PHONEY: Mimicking User Response to Detect Phishing Attacks
|
|
- Vernon Anderson
- 5 years ago
- Views:
Transcription
1 PHONEY: Mimicking User to Detect Phishing Attacks Madhusudhanan Chandrasekaran Ramkumar Chinchani Shambhu Upadhyaya Department of Computer Science and Engineering University at Buffalo 201, Bell Hall, Buffalo, NY {mc79, rc27, Abstract Phishing scams pose a serious threat to end-users and commercial institutions alike. continues to be the favorite vehicle to perpetrate such scams mainly due to its widespread use combined with the ability to easily spoof them. Several approaches, both generic and specialized, have been proposed to address this problem. However, phishing techniques, growing in ingenuity as well as sophistication, render these solutions weak. In this paper we propose a novel approach to detect phishing attacks using fake responses which mimic real users, essentially, reversing the role of the victim and the adversary. Our prototype implementation called PHONEY, sits between a user s mail transfer agent (MTA) and mail user agent (MUA) and processes each arriving for phishing attacks. Using live data collected over a period of eight months we demonstrate data that our approach is able to detect a wider range of phishing attacks than existing schemes. Also, the performance analysis study shows that the implementation overhead introduced by our tool is very negligible. 1. Introduction The Internet is playing an increasingly significant role in today s commerce and business activities. Unfortunately, poor security on the Internet and large financial gains provide a strong motivation for attackers to perpetrate such seemingly low risk, yet high-return online scams. In the year 2004 alone, an estimated 20 million phishing s were sent out, resulting in nearly 10 billion dollars in damage [1]. Most of the phishing attacks are carried out by sending large volume of clearly crafted s posing to originate from a legitimate business domain. These messages are intended for redirecting the recipients to a masqueraded website, which manifests the same behavior of a legitimate domain, for tricking the users to reveal their financial information. Although spam filtering techniques can be employed to combat phishing s, these countermeasures are not entirely effective as there are a vast number of readily available tools that can bypass both the statistical and rule based spam filters. Also, phishers can choose the recipients via social engineering mechanisms. In this paper we propose a novel framework called PHONEY for automatic detection and analysis of phishing attacks. The key idea behind our framework is to protect identities of the end-users by providing fake information to the websites requesting critical information until the site s authenticity has been verified. Here, we leverage on the premise that just as an end user cannot tell legitimate and spoofed s apart, similarly phishers cannot tell the responses of legitimate and phantom user responses apart. Victim Internet Adversary Legitimate Figure 1: Defense-centric view: Who is the real sender - legitimate or adversary? Our framework views phishing as a two-stage game between the user and the adversary. In the first round, the attacker sends messages pretending to represent a legitimate business domain for tricking the users into divulging their personal information. The success of the attack lies in the phisher s ability to craft the attack in a manner that a naive user is unable to differentiate between the legitimate and the masqueraded messages, as shown in Figure 1. For the second stage, PHONEY analyzes the incoming message content for the presence of embedded links and attached HTML forms. If the contains no such signa-
2 ture traits, further investigation is safely discarded. Otherwise, a set of phantom users or fake identities are assigned to actively communicate with these websites with appropriate random values as shown in Figure 2. The random/fake information supplied to the websites acts as active honeytokens [2], and the websites responses are forwarded to the decision engine for further analysis. The key idea here is to shield the user from giving out critical personal information until the authenticity of the website is verified. Since the attacker can not distinguish between the fake and legitimate responses, his response is the same to both real and contrived responses. As our further contribution, we evaluated and tested PHONEY on 20 different phishing s assimilated over a period of eight months. Since spoofed websites are ephemeral, live testing against such websites is difficult. Therefore, for the purpose of testing our framework, we duplicated some of these attacks by hosting the spoof websites on our internal web server. Also for the evaluation, we give out the performance overhead incurred by PHONEY. Real/Phony Users Internet Adversary Figure 2: Offense-centric view: Who is the real respondent - the real victim or a PHONEY? The rest of the paper is organized as follows. We present the related work in Section 2, where our approach is compared with other existing techniques. An overview of the PHONEY architecture and the design details are presented in Section 3. In Section 4, we show the performance results of our framework along with the detection and false alarm rates. The shortcomings of our approach are listed out in Section 5. Finally, closing remarks are made in Section 6. 