an empirical analysis of phishing attack and defense
play

An Empirical Analysis of Phishing Attack and Defense Tyler Moore - PowerPoint PPT Presentation

Jun 17, 2023 •45 likes •735 views

Whos winning the phishing arms race? Non-cooperation when countering phishing Evaluating the wisdom of PhishTanks crowd An Empirical Analysis of Phishing Attack and Defense Tyler Moore and Richard Clayton University of Cambridge

  1. Who’s winning the phishing arm’s race? Non-cooperation when countering phishing Evaluating the ‘wisdom’ of PhishTank’s crowd An Empirical Analysis of Phishing Attack and Defense Tyler Moore and Richard Clayton University of Cambridge Computer Laboratory Computer Lab Security Seminar April 8, 2008 Tyler Moore An Empirical Analysis of Phishing Attack and Defense

  2. Who’s winning the phishing arm’s race? Non-cooperation when countering phishing Evaluating the ‘wisdom’ of PhishTank’s crowd Outline Who’s winning the phishing arm’s race? 1 The mechanics of phishing Rock-phish attacks Phishing-website lifetimes Non-cooperation when countering phishing 2 Comparing lifetimes for different feeds Estimating the cost of phishing attacks Evaluating the ‘wisdom’ of PhishTank’s crowd 3 PhishTank vs. proprietary feeds User participation in PhishTank Disrupting PhishTank’s verification system Tyler Moore An Empirical Analysis of Phishing Attack and Defense

  3. Who’s winning the phishing arm’s race? The mechanics of phishing Non-cooperation when countering phishing Rock-phish attacks Evaluating the ‘wisdom’ of PhishTank’s crowd Phishing-website lifetimes Outline Who’s winning the phishing arm’s race? 1 The mechanics of phishing Rock-phish attacks Phishing-website lifetimes Non-cooperation when countering phishing 2 Comparing lifetimes for different feeds Estimating the cost of phishing attacks Evaluating the ‘wisdom’ of PhishTank’s crowd 3 PhishTank vs. proprietary feeds User participation in PhishTank Disrupting PhishTank’s verification system Tyler Moore An Empirical Analysis of Phishing Attack and Defense

  4. Who’s winning the phishing arm’s race? The mechanics of phishing Non-cooperation when countering phishing Rock-phish attacks Evaluating the ‘wisdom’ of PhishTank’s crowd Phishing-website lifetimes Technical requirements for phishing attacks Attackers send out spam impersonating banks with link to fake website Hosting options for fake website Free webspace ( http://www.bankname.freespacesitename.com/signin/ ) Compromised machine ( http://www.example.com/ ∼ user/images/www.bankname.com/ ) Registered domain ( bankname-variant.com ) which then points to free webspace or compromised machine Personal detail recovery Completed forms forwarded to a webmail address Stored in a text file on the spoof website Tyler Moore An Empirical Analysis of Phishing Attack and Defense

  5. Who’s winning the phishing arm’s race? The mechanics of phishing Non-cooperation when countering phishing Rock-phish attacks Evaluating the ‘wisdom’ of PhishTank’s crowd Phishing-website lifetimes Defending against phishing attacks Proactive measures Web browser mechanisms to detect fake sites, multi-factor authentication procedures, restricted top-level domains, etc. Not the focus of our research Reactive measures Banks tally phishing URLs Reported phishing URLs are added to a blacklist, which is disseminated via anti-phishing toolbars Banks send take-down requests to the free webspace operator or ISP of compromised machine If a malicious domain has been registered, banks ask the domain name registrar to suspend the offending domain Tyler Moore An Empirical Analysis of Phishing Attack and Defense

  6. Who’s winning the phishing arm’s race? The mechanics of phishing Non-cooperation when countering phishing Rock-phish attacks Evaluating the ‘wisdom’ of PhishTank’s crowd Phishing-website lifetimes Defending against phishing attacks Proactive measures Web browser mechanisms to detect fake sites, multi-factor authentication procedures, restricted top-level domains, etc. Not the focus of our research Reactive measures Banks tally phishing URLs Reported phishing URLs are added to a blacklist, which is disseminated via anti-phishing toolbars Banks send take-down requests to the free webspace operator or ISP of compromised machine If a malicious domain has been registered, banks ask the domain name registrar to suspend the offending domain Tyler Moore An Empirical Analysis of Phishing Attack and Defense

