s rsrt Case study: information sharing - - PowerPoint PPT Presentation

s rs r t
SMART_READER_LITE
LIVE PREVIEW

s rsrt Case study: information sharing - - PowerPoint PPT Presentation

Jun 08, 2023 773 likes •915 views

s rsrt Case study: information sharing in incident response Tyler Moore Phishing attacks Challenges of information sharing To combat phishing attacks, defenders take down the

slide-1
SLIDE 1

❊❝♦♥♦♠✐❝s ♦❢ ❈②❜❡rs❡❝✉r✐t②

Case study: information sharing in incident response

Tyler Moore

slide-2
SLIDE 2

Phishing attacks

slide-3
SLIDE 3

Challenges of information sharing

◮ To combat phishing attacks, defenders “take down” the

hacked website hosting the impersonating content

◮ Interested parties must find the offending content and

request its removal

◮ Sharing timely incident information is often hard to do well

slide-4
SLIDE 4

Lack of coordination among defenders

slide-5
SLIDE 5

Non-cooperation in the fight against phishing

slide-6
SLIDE 6

Mule-recruitment websites

slide-7
SLIDE 7

Mule-recruitment websites

slide-8
SLIDE 8

Mule-recruitment websites

slide-9
SLIDE 9

Misaligned incentives in combating cybercrime

◮ Incentive on the party requesting content removal matters

most

◮ Banks are highly motivated to remove phishing websites ◮ Banks’ incentives remain imperfect: they only remove

websites directly impersonating their brand, while

  • verlooking mule-recruitment websites

◮ Scams without a clear champion often operate with impunity

slide-10
SLIDE 10

Identifying intervention points

◮ For many forms of intervention, from self-regulation to

intermediary liability, finding a suitable intervention point is key

◮ Look for (1) concentrations of badness passing through and

(2) an ability to intervene

◮ Lots of natural intervention points in fight against

cybercrime, such as ISPs, web hosting providers

slide-11
SLIDE 11

Benchmarking to correct information asymmetries

◮ ISP abuse teams help remediate infected customers ensnared

in botnets

◮ Some do a better job at dealing with abuse reports than

  • thers

◮ Without knowledge of comparative performance, there can

be little incentive to improve

slide-12
SLIDE 12

Benchmarking to correct information asymmetries

◮ Van Eeten et al. independently tracked infection rates at all

major Dutch ISPs

◮ Dutch government requested they not make the results

public, but share them only with the group of ISPs, and hide company information

◮ Two ISPs trailed the rest by a wide margin ◮ Equipped with this information, the security teams got

management to invest more and they quickly improved

slide-13
SLIDE 13

Thank you for your attention!

Please post any questions you may have on our discussion forum.