2 Related Work There are only a few research efforts that focus entirely on tackling the problem of prevention of phishing attacks. Phishing s are often related to spam and most of these techniques target spam control as a mechanism to prevent such identity theft scams. In this section we briefly review and compare these approaches to put our work in perspective. 2.1 Browser Plug-ins and Anti-Phishing Toolbars Several commercial and open source toolbars have been proposed to protect the users from phishing attacks. Most of these techniques perform static checking of the visited webpages and URLs for detecting the phishing attacks. Spoofstick [3] is a widely used tool that performs reverse DNS lookup on the visited website, for the purpose of displaying the IP address of the visited site on the browser s toolbar. Although this information can be used to separate legitimate and masqueraded websites, it still necessitates human-inthe-loop to make the actual decision. NetCraft anti-phishing toolbar [4] employs distributed decision mechanisms, that relies on its client s majority vote to infer a website s validity. The websites tagged malicious by its subscribed clients are scrutinized, and the result is disseminated among other subscribed members in the form of blacklists. As this technique relies on users feedback for its decision making, it may be subject to increased false positives and denial-ofservice (DoS) attacks, especially in cases where a group of hackers maliciously frame a legitimate website malicious. Also, since the masqueraded websites are short-lived, it is highly unlikely that such responses are propagated to the clients before their lifetime. SpoofGaurd [5] is another technique which examines the downloaded website using various stateful and stateless evaluations like checking for invalid links, URL obfuscation attempts etc. The major disadvantages with these approaches is that they are susceptible to attacks launched from the compromised legitimate website. Also, in many web hosting domains the attacker could create a user account with the name login and launch a successful phishing attack by hosting the masqueraded page in his domain space, which typically would appears as com/login, thereby circumventing aforementioned approaches. It is worth mentioning that a similar attack on Geocities was accidentally discovered by one of the authors, who reported the incident to the authorities. Other security protocol based techniques [6, 7] have been proposed, which require substantial modifications to be made on the existing server-side infrastructure, for their normal functioning. 2.2 Cryptography Based Techniques Key distribution and identity based digital signatures have been proposed to make messages trustworthy [8]. S/MIME, PGP [9] and GPG [10] are popularly adopted standards for digitally signing messages which are supported by most of the GUI mail clients. As these methods encrypt the outgoing s along with the sender s identity, it makes them resilient to spoofing. However at this point, not all web-based mail clients like Yahoo!Mail, Hotmail, Gmail support S/MIME. In the case of PGP/GPG schemes, as there is no central authority server which could verify the s, a phisher may infiltrate the web of trust and digitally sign his s. Also, another drawback of this approach is that it necessitates that both the sender and the receiver have the compatible infrastruc-
3 MTA Preliminary Processing Does contain URLs, forms, etc? Content Scanner Semantic analysis of suspicious content hashdb Dynamically generate phoneys? Phishing attack or not? MUA Figure 3: Block diagram of PHONEY architecture ture to support digital signing and verification. Smartcards and one-time passwords can be used to prevent phishing scams, but these approaches incur high set-up and management costs, and are not robust and scalable. 3 Overview of PHONEY In this section we give an overview of PHONEY s architecture and its various components. 3.1 Architecture Figure 3 illustrates the architecture block diagram of PHONEY. As mentioned in Introduction, the core idea behind our framework is that as an user cannot distinguish between the legitimate and the malicious s, similarly the phisher cannot separate the responses of a legitimate user and the phantom user apart. PHONEY is deployed as a client side tool between the mail server and the mail client to detect and mitigate based phishing attacks. The working of PHONEY is as follows: First, the preprocessor probes the mail server for incoming messages. Once the mail arrives, it parses the messages body for embedded links and HTML forms. s with HTML forms requesting critical information are tagged malicious. In the presence of embedded URLs, the control is passed to the content scanner which then retrieves the source of the referred web page for its analysis. The webpage with input forms are broken down further to extract its input element and its associated text. These extracted tokens are then compared against the entries in hashdb (see Figure 3) for the presence of fields with names as username, password, credit card numbers, social security number, password etc. Each tuple in the hashdb has two fields representing the token name along with its fake value. Depending on the information required to be sent out, the values corresponding to the tokens in the hashdb are supplied to the phantom users during the time of their instantiation. The phantom users are virtual entities, primarily created for the purpose of interacting with the malicious website. They interact with the website by sending the requested information in the form of active honeytokens. The behavior of the website to the honeytokens is recorded and analyzed for any activities not conforming to reasonable response. The decision engine is formalized as a rule based system, which relies on set of pre-determined propositions and inference rules to deduce whether the process has terminated in any of the known attack instances. 