Detecting and characterizing lateral phishing at scale

We present the first large-scale characterization of lateral phishing attacks, based on a dataset of 113 million employee-sent emails from 92 enterprise organizations. In a lateral phishing attack, adversaries leverage a compromised enterprise account to send phishing emails to other users, benefit-ting from both the implicit trust and the information in the hijacked user's account. We develop a classifier that finds hundreds of real-world lateral phishing emails, while generating under four false positives per every one-million employee-sent emails. Drawing on the attacks we detect, as well as a corpus of user-reported incidents, we quantify the scale of lateral phishing, identify several thematic content and recipient targeting strategies that attackers follow, illuminate two types of sophisticated behaviors that attackers exhibit, and estimate the success rate of these attacks. Collectively, these results expand our mental models of the 'enterprise attacker' and shed light on the current state of enterprise phishing attacks

“Thanks for sharing”—Identifying users’ roles based on knowledge contribution in Enterprise Social Networks

While ever more companies use Enterprise Social Networks for knowledge management, there is still a lack of understanding of users' knowledge exchanging behavior. In this context, it is important to be able to identify and characterize users who contribute and communicate their knowledge in the network and help others to get their work done. In this paper, we propose a new methodological approach consisting of three steps, namely "message classification", "identification of users' roles" as well as "characterization of users' roles". We apply the approach to a dataset from a multinational consulting company, which allows us to identify three user roles based on their knowledge contribution in messages: givers, takers, and matchers. Going beyond this categorization, our data shows that whereas the majority of messages aims to share knowledge, matchers, that means people that give and take, are a central element of the network. In conclusion, the development and application of a new methodological approach allows us to contribute to a more refined understanding of users' knowledge exchanging behavior in Enterprise Social Networks which can ultimately help companies to take measures to improve their knowledge management. (C) 2018 Elsevier B.V. All rights reserved