persuasive messaging, emotional
leading to privacy breaches or even the manipulation, or fake news to exploit individuals'
manipulation of critical infrastructure. Ensuring the trust and compromise their security. Users should be
security of mobile devices and implementing strong cautious about the information they share online,
encryption protocols will be vital to protect against exercise critical thinking, and employ privacy
such threats. settings to minimize the potential impact of such
psychological exploitation.
D. SOCIAL ENGINEERING AND The risk of insider threats and human
PSYCHOLOGICAL MANIPULATION manipulation within organizations is expected to
Social engineering and psychological grow in the future. Hackers may employ social
manipulation techniques have long been employed engineering techniques to exploit employees' trust,
by hackers to exploit human vulnerabilities in order coerce them into sharing sensitive information, or
to gain unauthorized access to sensitive information. gain unauthorized access to corporate systems. This
As technology advances, these techniques are can result in significant financial and reputational
expected to evolve and become even more damage. Organizations must implement robust
sophisticated. Understanding the future trends in security protocols, conduct regular employee
social engineering and psychological manipulation training, and enforce strict access controls to
is crucial in combating cyber threats and protecting mitigate the risks associated with insider threats and
individuals and organizations from malicious attacks human manipulation.
[23].
In the future, hackers are likely to leverage V. DISCUSSION
advanced personalization techniques to carry out A. SIGNIFICANCE OF SOCIAL ENGINEERING
highly targeted spear phishing attacks. By gathering (PHISHING) AND NETWORK ATTACKS
publicly available information from social media Phishing attacks have emerged as a
platforms and other sources, attackers can create significant and growing threat for organizations,
tailored messages that appear genuine and where deceptive messages are used to manipulate
trustworthy. These personalized phishing attempts individuals into revealing sensitive information or
increase the likelihood of individuals falling victim engaging in fraudulent activities. While IT
to such attacks, as the messages are designed to departments play a vital position in implementing
exploit their specific interests, affiliations, or institutional responses to mitigate these attacks, the
relationships. Individuals and organizations must choices and moves of person employees also play a
remain cautious and employ robust email filtering essential function in an business enterprise's
and security awareness training to mitigate the risks susceptibility to phishing attempt. Understanding

DOI: 10.35629/5252-0507434444 |Impact Factorvalue 6.18| ISO 9001: 2008 Certified Journal Page 440
 International Journal of Advances in Engineering and Management (IJAEM)
Volume 5, Issue 7 July 2023, pp: 434-444 www.ijaem.net ISSN: 2395-5252

