phigaro automatic phishing detection and incident
play

PhiGARo: Automatic Phishing Detection and Incident Response - PowerPoint PPT Presentation

Oct 09, 2022 •40 likes •270 views

PhiGARo: Automatic Phishing Detection and Incident Response Framework Martin Husk, Jakub egan {husakm|cegan}@ics.muni.cz ECTCM 2014 Fribourg, Switzerland Outline Introduction, Phishing incident response, PhiGARo (phishing

  1. PhiGARo: Automatic Phishing Detection and Incident Response Framework Martin Husák, Jakub Čegan {husakm|cegan}@ics.muni.cz ECTCM 2014 Fribourg, Switzerland

  2. Outline — Introduction, — Phishing incident response, — PhiGARo (phishing incident response tool), — Phishing honeypots (work in progress), — Conclusion. Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 2 / 23

  3. Research Questions Question I. How can we effectively handle a phishing incident? Question II. Can we automate phishing incident handling? Question III. Can we automate phishing incident reporting? Question IV. How can we attract phishers to phishing sensors? Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 3 / 23

  4. Masaryk University — 40,000 users, — 15,000 active IP addresses a day, — Many faculties, subnets, and local administrators, — 1 security department – CSIRT-MU. — Not applying strict firewall or e-mail filtering rules, — Emphasis on open network and academic freedom. — >100 reported phishing incidents per year, — Unknown number of unreported incidents. Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 4 / 23

  5. Tools of the Trade — Central security contact point, — Interaction with end-users and local administrators, — Request tracking software (RT), — 24 network probes (NetFlow, IPFIX), — Custom NetFlow analysis tools as an output of R&D. Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 5 / 23

  6. Phishing incident response Question I. How can we effectively handle a phishing incident? Question II. Can we automate phishing incident handling? Question III. Can we automate phishing incident reporting? Question IV. How can we attract phishers to phishing sensors? Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 6 / 23

  7. Phishing incident response 1. Incident is reported, 2. Searching for victims – checking mailserver logs and network monitoring data, 3. Interpreting the result, filtering false positives, 4. Mitigation – restricting access to phishing websites, filtering e-mails, 5. Send warning to victims, 6. Receive confirmation from victims. Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 7 / 23

  8. Phishing incident response — We rely on reports from users, — Manual handling requires experienced worker, — The process is laborious and time consuming, — It may be too late to mitigate the attack. Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 8 / 23

  9. Phishing incident response Question I. How can we effectively handle a phishing incident? Question II. Can we automate phishing incident handling? Question III. Can we automate phishing incident reporting? Question IV. How can we attract phishers to phishing sensors? Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 9 / 23

  10. PhiGARo — Phishing: Gather, Analyze, React, and Distribute, — Semi-automatic phishing incident response tool, — Modular architecture, — Incident handler runs PhiGARo after receiving phishing report, — PhiGARo performs the incident handling routine, — Incident handler receives confirmation from victims. Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 10 / 23

  11. PhiGARo Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 11 / 23

  12. PhiGARo Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 12 / 23

  13. PhiGARo modules — Request Tracker integration, — URL expander and URL redirection uncloaking, — Sendmail log parsing module, — NetFlow/IPFIX module (network traffic monitoring), — HTTP(S) module (extended flow monitoring), — E-mail blocking API, — RTBH API (blocking of network traffic), — Reporting phishing hosted on Google Docs, — Storage of phishing pages (screenshots), — Phishing form filling simulator. Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 13 / 23

  14. Phishing detection Question I. How can we effectively handle a phishing incident? Question II. Can we automate phishing incident handling? Question III. Can we automate phishing incident reporting? Question IV. How can we attract phishers to phishing sensors? Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 14 / 23

  15. Phishing detection — Reliance on user reports is insufficient, — Existing methods focus on filtering e-mail on mailservers or mailboxes, — Keyword search, data mining, machine learning... — Maintaining common phishing reporting tool in large networks is difficult. Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 15 / 23

  16. Honeypots — System resources whose value lies in illicit use, — Honeypots are generally free of false positives, — Spamtrap – honeypot e-mail address or mailserver deployed to collect spam, — Honeytoken – e-mail address, account name... Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 16 / 23

  17. Honeypots — Mailserver honeypot is deployed in the network, — Phishing detection method is set up at the honeypot, — Incoming e-mails are checked if they contain phishing, — Recognized phishing is reported to PhiGARo, — PhiGARo automatically starts handling the incident. Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 17 / 23

  18. Phishing detection Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 18 / 23

  19. Attracting attackers Question I. How can we effectively handle a phishing incident? Question II. Can we automate phishing incident handling? Question III. Can we automate phishing incident reporting? Question IV. How can we attract phishers to phishing sensors? Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 19 / 23

