Cyber-attacks targeting human users are on the rise both in sophistication and scale. Social engineering comprises an evolving set of techniques and capabilities that allow attackers to target with increasing precision Internet users at scale. Novel AI-based content generation tools, such as LLMs employed by chatbots, are now increasingly available to criminals to run Internet-scale social engineering attacks over many vectors, from email to voice calls to Internet messaging. The availability of personal target information through social media and personal websites (Open Source INTelligence, or OSINT), combined with the capability to automatically process and synthetize this information, will soon allow attackers to deliver targeted social engineering attacks at Internet-scale. The criminal market ecosystem supporting attack capabilities is already picking up on new (criminal) business opportunities to enable the next generation of social engineering attacks. The question of whether our defenses are capable of addressing and mitigating these upcoming threats is an open, and critical, one.
This PhD track is focused on identifying emerging threats in the social engineering landscape as enabled by the criminal ecosystem, identify gaps with current (technical or non-technical) defense techniques, and propose, implement, and demonstrate the efficacy of novel defenses addressing that gap.
The Threat Analysis group within the SECurity cluster of TU Eindhoven, the Netherlands, is uniquely equipped to support this research providing multi-year experience and access to prominent criminal markets, and years-long experience on tailored social engineering techniques and experimentation. The group also provide direct access to the ESH-SOC (Eindhoven Security Hub Security Operation Center), an operative environment collecting threat data from third party IT infrastructures to provide information and an experimentation environment for the detection and investigation of incoming threats.
This position offers a unique opportunity to conduct multi-disciplinary research in the field of cybersecurity, offering a broad view of attacker and defenders both from a privileged observation viewpoint (criminal markets access, ESH) and an experimental one.
This position is part of the NWO/NWA INTERSECT project Grant Number NWA.1160.18.301. More information on the project is available here:
https://intersct.nl/.