7,313 research outputs found
Honey Sheets: What Happens to Leaked Google Spreadsheets?
Cloud-based documents are inherently valuable, due to the volume and nature
of sensitive personal and business content stored in them. Despite the
importance of such documents to Internet users, there are still large gaps in
the understanding of what cybercriminals do when they illicitly get access to
them by for example compromising the account credentials they are associated
with. In this paper, we present a system able to monitor user activity on
Google spreadsheets. We populated 5 Google spreadsheets with fake bank account
details and fake funds transfer links. Each spreadsheet was configured to
report details of accesses and clicks on links back to us. To study how people
interact with these spreadsheets in case they are leaked, we posted unique
links pointing to the spreadsheets on a popular paste site. We then monitored
activity in the accounts for 72 days, and observed 165 accesses in total. We
were able to observe interesting modifications to these spreadsheets performed
by illicit accesses. For instance, we observed deletion of some fake bank
account information, in addition to insults and warnings that some visitors
entered in some of the spreadsheets. Our preliminary results show that our
system can be used to shed light on cybercriminal behavior with regards to
leaked online documents
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
Learning with Weak Supervision for Email Intent Detection
Email remains one of the most frequently used means of online communication.
People spend a significant amount of time every day on emails to exchange
information, manage tasks and schedule events. Previous work has studied
different ways for improving email productivity by prioritizing emails,
suggesting automatic replies or identifying intents to recommend appropriate
actions. The problem has been mostly posed as a supervised learning problem
where models of different complexities were proposed to classify an email
message into a predefined taxonomy of intents or classes. The need for labeled
data has always been one of the largest bottlenecks in training supervised
models. This is especially the case for many real-world tasks, such as email
intent classification, where large scale annotated examples are either hard to
acquire or unavailable due to privacy or data access constraints. Email users
often take actions in response to intents expressed in an email (e.g., setting
up a meeting in response to an email with a scheduling request). Such actions
can be inferred from user interaction logs. In this paper, we propose to
leverage user actions as a source of weak supervision, in addition to a limited
set of annotated examples, to detect intents in emails. We develop an
end-to-end robust deep neural network model for email intent identification
that leverages both clean annotated data and noisy weak supervision along with
a self-paced learning mechanism. Extensive experiments on three different
intent detection tasks show that our approach can effectively leverage the
weakly supervised data to improve intent detection in emails.Comment: 10 pages, 3 figure
Targeted Attacks: Redefining Spear Phishing and Business Email Compromise
In today's digital world, cybercrime is responsible for significant damage to
organizations, including financial losses, operational disruptions, or
intellectual property theft. Cyberattacks often start with an email, the major
means of corporate communication. Some rare, severely damaging email threats -
known as spear phishing or Business Email Compromise - have emerged. However,
the literature disagrees on their definition, impeding security vendors and
researchers from mitigating targeted attacks. Therefore, we introduce targeted
attacks. We describe targeted-attack-detection techniques as well as
social-engineering methods used by fraudsters. Additionally, we present
text-based attacks - with textual content as malicious payload - and compare
non-targeted and targeted variants
- …