the significance of social engineering (phishing) and C. EMERGING TREND AND FUTURE
network attacks is essential for organizations to CHALLENGES
develop effective strategies in combating these The field of hacking techniques, social
threats. engineering (phishing), and network attacks
Some employees possess a deep (DOS/DDOS) is constantly evolving, presenting
understanding of phishing techniques and associated emerging trends and future challenges. This section
risks, while others have limited knowledge in this discusses some of these trends and challenges,
area. This variation in awareness and competency highlighting the need for proactive measures and
highlights the importance of providing advancements in security practices.
comprehensive education and training to enhance The increasing use of healthcare Internet of
employees' ability to identify and respond Things (IoT) networks, there is a growing concern
appropriately to phishing attempts [24]. regarding their security and the protection of
To empower employees as collaborators in sensitive patient data. The COVID-19 pandemic has
an organization's anti-phishing efforts, it is crucial further emphasized the importance of leveraging
for organizations to embrace a range of educational healthcare IoT technologies for remote monitoring
initiatives. This includes providing non-expert users and care. However, these networks are susceptible
with more extensive education on organizational to cyberattacks due to vulnerabilities in
processes and the consequences of falling victim to communication protocols, authentication
phishing attacks. By enhancing employees' mechanisms, and medical devices. Future trends in
understanding of the potential impact of phishing, securing healthcare IoT networks involve the
organizations can foster a culture of vigilance and adoption of end-to-end encryption, robust
encourage proactive measures to counteract these authentication and authorization mechanisms, and
threats. the development of specialized security protocols.
Research efforts should focus on enhancing security
B. MITIGATION STRATEGIES FOR SOCIAL frameworks, exploring machine learning algorithms
ENGINEERING AND NETWORK ATTACKS for threat detection, and reducing the network
Social engineering and network attacks architecture and maintenance costs while ensuring
pose significant threats to individuals and optimal security outcomes [26].
organizations, necessitating effective mitigation Furthermore, social engineering
strategies. This section discusses various strategies techniques, such as phishing, continue to be a
to mitigate the risks associated with these attacks significant threat in the hacking landscape.
and protect against potential vulnerabilities [25]. Attackers exploit human vulnerabilities to deceive
individuals and gain unauthorized access to
One of the fundamental strategies in sensitive information. The emerging trend in social
combating social engineering attacks is to provide engineering attacks involves sophisticated
comprehensive education and training to employees. approaches, including personalized and targeted
By raising awareness about common attack phishing campaigns. To counter these threats,
techniques, such as phishing, pretexting, and organizations must continually educate and train
baiting, employees can recognize and avoid employees to recognize and respond effectively to
potential threats. Training should cover topics such social engineering attempts. Ongoing security
as identifying suspicious emails, verifying the awareness campaigns, simulated phishing exercises,
legitimacy of requests for sensitive information, and and regular communication channels with IT
maintaining strong password hygiene. Regular professionals are crucial mitigation strategies.
training sessions and simulated phishing exercises Future challenges lie in adapting to evolving social
can reinforce security practices and help employees engineering techniques and devising innovative
stay vigilant. methods to detect and prevent such attacks [27].
Furthermore, performing regular security As hacking techniques and network attacks
audits and assessments helps identify vulnerabilities continue to evolve, the field of cybersecurity must
in systems, networks, and applications that could be advance to stay ahead of cybercriminals. This
exploited by attackers. Vulnerability scans, involves continuous research and development of
penetration testing, and code reviews should be advanced threat detection and prevention
conducted to identify weaknesses and promptly mechanisms, leveraging artificial intelligence and
address them. Additionally, staying up to date with machine learning algorithms. Emerging
security patches and software updates is crucial to technologies such as blockchain and secure
mitigate known vulnerabilities that attackers might multiparty computation hold promise for enhancing