  20. Attracting attackers — Honeytokens are placed to be accessible by web crawlers, e-mail harvester... — Responding to earlier phishing from honeytoken e-mail addresses, — Using PhiGARo to respond automatically (extension of form filling simulator), — Black market poisoning (advanced). Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 20 / 23

  21. Attracting attackers — Concept of Virtual organization , — Custom domain, honeytokens, web content, etc. assigned to honeypots, — Increasing trustworthiness of a honeypots and honeytokens, — Adversary checks the domain, visits website, and is persuaded that the honeytokens are valid. Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 21 / 23

  22. Conclusion — Manual phishing incident handling is laborious. — The process of incident handling is automated by the phishing incident response tool PhiGARo. — PhiGARo is publicly available as a modular tool at: http://www.muni.cz/ics/services/csirt/ tools/phigaro?lang=en — We propose using honeypots to overcome reliance on user reports. — A concept of Virtual organization was discussed to attract phishers to honeypots. Martin Husák, Jakub Čegan · PhiGARo: Automatic Phishing Detection and Incident Response Framework · 10. 9. 2014 22 / 23

  23. Thank you for your attention. Martin Husák, Jakub Čegan {husakm|cegan}@ics.muni.cz

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Towards Adversarial Phishing Detection T. K. Panum, K. Hageman, R. R. Hansen, J. M. Pedersen 13th

Towards Adversarial Phishing Detection T. K. Panum, K. Hageman, R. R. Hansen, J. M. Pedersen 13th

Towards Adversarial Phishing Detection T. K. Panum, K. Hageman, R. R. Hansen, J. M. Pedersen 13th USENIX Workshop on Cyber Security Experimentation and Test Long Paper (Position) August 10, 2020 Motivation Phishing Attacks Advances in

387 views • 14 slides
Phishing Detection Using Semi-Supervised Methods with New Features Victor Zeng Advisor: Rakesh

Phishing Detection Using Semi-Supervised Methods with New Features Victor Zeng Advisor: Rakesh

ReDAS Lab Phishing Detection Using Semi-Supervised Methods with New Features Victor Zeng Advisor: Rakesh M. Verma COMPUTER SCIENCE Motivation Phishing is the act of sending fake emails to trick a user into doing something.

263 views • 12 slides
The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing In a Nutshell 2. Phishing Types & Techniques 3. Phishing Stats & Modern Trends 4. Case-Study 5. Stay Safe 2 Speaker ABOUT ME

478 views • 24 slides
Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. Phishing can be in the form of emails, social

530 views • 20 slides
Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

School of Fin ine Arts Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the attempt to obtain personal information such as passwords and logins for malicious purposes. By appearing to be legitimate the

255 views • 13 slides
VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

THE STATE OF PHISHING ATTACK VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of Phishing Counter Measures Reports on Phishing Isaac K. Acheampong Facilities Manager BSc IT, Dip. IT, Sec+ STATE OF

711 views • 34 slides
Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing? Phishing email messages, websites, and phone calls are designed to steal money or sensitive information. Cybercriminals can do this by installing

264 views • 24 slides
Automatic Disfluency Automatic Disfluency Detection in Multi-party Detection in Multi-party

Automatic Disfluency Automatic Disfluency Detection in Multi-party Detection in Multi-party

German Research Center for Artificial Intelligence GmbH Automatic Disfluency Automatic Disfluency Detection in Multi-party Detection in Multi-party www.amiproject.org Conversations Conversations Feast, 30th September 2009 , 30th September

322 views • 28 slides
PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing 3.0 Phishing kit 4.0 Types of Phishing 5.0 Avoidance Techniques 6.0 Effect of Phishing on Businesses 7.0 Demos & Practical INTRODUCTION

565 views • 27 slides
Automatic Defect Detection Andrzej Wasylkowski Overview Automatic Defect Detection

Automatic Defect Detection Andrzej Wasylkowski Overview Automatic Defect Detection

Automatic Defect Detection Andrzej Wasylkowski Overview Automatic Defect Detection Horizontal Techniques Specification-checking Techniques Mining-based Techniques Mining Repositories Mining Traces Mining Source Code Mining

683 views • 44 slides
Detection and Incident Response With osquery Javier Marcos @javutin $ whoami Security

Detection and Incident Response With osquery Javier Marcos @javutin $ whoami Security

Detection and Incident Response With osquery Javier Marcos @javutin $ whoami Security Engineer/Incident Responder Open source contributor (github.com/javuto) Former IBM, Facebook, Uber and Airbnb Current BitMEX Agenda Part 1:

981 views • 59 slides
Overview What is Adversarial Attack? Why should we care? How does it work? Real

Overview What is Adversarial Attack? Why should we care? How does it work? Real

Adversarial Attacks on Phishing Detection Ryan Chang Overview What is Adversarial Attack? Why should we care? How does it work? Real World Demo on Phishing Detection Model How to defend? Adversarial Examples on

