nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

Plenty of Phish in the Sea: Analyzing Potential Pre-attack Surfaces

verfasst von : Tobias Urban, Matteo Große-Kampmann, Dennis Tatang, Thorsten Holz, Norbert Pohlmann

Erschienen in: Computer Security – ESORICS 2020

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Advanced Persistent Threats (APTs) are one of the main challenges in modern computer security. They are planned and performed by well-funded, highly-trained and often state-based actors. The first step of such an attack is the reconnaissance of the target. In this phase, the adversary tries to gather as much intelligence on the victim as possible to prepare further actions. An essential part of this initial data collection phase is the identification of possible gateways to intrude the target.

In this paper, we aim to analyze the data that threat actors can use to plan their attacks. To do so, we analyze in a first step 93 APT reports and find that most (80%) of them begin by sending phishing emails to their victims. Based on this analysis, we measure the extent of data openly available of 30 entities to understand if and how much data they leak that can potentially be used by an adversary to craft sophisticated spear phishing emails. We then use this data to quantify how many employees are potential targets for such attacks. We show that 83% of the analyzed entities leak several attributes of uses, which can all be used to craft sophisticated phishing emails.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel On the Privacy Risks of Compromised Trigger-Action Platforms

Nächstes Kapitel Towards Post-Quantum Security for Cyber-Physical Systems: Integrating PQC into Industrial M2M Communication

Nur mit Berechtigung zugänglich

Balduzzi, M., Platzer, C., Holz, T., Kirda, E., Balzarotti, D., Kruegel, C.: Abusing social networks for automated user profiling. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 422–441. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15512-3_22CrossRef

Barre, M., Gehani, A., Yegneswaran, V.: Mining data provenance to detect advanced persistent threats. In: Proceedings of the 11th International Workshop on Theory and Practice of Provenance, TaPP 2019. USENIX Association, Berkeley (2019)

Caputo, D., Pfleeger, S., Freeman, J., Johnson, M.: Going spear phishing: exploring embedded training and awareness. IEEE Secur. Privacy 12(1), 28–38 (2014). https://doi.org/10.1109/MSP.2013.106CrossRef

Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: De Decker, B., Zúquete, A. (eds.) CMS 2014. LNCS, vol. 8735, pp. 63–72. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44885-4_5CrossRef

Chiew, K., Yong, K., Tan, C.: A survey of phishing attacks: their types, vectors and technical approaches. Expert Syst. Appl. 106, 1–20 (2018). https://doi.org/10.1016/j.eswa.2018.03.050CrossRef

Das, A., Baki, S., El Aassal, A., Verma, R., Dunbar, A.: SoK: a comprehensive reexamination of phishing research from the security perspective. IEEE Commun. Surv. Tutor. (2019). https://doi.org/10.1109/COMST.2019.2957750CrossRef

Dou, Z., Khalil, I., Khreishah, A., Al-Fuqaha, A., Guizani, M.: SoK: a systematic review of software-based web phishing detection. IEEE Commun. Surv. Tutor. 19(4), 2797–2819 (2017). https://doi.org/10.1109/COMST.2017.2752087CrossRef

Ferreira, A., Vieira-Marques, P.: Phishing through time: a ten year story based on abstracts. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy, ICISSP 2018, pp. 225–232. INSTICC, SciTePress, Setúbal, Portugal (2018). https://doi.org/10.5220/0006552602250232

Fischer, C., Crocker, A.: Victory! Ruling in hiQ v. Linkedin Protects Scraping of Public Data. https://www.eff.org/deeplinks/2019/09/victory-ruling-hiq-v-linkedin-protects-scraping-public-data

10.

Ghafir, I., et al.: Detection of advanced persistent threat using machine-learning correlation analysis. Future Gener. Comput. Syst. 89, 349–359 (2018). https://doi.org/10.1016/j.future.2018.06.055CrossRef

11.

Gianvecchio, S., Burkhalter, C., Lan, H., Sillers, A., Smith, K.: Closing the gap with APTs through semantic clusters and automated cybergames. In: Chen, S., Choo, K.-K.R., Fu, X., Lou, W., Mohaisen, A. (eds.) SecureComm 2019. LNICST, vol. 304, pp. 235–254. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-37228-6_12CrossRef

12.

Halevi, T., Memon, N., Nov, O.: Spear-phishing in the wild: a real-world study of personality, phishing self-efficacy and vulnerability to spear-phishing attacks. SSRN Electron. J. (2015). https://doi.org/10.2139/ssrn.2544742

13.

Han, Y., Shen, Y.: Accurate spear phishing campaign attribution and early detection. In: Proceedings of the 31st ACM Symposium on Applied Computing, SAC 2016, pp. 2079–2086. ACM Press, New York (2016). https://doi.org/10.1145/2851613.2851801

14.

Ho, G., Sharma, A., Javed, M., Paxson, V., Wagner, D.: Detecting credential spearphishing in enterprise settings. In: Proceedings of the 26th USENIX Security Symposium, USENIX Sec 2017, pp. 469–485. USENIX Association, Berkeley (2017)

15.

