90 research outputs found
Phishing in email and instant messaging
Abstract. Phishing is a constantly evolving threat in the world of information security that affects everyone, no matter if you’re a retail worker or the head of IT in a large organisation. Because of this, this thesis aims to give the reader a good overview of what phishing is, and due to its prevalence in email and instant messaging, focuses on educating the reader on common signs and techniques used in phishing in the aforementioned forms of communication. The chosen research method is literature review, as it is the ideal choice for presenting an overview of a larger subject. As a result of the research, many common phishing signs and techniques in both email and instant messaging are presented. Some of these signs include strange senders, fake domain names and spellings mistakes. With this thesis, anyone looking to improve their understanding about phishing can do so in a way that is easy to understand. Some suggestions for future research are also presented based on this thesis’ shortcomings, namely the lack of studies on phishing in instant messaging
PhishReplicant: A Language Model-based Approach to Detect Generated Squatting Domain Names
Domain squatting is a technique used by attackers to create domain names for
phishing sites. In recent phishing attempts, we have observed many domain names
that use multiple techniques to evade existing methods for domain squatting.
These domain names, which we call generated squatting domains (GSDs), are quite
different in appearance from legitimate domain names and do not contain brand
names, making them difficult to associate with phishing. In this paper, we
propose a system called PhishReplicant that detects GSDs by focusing on the
linguistic similarity of domain names. We analyzed newly registered and
observed domain names extracted from certificate transparency logs, passive
DNS, and DNS zone files. We detected 3,498 domain names acquired by attackers
in a four-week experiment, of which 2,821 were used for phishing sites within a
month of detection. We also confirmed that our proposed system outperformed
existing systems in both detection accuracy and number of domain names
detected. As an in-depth analysis, we examined 205k GSDs collected over 150
days and found that phishing using GSDs was distributed globally. However,
attackers intensively targeted brands in specific regions and industries. By
analyzing GSDs in real time, we can block phishing sites before or immediately
after they appear.Comment: Accepted at ACSAC 202
Malicious Package Detection in NPM and PyPI using a Single Model of Malicious Behavior Sequence
Open-source software (OSS) supply chain enlarges the attack surface, which
makes package registries attractive targets for attacks. Recently, package
registries NPM and PyPI have been flooded with malicious packages. The
effectiveness of existing malicious NPM and PyPI package detection approaches
is hindered by two challenges. The first challenge is how to leverage the
knowledge of malicious packages from different ecosystems in a unified way such
that multi-lingual malicious package detection can be feasible. The second
challenge is how to model malicious behavior in a sequential way such that
maliciousness can be precisely captured. To address the two challenges, we
propose and implement Cerebro to detect malicious packages in NPM and PyPI. We
curate a feature set based on a high-level abstraction of malicious behavior to
enable multi-lingual knowledge fusing. We organize extracted features into a
behavior sequence to model sequential malicious behavior. We fine-tune the BERT
model to understand the semantics of malicious behavior. Extensive evaluation
has demonstrated the effectiveness of Cerebro over the state-of-the-art as well
as the practically acceptable efficiency. Cerebro has successfully detected 306
and 196 new malicious packages in PyPI and NPM, and received 385 thank letters
from the official PyPI and NPM teams
Teaching Tip: Hook, Line, and Sinker – The Development of a Phishing Exercise to Enhance Cybersecurity Awareness
In this paper, we describe the development of an in-class exercise designed to teach students how to craft social engineering attacks. Specifically, we focus on the development of phishing emails. Providing an opportunity to craft offensive attacks not only helps prepare students for a career in penetration testing but can also enhance their ability to detect and defend against similar methods. First, we discuss the relevant background. Second, we outline the requirements necessary to implement the exercise. Third, we describe how we implemented the exercise. Finally, we discuss our results and share student feedback
- …