  7. Who’s winning the phishing arm’s race? The mechanics of phishing Non-cooperation when countering phishing Rock-phish attacks Evaluating the ‘wisdom’ of PhishTank’s crowd Phishing-website lifetimes Data collection methodology Phishing website availability Several organizations collate phishing reports; we selected reports from PhishTank PhishTank DB records phishing URLs and relies on volunteers to confirm whether a site is wicked 33 710 PhishTank reports overs 8 weeks early 2007 We constructed our own testing system to continuously query sites until they stop responding or change Caveats to our data collection Sites removed before appearing in PhishTank are ignored We do not follow web-page redirectors Tyler Moore An Empirical Analysis of Phishing Attack and Defense

  8. Who’s winning the phishing arm’s race? The mechanics of phishing Non-cooperation when countering phishing Rock-phish attacks Evaluating the ‘wisdom’ of PhishTank’s crowd Phishing-website lifetimes Rock-phish attacks are different! ‘Rock-phish’ gang operate different to ‘ordinary’ phishing sites Purchase several innocuous-sounding domains (e.g., 1 lof80.info ) Send out phishing email with URL 2 http://www.volksbank.de.netw.oid3614061.lof80.info/vr 3 Gang-hosted DNS server resolves domain to IP address of one of several compromised machines 4 Compromised machines run a proxy to a back-end server 5 Server loaded with many fake websites (around 20), all of which can be accessed from any domain or compromised machine Tyler Moore An Empirical Analysis of Phishing Attack and Defense

  9. Who’s winning the phishing arm’s race? The mechanics of phishing Non-cooperation when countering phishing Rock-phish attacks Evaluating the ‘wisdom’ of PhishTank’s crowd Phishing-website lifetimes Rock-phish attacks are different! ‘Rock-phish’ gang operate different to ‘ordinary’ phishing sites Purchase several innocuous-sounding domains (e.g., 1 lof80.info ) Send out phishing email with URL 2 http://www.volksbank.de.netw.oid3614061.lof80.info/vr 3 Gang-hosted DNS server resolves domain to IP address of one of several compromised machines 4 Compromised machines run a proxy to a back-end server 5 Server loaded with many fake websites (around 20), all of which can be accessed from any domain or compromised machine Tyler Moore An Empirical Analysis of Phishing Attack and Defense

  10. Who’s winning the phishing arm’s race? The mechanics of phishing Non-cooperation when countering phishing Rock-phish attacks Evaluating the ‘wisdom’ of PhishTank’s crowd Phishing-website lifetimes Rock-phish attacks are different! ‘Rock-phish’ gang operate different to ‘ordinary’ phishing sites Purchase several innocuous-sounding domains (e.g., 1 lof80.info ) Send out phishing email with URL 2 http://www.volksbank.de.netw.oid3614061.lof80.info/vr 3 Gang-hosted DNS server resolves domain to IP address of one of several compromised machines 4 Compromised machines run a proxy to a back-end server 5 Server loaded with many fake websites (around 20), all of which can be accessed from any domain or compromised machine Tyler Moore An Empirical Analysis of Phishing Attack and Defense

  11. Who’s winning the phishing arm’s race? The mechanics of phishing Non-cooperation when countering phishing Rock-phish attacks Evaluating the ‘wisdom’ of PhishTank’s crowd Phishing-website lifetimes Rock-phish attacks are different! ‘Rock-phish’ gang operate different to ‘ordinary’ phishing sites Purchase several innocuous-sounding domains (e.g., 1 lof80.info ) Send out phishing email with URL 2 http://www.volksbank.de.netw.oid3614061.lof80.info/vr 3 Gang-hosted DNS server resolves domain to IP address of one of several compromised machines 4 Compromised machines run a proxy to a back-end server 5 Server loaded with many fake websites (around 20), all of which can be accessed from any domain or compromised machine Tyler Moore An Empirical Analysis of Phishing Attack and Defense

  12. Who’s winning the phishing arm’s race? The mechanics of phishing Non-cooperation when countering phishing Rock-phish attacks Evaluating the ‘wisdom’ of PhishTank’s crowd Phishing-website lifetimes Rock-phish attacks are different! ‘Rock-phish’ gang operate different to ‘ordinary’ phishing sites Purchase several innocuous-sounding domains (e.g., 1 lof80.info ) Send out phishing email with URL 2 http://www.volksbank.de.netw.oid3614061.lof80.info/vr 3 Gang-hosted DNS server resolves domain to IP address of one of several compromised machines 4 Compromised machines run a proxy to a back-end server 5 Server loaded with many fake websites (around 20), all of which can be accessed from any domain or compromised machine Tyler Moore An Empirical Analysis of Phishing Attack and Defense