exploit. the security of sensitive data and preventing

DOI: 10.35629/5252-0507434444 |Impact Factorvalue 6.18| ISO 9001: 2008 Certified Journal Page 441
 International Journal of Advances in Engineering and Management (IJAEM)
Volume 5, Issue 7 July 2023, pp: 434-444 www.ijaem.net ISSN: 2395-5252

unauthorized access. Additionally, collaborations attention to data quality, bias mitigation, and model
between academia, industry, and government accuracy.
agencies are vital to share knowledge, exchange best Moreover, it is evident that the field of
practices, and develop robust defence strategies hacking techniques and cybersecurity is ever-
against emerging hacking trends. evolving. To stay ahead of cybercriminals,
organizations must prioritize ongoing research and
VI. CONCLUSION development of advanced threat detection and
The world of hacking techniques and future prevention mechanisms. This involves leveraging
trends, with a specific focus on social engineering emerging technologies, such as artificial
(phishing) and network attacks (DOS/DDOS). intelligence, machine learning, blockchain, and
These had delved into the intricacies of these secure multiparty computation. Collaboration
malicious practices, their impact on individuals and among academia, industry, and government
organizations, and the evolving landscape of agencies is vital to share knowledge, exchange best
cybersecurity. Throughout the analysis, several key practices, and collectively build a secure digital
insights and findings have emerged. environment.
Firstly, social engineering techniques, In the face of future challenges, the pursuit
particularly phishing, have become increasingly of cybersecurity excellence should remain a
sophisticated, posing a significant threat to continuous effort. By embracing proactive
individuals and organizations alike. Attackers measures, raising awareness, and fostering a culture
exploit human vulnerabilities to deceive users and of security, these can navigate the evolving
gain access to sensitive information. As a result, it is landscape of hacking techniques and future trends,
crucial for organizations to invest in robust security ensuring the safety of individuals, organizations,
measures, including comprehensive security and society as a whole. Besides that, this can build a
awareness programs, employee training, and regular resilient and secure digital ecosystem that
communication channels with IT professionals. By safeguards the valuable information and promotes
empowering employees and enhancing their trust in the digital realm.
understanding of social engineering tactics,
organizations can fortify their defences and mitigate VII. ACKNOWLEDGEMENT
the risks associated with these attacks. The authors would like to thank all
Secondly, network attacks, such as denial- Schoolof Computing members who were involved
of-service (DoS) and distributed denial-of-service in thisstudy. This study wasconducted for the
(DDoS), continue to plague the digital landscape. purpose ofEthical Hacking & Penetration Testing
These attacks disrupt the availability of services, ResearchProject. This work was supported by
causing significant financial losses and reputational UniversitiUtara Malaysia.
damage. To counteract these threats, organizations
must adopt proactive measures, such as VIII. REFERENCE
implementing robust network security infrastructure,
employing traffic monitoring and anomaly detection [1] C. Malaysia, ―Cybersecurity Malaysia,‖
systems, and leveraging scalable cloud-based MyCert (Malaysia Computer Emergency
resources to mitigate the impact of such attacks. Respond Team), 2023.
Collaborative efforts between organizations, internet
[2] M. O. B. a. A. Tepecik,
service providers, and cybersecurity experts are also
―Cybersecurity,Computer Networks Phishing,
crucial in developing effective defence strategies.
Malware, Ransomware, and Social
Furthermore, emerging trends and
Engineering Anti-Piracy Reviews,,‖ 2021 -
challenges have highlighted the significance of
3rd International Congress on Human-
securing healthcare Internet of Things (IoT)
Computer Interaction, Optimization and
networks and improving predictive models in
Robotic Applications, Proceedings, pp. 1-5,
software engineering. Healthcare IoT networks play
2021.
a vital role in remote patient monitoring and care.
However, these networks are vulnerable to [3] G. S. Hussain Aldawood, ―Analysis and
cyberattacks, necessitating the implementation of Findings of Social Engineering Industry
strong security measures, including end-to-end Experts Explorative Interviews: Perspectives
encryption, authentication mechanisms, and on Measures, Tools, and Solutions,‖ IEEE
specialized security protocols. Meanwhile, Access, vol. 8, pp. 67321-67329, 2020.
predictive models offer opportunities for enhancing [4] N. K.-W. a. A. Wentland, ――Hacking
software development processes but require Humans? Social Engineering and the