610 views • 26 slides
Phishing Email Detection Info courtesy of www.itgovernance.co.uk 1 Message sent from a public

Phishing Email Detection Info courtesy of www.itgovernance.co.uk 1 Message sent from a public

Phishing Email Detection Info courtesy of www.itgovernance.co.uk 1 Message sent from a public email domain No legitimate organization will contact you from an email address that ends in @ gmail.com . 2 3 Domain names are

470 views • 16 slides
Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss Post CERT Botconf 2016 | Advanced Incident Detection and Threat Hunting using Sysmon and Splunk | Tom Ueltschi | TLP-WHITE Seite 1 C:\> whoami /all

1.34k views • 115 slides
Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring: What is phishing? How phishing can damage a business What are the difgerent types of phishing? How to spot a phishing email What to do if

159 views • 12 slides
Phishing, CEO Fraud & Other Criminal Tactics Fe February 19t 19th,2 ,2020 Mat Matthe

Phishing, CEO Fraud & Other Criminal Tactics Fe February 19t 19th,2 ,2020 Mat Matthe

Phishing, CEO Fraud & Other Criminal Tactics Fe February 19t 19th,2 ,2020 Mat Matthe hew Ellis , Incident Management, UBC Cybersecurity FACTS At UBC, we are responsible for substantial amounts of personal information about

447 views • 33 slides
Leadership for Change Programme Residential 1 Tuesday 23 rd Wednesday 24 th June 2015

Leadership for Change Programme Residential 1 Tuesday 23 rd Wednesday 24 th June 2015

Leadership for Change Programme Residential 1 Tuesday 23 rd Wednesday 24 th June 2015 Welcome! Purpose of the programme To develop systems leadership skills and capacity amongst public leaders To support public leaders to make

983 views • 94 slides
Predicate Logic: Introduction and Translations Alice Gao Lecture 10 CS 245 Logic and

Predicate Logic: Introduction and Translations Alice Gao Lecture 10 CS 245 Logic and

Predicate Logic: Introduction and Translations Alice Gao Lecture 10 CS 245 Logic and Computation Fall 2019 1 / 28 Outline Learning goals Introduction and Motivation Elements of Predicate Logic Translating between English and Predicate

317 views • 29 slides
20 Billion IoT Devices In 2023 page 02 * Gemalto The State of IoT Security guidelines 79

20 Billion IoT Devices In 2023 page 02 * Gemalto The State of IoT Security guidelines 79

20 Billion IoT Devices In 2023 page 02 * Gemalto The State of IoT Security guidelines 79 % required breach 48 % exists? improve 62 % security page 03 * Gemalto The State of IoT Security Honeypot A honeypot is a computer

631 views • 25 slides
Immersive Analytics of Honey Bee Data Interaction and Visualisation Design Huyen Nguyen |

Immersive Analytics of Honey Bee Data Interaction and Visualisation Design Huyen Nguyen |

Expanded Perception and Interaction Centre Immersive Analytics of Honey Bee Data Interaction and Visualisation Design Huyen Nguyen | Postdoctoral Fellow Sydney, May 2018 YOW! Data Conference http://epicentre.matters.today Research Background

564 views • 40 slides
Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and

Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and

Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and Deployment in a Honeypot Environment Eric Badger Masters Student Computer Engineering 1 Overview Introduction/Motivation Challenges

508 views • 30 slides
Deterring Cheating in Online Environments Henry Corrigan-Gibbs Nakull Gupta Curtis

Deterring Cheating in Online Environments Henry Corrigan-Gibbs Nakull Gupta Curtis

Deterring Cheating in Online Environments Henry Corrigan-Gibbs Nakull Gupta Curtis Northcutt Stanford University Microsoft Research India MIT Edward Cutrell William Thies Microsoft Research India Microsoft

1.19k views • 101 slides
Honeypots Mathias Gibbens Harsha vardhan Rajendran April 22, 2012 Mathias Gibbens, Harsha

Honeypots Mathias Gibbens Harsha vardhan Rajendran April 22, 2012 Mathias Gibbens, Harsha

Honeypots Mathias Gibbens Harsha vardhan Rajendran April 22, 2012 Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 1 / 28 Outline Introduction 1 History 2 Types of honeypots 3 Deception techniques using Honeypots

632 views • 61 slides
Digital Democracy: First Task Hi-Fi Prototype Sharewaves Garrick F. | Gen S. | Grace W.

Digital Democracy: First Task Hi-Fi Prototype Sharewaves Garrick F. | Gen S. | Grace W.

Digital Democracy: First Task Hi-Fi Prototype Sharewaves Garrick F. | Gen S. | Grace W. Garrick Gen Grace Coterm, CompSci Senior, Econ Senior, SymSys ran out of facts loves filet-o-fish flamed for liking honeydew Our mission is to help

664 views • 19 slides

More recommend