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Id Identify fy a Phishing Attack CWU Information Security Services Id Identify fy a Phishing

Id Identify fy a Phishing Attack CWU Information Security Services Id Identify fy a Phishing

Id Identify fy a Phishing Attack CWU Information Security Services Id Identify fy a Phishing Attack An email address that tries to disguise itself as legitimate Outlook Team <msOutlook@outlook.com> Confirm Acount Details Hello

108 views • 7 slides
VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

THE STATE OF PHISHING ATTACK VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of Phishing Counter Measures Reports on Phishing Isaac K. Acheampong Facilities Manager BSc IT, Dip. IT, Sec+ STATE OF

711 views • 34 slides
Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing 2. Strategic defense techniques 3. A new client based solution: DOMAntiPhish 4. Conclusions Nature of Phishing Statistics from the Anti

536 views • 31 slides
Empirical Analysis and Statistical Modelling of Attack Processes based on Honeypots M. Kaniche

Empirical Analysis and Statistical Modelling of Attack Processes based on Honeypots M. Kaniche

Empirical Analysis and Statistical Modelling of Attack Processes based on Honeypots M. Kaniche 1 , E. Alata 1 , V.Nicomette 1 , Y. Deswarte 1 , M. Dacier 2 LAAS-CNRS 1 , Eurecom 2 Mohamed.Kaaniche@laas.fr ACI Scurit &

409 views • 17 slides
Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., & Hearst, M. (2006, April 22). Why

Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., & Hearst, M. (2006, April 22). Why

Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., & Hearst, M. (2006, April 22). Why Phishing Works. Gelernter, N., Kalma, S., Magnezi, B., & Porcilan, H. (2017). The Password Reset MitM Attack. What is Phishing? Dhamija, R.,

528 views • 50 slides
Phishing Attack Landscape and Benchmarking The data you need to know Perry Carpenter Chief

Phishing Attack Landscape and Benchmarking The data you need to know Perry Carpenter Chief

Phishing Attack Landscape and Benchmarking The data you need to know Perry Carpenter Chief Evangelist & Strategy Officer KnowBe4, Inc. About Perry MSIA, C|CISO Former Gartner Analyst leading research and advisory services to

655 views • 34 slides
Software Side-Channel Analysis: Attack Synthesis Lucas Bang Dissertation Defense Committee:

Software Side-Channel Analysis: Attack Synthesis Lucas Bang Dissertation Defense Committee:

Software Side-Channel Analysis: Attack Synthesis Lucas Bang Dissertation Defense Committee: Tevfik Bultan (chair) Omer E gecio glu Ben Hardekopf 1 Publications during PhD Aydin, Bang , Bultan. [CAV 2015] Automata-Based Model

2.13k views • 198 slides
ML through Streaming at Sherin Thomas @doodlesmt Stopping a Phishing Attack Hello Alex, Im

ML through Streaming at Sherin Thomas @doodlesmt Stopping a Phishing Attack Hello Alex, Im

QCON LONDON 2020 ML through Streaming at Sherin Thomas @doodlesmt Stopping a Phishing Attack Hello Alex, Im Tracy calling from Lyft HQ. This month were awarding $200 to all 4.7+ star drivers. Congratulations! Hey Tracy, thanks! Np!

769 views • 60 slides
The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing In a Nutshell 2. Phishing Types & Techniques 3. Phishing Stats & Modern Trends 4. Case-Study 5. Stay Safe 2 Speaker ABOUT ME

478 views • 24 slides
Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. Phishing can be in the form of emails, social

530 views • 20 slides
Overview What is Adversarial Attack? Why should we care? How does it work? Real

Overview What is Adversarial Attack? Why should we care? How does it work? Real

Adversarial Attacks on Phishing Detection Ryan Chang Overview What is Adversarial Attack? Why should we care? How does it work? Real World Demo on Phishing Detection Model How to defend? Adversarial Examples on

610 views • 26 slides
Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine

Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine

Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine Learning in Real-World Computer Vision Systems Long Beach, CA, USA 1 Outline Background and Motivation Project-based Defense Mechanism

760 views • 72 slides
Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

School of Fin ine Arts Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the attempt to obtain personal information such as passwords and logins for malicious purposes. By appearing to be legitimate the

255 views • 13 slides
09/28/2005 Shalendra Chhabra MS Thesis Defense - Fighting Spam, Phishing and Email Fraud