4 Case Studies To illustrate the efficacy of our proposed mechanism, we have evaluated our tool against 20 different phishing s. Twelve of them contained links to masqueraded websites which were live at the time of testing. Of the remaining eight s, three had links to websites that had been taken down before our tool could actually test them. For the sake of exhaustiveness, we replicated five interesting attacks recorded at the site. In order to measure the false positive rates, our tool was tested against s containing embedded URLs of legitimate domains. Based on the tests, we show that PHONEY was able to successfully detect all based phishing attacks with zero false alarms. Also, to our best knowledge we can boldly claim that PHONEY can detect all based attacks listed on the archive. For illustrative purposes, we also show three different scenarios which exemplify the working of our tool. Here, the interaction between the phantom user and the phisher s website is captured by hooking the detection engine, as an ActiveX control in Internet Explorer. 4.1 Example 1 In the first example, we look at a simple based phishing attack against the Regions bank. First, the phisher sends an in HTML format, requesting the users to verify their account data by following the embedded link. Here, the visible link in the " EBanking/logon/user?a=defaultAffiliate" masks the reference to the phisher s website: http: // Such attacks can be easily determined by the preprocessing
4 escaping detection, such cases can be disastrous from the phisher s standpoint as it may invoke suspicion in the users if they are consistently denied access. Figure 4: Phantom users supplying fake login information to the spoofed website engine as shown in Figure 4, which relies its decisions based on such noticeable differences. Also, to further validate our claim, the phisher s website is supplied with fake information. Upon automatic submission of fake authentication values as shown in Figure 5, the site predictably refers to a page asking credit card related information, thereby triggering our tool to raise an alarm. As most of the observed based phishing scams adopt similar attack model, PHONEY can trivially detect such kind of attacks. 4.2 Example 2 In the second example we show the working of PHONEY on an mimicking ebay website. The had a URL which redirected the users to the phishing website There were two noticeable differences in this phishing site: (a) This site attempted to spoof its URL as a legitimate site using a IE vulnerability. On our test machine, this spoofed URL was clearly detected since the machine was patched. (Note that this was NOT the basis for PHONEY detecting this site to be dangerous. Since our testing relies on the evaluating response of the spoofed website, it is reasonable to assume that our framework is effective even if IE was unpatched). (b) Also, the behavior of this site was different from the other cases. Upon submission of any value, the user was asked to enter his/her information again. Only when the submission was made a second time in the same browser session the user was directed to another page asking for more information. This is an excellent social engineering tactic where the phisher assumes that the naive user on receiving an about account suspension would hastily type in wrong credentials. PHONEY can be tuned to repeated test to ensure correctness. Though an attacker can replay the same strategy by not allowing the user to login for a repeated number of attempts, therefore successfully Figure 5: The detection engine flags the website malicious 4.3 Example 3 The third example is to show the working of our system against s that are received from the legitimate domains. Here, we test our tool with an containing a URL referring to the hotmail login page. Though our tool correctly identified this to be a legitimate , there are two caveats in hotmail. Usually, when users type in their user name in hotmail and move to the password field, a script automatically fills in However with PHONEY, no such action happens. Hence the result of submitting contrived values pops up a Java script box asking for the information to be entered again. Our tool nevertheless detects that fake inputs lead to the same behavior and infers that this is a legitimate site. We again would like to note in passing, that it is trivial to maintain a list of such domains to appropriately fill in random values. While being able to detect legitimate domains correctly, it is possible that an attacker launches denial-of-service attacks by sending s with URLs of real domain. Though this poses a serious threat, during real time deployment we can force the traffic through our own servers, which maintain the list of all the tested websites, thereby eliminating the need to test for previously tested domains. 5 Evaluation An evaluation of our tool was conducted to quantify the performance overhead incurred during detection. The overhead introduced by our detection system highly depends upon two parts: (a) phantom user instantiation overhead; (b) response analysis overhead. We performed our experiments on an Intel Pentium M, 1.3 GHz processor with 512Mb RAM. The five attacks illustrated in the www.
