758 research outputs found
Characterizing Phishing Threats with Natural Language Processing
Spear phishing is a widespread concern in the modern network security
landscape, but there are few metrics that measure the extent to which
reconnaissance is performed on phishing targets. Spear phishing emails closely
match the expectations of the recipient, based on details of their experiences
and interests, making them a popular propagation vector for harmful malware. In
this work we use Natural Language Processing techniques to investigate a
specific real-world phishing campaign and quantify attributes that indicate a
targeted spear phishing attack. Our phishing campaign data sample comprises 596
emails - all containing a web bug and a Curriculum Vitae (CV) PDF attachment -
sent to our institution by a foreign IP space. The campaign was found to
exclusively target specific demographics within our institution. Performing a
semantic similarity analysis between the senders' CV attachments and the
recipients' LinkedIn profiles, we conclude with high statistical certainty (p
) that the attachments contain targeted rather than randomly
selected material. Latent Semantic Analysis further demonstrates that
individuals who were a primary focus of the campaign received CVs that are
highly topically clustered. These findings differentiate this campaign from one
that leverages random spam.Comment: This paper has been accepted for publication by the IEEE Conference
on Communications and Network Security in September 2015 at Florence, Italy.
Copyright may be transferred without notice, after which this version may no
longer be accessibl
$1.00 per RT #BostonMarathon #PrayForBoston: analyzing fake content on Twitter
This study found that 29% of the most viral content on Twitter during the Boston bombing crisis were rumors and fake content.AbstractOnline social media has emerged as one of the prominent channels for dissemination of information during real world events. Malicious content is posted online during events, which can result in damage, chaos and monetary losses in the real world. We analyzed one such media i.e. Twitter, for content generated during the event of Boston Marathon Blasts, that occurred on April, 15th, 2013. A lot of fake content and malicious profiles originated on Twitter network during this event. The aim of this work is to perform in-depth characterization of what factors influenced in malicious content and profiles becoming viral. Our results showed that 29% of the most viral content on Twitter, during the Boston crisis were rumors and fake content; while 51% was generic opinions and comments; and rest was true information. We found that large number of users with high social reputation and verified accounts were responsible for spreading the fake content. Next, we used regression prediction model, to verify that, overall impact of all users who propagate the fake content at a given time, can be used to estimate the growth of that content in future. Many malicious accounts were created on Twitter during the Boston event, that were later suspended by Twitter. We identified over six thousand such user profiles, we observed that the creation of such profiles surged considerably right after the blasts occurred. We identified closed community structure and star formation in the interaction network of these suspended profiles amongst themselves
Use of LLMs for Illicit Purposes: Threats, Prevention Measures, and Vulnerabilities
Spurred by the recent rapid increase in the development and distribution of
large language models (LLMs) across industry and academia, much recent work has
drawn attention to safety- and security-related threats and vulnerabilities of
LLMs, including in the context of potentially criminal activities.
Specifically, it has been shown that LLMs can be misused for fraud,
impersonation, and the generation of malware; while other authors have
considered the more general problem of AI alignment. It is important that
developers and practitioners alike are aware of security-related problems with
such models. In this paper, we provide an overview of existing - predominantly
scientific - efforts on identifying and mitigating threats and vulnerabilities
arising from LLMs. We present a taxonomy describing the relationship between
threats caused by the generative capabilities of LLMs, prevention measures
intended to address such threats, and vulnerabilities arising from imperfect
prevention measures. With our work, we hope to raise awareness of the
limitations of LLMs in light of such security concerns, among both experienced
developers and novel users of such technologies.Comment: Pre-prin
A framework for securing email entrances and mitigating phishing impersonation attacks
Emails are used every day for communication, and many countries and
organisations mostly use email for official communications. It is highly valued
and recognised for confidential conversations and transactions in day-to-day
business. The Often use of this channel and the quality of information it
carries attracted cyber attackers to it. There are many existing techniques to
mitigate attacks on email, however, the systems are more focused on email
content and behaviour and not securing entrances to email boxes, composition,
and settings. This work intends to protect users' email composition and
settings to prevent attackers from using an account when it gets hacked or
hijacked and stop them from setting forwarding on the victim's email account to
a different account which automatically stops the user from receiving emails. A
secure code is applied to the composition send button to curtail insider
impersonation attack. Also, to secure open applications on public and private
devices
Canary in Twitter Mine: Collecting Phishing Reports from Experts and Non-experts
The rise in phishing attacks via e-mail and short message service (SMS) has
not slowed down at all. The first thing we need to do to combat the
ever-increasing number of phishing attacks is to collect and characterize more
phishing cases that reach end users. Without understanding these
characteristics, anti-phishing countermeasures cannot evolve. In this study, we
propose an approach using Twitter as a new observation point to immediately
collect and characterize phishing cases via e-mail and SMS that evade
countermeasures and reach users. Specifically, we propose CrowdCanary, a system
capable of structurally and accurately extracting phishing information (e.g.,
URLs and domains) from tweets about phishing by users who have actually
discovered or encountered it. In our three months of live operation,
CrowdCanary identified 35,432 phishing URLs out of 38,935 phishing reports. We
confirmed that 31,960 (90.2%) of these phishing URLs were later detected by the
anti-virus engine, demonstrating that CrowdCanary is superior to existing
systems in both accuracy and volume of threat extraction. We also analyzed
users who shared phishing threats by utilizing the extracted phishing URLs and
categorized them into two distinct groups - namely, experts and non-experts. As
a result, we found that CrowdCanary could collect information that is
specifically included in non-expert reports, such as information shared only by
the company brand name in the tweet, information about phishing attacks that we
find only in the image of the tweet, and information about the landing page
before the redirect
- âŚ