DOI: 10.35629/5252-0507434444 |Impact Factorvalue 6.18| ISO 9001: 2008 Certified Journal Page 442
 International Journal of Advances in Engineering and Management (IJAEM)
Volume 5, Issue 7 July 2023, pp: 434-444 www.ijaem.net ISSN: 2395-5252

Construction of the „Deficient User‟ in wiki/authentication/what-is-2fa/#security-

Cybersecurity Discourses,‖,‖ Technol. Hum. wiki-content.
Values, vol. 46, no. 6, p. 1316–1339, 2021. [15] K. Petrosyan, ―How to Detect DDoS
[5] H. H. M. H. E. W. Katharina Krombholz, Attacks?,‖ 9 September 2022. [Online].
―Advanced social engineering attacks,,‖ J. Available:
Inf. Secure Appl, vol. 22, pp. 113-122, 2015. https://securityboulevard.com/2022/09/how-
[6] S. R. H. Qwaider, ―Analysis and Evaluation to-detect-ddos-
of Cybersecurity Techniques for Social attacks/#:~:text=Web%20scanners%2C%20w
Engineering,‖ Al-Azhar Univ. Fac. Eng. Inf. eb%20application%20firewall,traffic%20usin
Technol, 2019. g%20machine%20learning%20algorithms..
[7] B. M. Nikhil Tripathi, ―DoS and DDoS [16] I. G. H. M. B. Ali Derakhshan, ―Detecting
Attacks: Impact, Analysis and telephone-based social engineering attacks
Countermeasures,‖ Advances in Computing, using scam signatures,‖ In Proceedings of the
Networking and Security, 2013 TEQIP II 2021 ACM Workshop on Security and
National Conference, 2013. Privacy Analytics, pp. 67-73, 2021.
[8] B. B. G. Anshuman Singh, ―Distributed [17] A. E. A. K. L. H. Atheer Alharthi, ―Network
Denial-of-Service (DDoS) Attacks and Traffic Analysis for DDOS Attack
Defense Mechanisms in Various Web- Detection,‖ In The 4th International
Enabled Computing Platforms: Issues, Conference on Future Networks and
Challenges, and Future Research Directions,‖ Distributed Systems (ICFNDS), pp. 1-6,
International journal on Semantic Web and November 2020.
information systems, vol. 18, no. 1, pp. 1-43, [18] D. R. Santos, ―Access Control Vulnerabilities
2022. in Network Protocol Implementations: How
[9] OpenText, ―What is Social Engineering,‖ Attackers Exploit Them and What To Do
2019. [Online]. Available: About It.,‖ In Proceedings of the 28th ACM
https://www.webroot.com/us/en/resources/tip Symposium on Access Control Models and
s-articles/what-is-social-engineering. Technologies, pp. 5-6, May 2023.
[10] Fortinet, ―What Is the Difference Between [19] A. A. A. E. Meaad Alrehaili, ―A hybrid deep
DoS Attacks and DDoS Attacks?,‖ 2023. learning approach for advanced persistent
[Online]. Available: threat attack detection,‖ In The 5th
https://www.fortinet.com/resources/cyberglos International Conference on Future Networks
sary/dos-vs-ddos. & Distributed Systems, pp. 78-86, December
2021.
[11] A. Adegunwa, ―Data Breach Involves 13
Million Users Of Maybank, Astro, and EC,‖ [20] M. Z. F. B. Tamari Gamkrelidze, ―Working
2023. [Online]. Available: with Machine Learning/Artificial Intelligence
https://informationsecuritybuzz.com/data- systems: workers’ viewpoints and
breach-involves-users-maybank-astro-ec/. experiences,‖ In Proceedings of the 32nd
European Conference on Cognitive
[12] D. T. Sandle, ―Security expert on AirAsia
Ergonomics, pp. 1-7, April 2021.
ransomware attack,‖ 25 November 2022.
[Online]. Available: [21] J. T. J. H. G. C. S. W. X. J. P. Z. M. K. S. K.
https://www.digitaljournal.com/tech- D. Linghe Kong, ―Edge-Computing-Driven
science/security-expert-on-airasia- Internet of Things: A Survey,‖ ACM
ransomware-attack/article. Computing Surveys, vol. 55, no. 8, pp. 1-41,
2022.
[13] J. Webster, ―Security Awareness: 7 reasons
why security awareness training is important [22] G. S. R. T. R. G. F. D. R. V.-R. Paula
in 2023,‖ 2023. [Online]. Available: Delgado-Santos, ―A survey of privacy
https://www.cybsafe.com/blog/7-reasons- vulnerabilities of mobile device sensors,‖
why-security-awareness-training-is- ACM Computing Surveys (CSUR), vol. 24,
important/. no. 11s, pp. 1-30, 2022.
[14] S. D. Octopus, ―What is two factor [23] P. L. R. F. S. W. Daniel Graziotin,
authentication (2FA)?: Security wiki,‖ 15 ―Psychometrics in behavioral software
August 2021. [Online]. Available: engineering: A methodological introduction
https://doubleoctopus.com/security- with guidelines,‖ ACM Transactions on

DOI: 10.35629/5252-0507434444 |Impact Factorvalue 6.18| ISO 9001: 2008 Certified Journal Page 443
 International Journal of Advances in Engineering and Management (IJAEM)
Volume 5, Issue 7 July 2023, pp: 434-444 www.ijaem.net ISSN: 2395-5252

Software Engineering and Methodology directions,‖ ACM Transactions on Sensor

(TOSEM), vol. 31, no. 1, pp. 1-36, 2021. Networks, vol. 19, no. 3, pp. 1-25, 2023.
[24] A. C. A. J. B. A. D. S. &. N.-E. C. Tally, [27] C. V. H. B. C. J. J. J. J. N. J. J. M. L. K. S.
―What Mid-Career Professionals Think, Eric Blancaflor, ―Risk assessments of social
Know, and Feel About Phishing: engineering attacks and set controls in an
Opportunities for University IT Departments online education environment,‖ In 2021 3rd
to Better Empower Employees in Their Anti- International Conference on Modern
Phishing Decisions,‖ Proceedings of the Educational Technology, pp. 69-74, May
ACM on Human-Computer Interaction, vol. 2021.
7, no. CSCW1, pp. 1-27, 2023.
[25] H. Y. W. W. W. M. D. &. L. J. Wang, ―A
novel cross-network embedding for anchor
link prediction with social adversarial
attacks,‖ ACM Transactions on Privacy and
Security, vol. 26, no. 1, pp. 1-32, 2022.
[26] J. A. M. M. J. S. R. A. N. K. A. F. H. S.
Muhammad Adil, ―Covid-19: Secure
healthcare internet of things networks, current
trends and challenges with future research

DOI: 10.35629/5252-0507434444 |Impact Factorvalue 6.18| ISO 9001: 2008 Certified Journal Page 444