Hunt, T.: Have I Been Pwned: API v3 (2020). https://haveibeenpwned.com/API/v3. Accessed 15 Apr 2020

16.

Kumar, G.R., Mangathayaru, N., Narsimha, G., Cheruvu, A.: Feature clustering for anomaly detection using improved fuzzy membership function. In: Proceedings of the 4th International Conference on Engineering & MIS, ICEMIS 2018. ACM Press, New York (2018). https://doi.org/10.1145/3234698.3234733

17.

Kumaraguru, P., Rhee, Y., Acquisti, A., Cranor, L.F., Hong, J., Nunge, E.: Protecting people from phishing: the design and evaluation of an embedded training email system. In: Proceedings of the 25thACM SIGCHI Conference on Human Factors in Computing Systems, CHI 2007, pp. 905–914. ACM Press, New York (2007). https://doi.org/10.1145/1240624.1240760

18.

Lauinger, T., Chaabane, A., Buyukkayhan, A.S., Onarlioglu, K., Robertson, W.: Game of registrars: an empirical analysis of post-expiration domain name takeovers. In: USENIX Security Symposium (2017)

19.

Lemay, A., Calvet, J., Menet, F., Fernandez, J.M.: Survey of publicly available reports on advanced persistent threat actors. Comput. Secur. 72, 26–59 (2018). https://doi.org/10.1016/j.cose.2017.08.005CrossRef

20.

LinkedIn Corporation: Statistics (2020). https://news.linkedin.com/about-us#statistics. Accessed 15 Apr 2020

21.

Liu, F., Wen, Y., Zhang, D., Jiang, X., Xing, X., Meng, D.: Log2vec: a heterogeneous graph embedding based approach for detecting cyber threats within enterprise. In: Proceedings of the 26th ACM Conference on Computer and Communications Security, CCS 2019, pp. 1777–1794. ACM Press, New York (2019). https://doi.org/10.1145/3319535.3363224

22.

Lockheed Martin Corporation: Gaining the Advantage-Applying Cyber Kill Chain Methodology to Network Defense (2014). https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/Gaining_the_Advantage_Cyber_Kill_Chain.pdf. Accessed 15 Apr 2020

23.

Milajerdi, S.M., Eshete, B., Gjomemo, R., Venkatakrishnan, V.N.: ProPatrol: attack investigation via extracted high-level tasks. In: Ganapathy, V., Jaeger, T., Shyamasundar, R.K. (eds.) ICISS 2018. LNCS, vol. 11281, pp. 107–126. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-05171-6_6CrossRef

24.

m8r0wn: CrossLinked (2020). https://github.com/m8r0wn/CrossLinked. Accessed 20 Apr 2020

25.

Milajerdi, S., Gjomemo, R., Eshete, B., Sekar, R., Venkatakrishnan, V.: HOLMES: real-time APT detection through correlation of suspicious information flows. In: Proceedings of the IEEE Symposium on Security and Privacy, S&P 2019, pp. 1137–1152. IEEE Computer Society, Washington (2019). https://doi.org/10.1109/SP.2019.00026

26.

Miramirkhani, N., Barron, T., Ferdman, M., Nikiforakis, N.: Panning for gold.com: understanding the dynamics of domain dropcatching. In: International Conference on World Wide Web (2018)

27.

Parsons, K., McCormac, A., Pattinson, M., Butavicius, M., Jerram, C.: The design of phishing studies: the design of phishing studies: challenges for researchers. Comput. Secur. 52, 194–206 (2015). https://doi.org/10.1016/j.cose.2015.02.008CrossRef

28.

Paterson, A., Chappell, J.: The Impact of Open Source Intelligence on Cybersecurity, pp. 44–62. Palgrave Macmillan UK, London (2014). https://doi.org/10.1057/9781137353320_4

29.

RSA Research: Reconnaissance–A Walkthrough of the “APT” Intelligence Gathering Process (2015). http://www.kerneronsec.com/2015/10/a-walkthrough-of-apt-intelligence.html. Accessed 15 Apr 2020

30.

The MITRE Corporation: MITRE ATT&CK matrix for enterprise (2019). https://attack.mitre.org/matrices/enterprise/. Accessed 15 Apr 2020

31.

The MITRE Corporation: MITRE PRE-ATT&CK Matrix (2019). https://attack.mitre.org/matrices/enterprise/. Accessed 15 Apr 2020

32.

Yadav, T., Rao, A.M.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-Martínez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438–452. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22915-7_40CrossRef

33.

Yu, H., Li, A., Jiang, R.: Needle in a haystack: attack detection from large-scale system audit. In: Proceedings of the 19th International Conference on Communication Technology, ICCT 2019, pp. 1418–1426 (2019). https://doi.org/10.1109/ICCT46805.2019.8947201

Titel: Plenty of Phish in the Sea: Analyzing Potential Pre-attack Surfaces
verfasst von: Tobias Urban
Matteo Große-Kampmann
Dennis Tatang
Thorsten Holz
Norbert Pohlmann
Verlag: Springer International Publishing
Buch: Computer Security – ESORICS 2020
Print ISBN: 978-3-030-59012-3

Electronic ISBN: 978-3-030-59013-0

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-59013-0_14

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner