526 research outputs found
Detecting and characterizing lateral phishing at scale
We present the first large-scale characterization of lateral phishing attacks, based on a dataset of 113 million employee-sent emails from 92 enterprise organizations. In a lateral phishing attack, adversaries leverage a compromised enterprise account to send phishing emails to other users, benefit-ting from both the implicit trust and the information in the hijacked user's account. We develop a classifier that finds hundreds of real-world lateral phishing emails, while generating under four false positives per every one-million employee-sent emails. Drawing on the attacks we detect, as well as a corpus of user-reported incidents, we quantify the scale of lateral phishing, identify several thematic content and recipient targeting strategies that attackers follow, illuminate two types of sophisticated behaviors that attackers exhibit, and estimate the success rate of these attacks. Collectively, these results expand our mental models of the 'enterprise attacker' and shed light on the current state of enterprise phishing attacks
Cancer genetics services in the UK
No abstrac
Exact results for the Barabasi model of human dynamics
Human activity patterns display a bursty dynamics, with interevent times
following a heavy tailed distribution. This behavior has been recently shown to
be rooted in the fact that humans assign their active tasks different
priorities, a process that can be modeled as a priority queueing system [A.-L.
Barabasi, Nature 435, 207 (2005)]. In this work we obtain exact results for the
Barabasi model with two tasks, calculating the priority and waiting time
distribution of active tasks. We demonstrate that the model has a singular
behavior in the extremal dynamics limit, when the highest priority task is
selected first. We find that independently of the selection protocol, the
average waiting time is smaller or equal to the number of active tasks, and
discuss the asymptotic behavior of the waiting time distribution. These results
have important implications for understanding complex systems with extremal
dynamics.Comment: 4 pages, 4 figures, revte
zeek-osquery: Host-Network Correlation for Advanced Monitoring and Intrusion Detection
Intrusion Detection Systems (IDSs) can analyze network traffic for signs of
attacks and intrusions. However, encrypted communication limits their
visibility and sophisticated attackers additionally try to evade their
detection. To overcome these limitations, we extend the scope of Network IDSs
(NIDSs) with additional data from the hosts. For that, we propose the
integrated open-source zeek-osquery platform that combines the Zeek IDS with
the osquery host monitor. Our platform can collect, process, and correlate host
and network data at large scale, e.g., to attribute network flows to processes
and users. The platform can be flexibly extended with own detection scripts
using already correlated, but also additional and dynamically retrieved host
data. A distributed deployment enables it to scale with an arbitrary number of
osquery hosts. Our evaluation results indicate that a single Zeek instance can
manage more than 870 osquery hosts and can attribute more than 96% of TCP
connections to host-side applications and users in real-time.Comment: Accepted for publication at ICT Systems Security and Privacy
Protection (IFIP) SEC 202
Pervasive and Personal Learning Environments
This position paper provides some elements about the convergence of institutional and personal learning environments based on Web 2.0 as well as pervasive learning
- …