09/28/2005 Shalendra Chhabra MS Thesis Defense - Fighting Spam, Phishing and Email Fraud

09/28/2005 Shalendra Chhabra MS Thesis Defense - Fighting Spam, Phishing and Email Fraud University of California, Riverside Acknowledgements Grateful to: UCR, My Advisor Dimitrios Gunopulos, My Mentors William S Yerazunis and Bhiksha Raj

572 views • 43 slides
2020 Phishing Attack Landscape and Industry Benchmarking The data you need to know Perry

2020 Phishing Attack Landscape and Industry Benchmarking The data you need to know Perry

2020 Phishing Attack Landscape and Industry Benchmarking The data you need to know Perry Carpenter Joanna Huisman Chief Evangelist & Strategy Officer SVP Strategic Insights & Research KnowBe4, Inc. KnowBe4, Inc. Perry Carpenter

581 views • 37 slides
Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing? Phishing email messages, websites, and phone calls are designed to steal money or sensitive information. Cybercriminals can do this by installing

264 views • 24 slides
BSC Panel 193 BSC Panel 193 12 January 2012 Report on Progress of Report on Progress of

BSC Panel 193 BSC Panel 193 12 January 2012 Report on Progress of Report on Progress of

BSC Panel 193 BSC Panel 193 12 January 2012 Report on Progress of Report on Progress of Modification Proposals Adam Richardson 12 January 2012 Modifications Overview New New P281 P281 Definition - P272 P274 P275 P276 P277 P272,

878 views • 71 slides
AEON THANA SINSAP (THAILAND) PLC. 1/54 AGM 2009

AEON THANA SINSAP (THAILAND) PLC. 1/54 AGM 2009

AEON THANA SINSAP (THAILAND) PLC. 1/54 AGM 2009

869 views • 55 slides
RECURSION (CONTINUED) Lecture 9 CS2110 Summer 2019 Plus Tower of Hanoi 2 The objective

RECURSION (CONTINUED) Lecture 9 CS2110 Summer 2019 Plus Tower of Hanoi 2 The objective

RECURSION (CONTINUED) Lecture 9 CS2110 Summer 2019 Plus Tower of Hanoi 2 The objective of the puzzle is to move the entire stack to another rod, obeying the following simple rules: 1. Only one disk can be moved at a time. 2. Each move

277 views • 27 slides
Plan in and across south east London: C CCG reform The vision for south east London

Plan in and across south east London: C CCG reform The vision for south east London

Delivering the NHS Long Term Plan in and across south east London: C CCG reform The vision for south east London Whats happening? In south east London we are working as a partnership across CCGs, providers and local authorities to

402 views • 11 slides
Councils 5 th October 2015 Karen White Director Safety (Deputy Monitoring Officer) Newark and

Councils 5 th October 2015 Karen White Director Safety (Deputy Monitoring Officer) Newark and

Best Practice for Parish/Town Councils 5 th October 2015 Karen White Director Safety (Deputy Monitoring Officer) Newark and Sherwood District Council Activities/Duties The Law gives Parish Councillors a choice in the activities it

480 views • 24 slides
What are our goals?: Learn Python syntax and features Understand why Python is so powerful

What are our goals?: Learn Python syntax and features Understand why Python is so powerful

presents Intermediate Python What are our goals?: Learn Python syntax and features Understand why Python is so powerful and popular for so many different uses 2 Why are doing this?: Because were nice people, who

1.03k views • 87 slides
NHGRI GWAS Catalog: Current uses and future direc:ons

NHGRI GWAS Catalog: Current uses and future direc:ons

NHGRI GWAS Catalog: Current uses and future direc:ons Lucia A. Hindorff, PhD, MPH Division of Genomic Medicine NHGRI, NIH July 18, 2013

1.32k views • 46 slides
MORE FUNCTIONALITY BALL BEARING RUNNERS - BB DRAWER SLIDES BB drawer slides catalogue LIVE

MORE FUNCTIONALITY BALL BEARING RUNNERS - BB DRAWER SLIDES BB drawer slides catalogue LIVE

MORE FUNCTIONALITY BALL BEARING RUNNERS - BB DRAWER SLIDES BB drawer slides catalogue LIVE YOUR LIFE CEMUX.CO.UK Content BB drawer slide Description Item No. Page Soft-close & Push-open BB01 04-05 Full extension; 45mm Soft-close

363 views • 14 slides

More recommend