5 antiphishing.org s archive were replicated on an Intel Pentium GHz processor running Apache HTTP Server version The operating system is Redhat linux running kernel version We also benchmarked the execution time of each of the PHONEY s subcomponents, using auditing scripts. 5.1 Phantom user instantiation overhead The overhead involved in instantiation of phantom user is the aggregation of time taken by the preprocessing component plus the time needed to extract fake values from the hashdb. The overhead caused here is mainly due to file I/O, while flooding the phantom user with appropriate type fake values. But since the number of distinct fields stored are small in number, the entire hashdb file can be loaded into memory during start of execution, thereby reducing the overhead. Instantiation of phantom users, on an average took 1.2 secs with a standard deviation of 510 msec for its operations. 5.2 analysis overhead The total time taken by the response analysis subsystem is the time taken to post the response of phantom users plus the time taken for analysis. The average delay time because of response analysis was 2.35 secs with an exception that, the links whose website didn t exist took far longer because of the time out policy. From our observations, we can safely conclude that our detection framework does not introduce any significant computation overhead in the system. Also, the modular nature of the individual subcomponents provides hooks to replace existing modules with efficient variants, without affecting the overall performance. 6 Limitations The approach described in this paper has a few limitations. First, if this tool is widely adopted, the phishers can circumvent the given defense mechanism by replaying the response of the legitimate site for spurious inputs. However, such behavior is disastrous from the phisher s standpoint, as it may invoke suspicion in users, if they consistently observe invalid data error despite providing authentic information. Second, phishers can include robot detecting schemes like CAPTCHA (completely automated public Turing tests to tell computers and humans apart) in their websites to subvert the tool s effort to enact the responses of the legitimate users. Currently, this is not a problem, as CAPTCHA is widely used for preventing automated registration rather than user validation. Finally, there might also be legal ramifications of our tool consuming the sites bandwidth and computation power for its detection purposes. Though the traffic can be contained by the use of distributed lists, like web crawlers they also should operate with caution, to not violate any website s terms of usage. 7 Conclusions and Future Work In this paper, a novel anti-phishing framework for detecting based phishing attacks has been presented. The described approach adopts an offense centric technique to detect phishing attacks by using fake responses which mimic the real users, essentially, reversing the role of the victim and the adversary. The evaluation of the tool showed that our approach is able to detect a vast majority of the attacks, including cases where the masqueraded page is launched within the legitimate domain with no false positives. There are two main avenues which we are actively pursuing as a part of our ongoing and future work. First, we are investigating ways to differentiate the responses of the phisher and the legitimate websites via server side assistance. Though, at the current stage our tool does not require any change to the server side domain, the server side assistance can possibly increase the accuracy of our detection engine by eliminating the need of human in the loop. Finally, after satisfactory maturity, we are planning to release our tool as a browser extension to mitigate web based phishing attacks. References [1] D. Illett. Phishing attacks skyrocket in html, [2] L. Spitzner. Honeytokens: The other honeypot. July [3] Spoofstick toolbar. [4] Netcraft Anti-Phishing Toolbar. [5] N. Chou, R. Ledesma, Y. Teraguchi, and J. C. Mitchell. Client-side defense against web-based identity theft. In NDSS, [6] R. Dhamija and J. D. Tygar. The battle against phishing: Dynamic security skins. In SOUPS 05: Proceedings of the 2005 symposium on Usable privacy and security, pages 77 88, New York, NY, USA, ACM Press. [7] M. Jakobsson. Modeling and preventing phishing attacks. In Phishing Panel of Financial Crytography, [8] S. H. Ben Adida and R. Rivest. Fighting phishing attacks: A lightweight trust architecture for detecting spoofed s. Feb [9] S/MIME and Openpgp. [10] The GNU Privacy Gaurd.
Review of Phishing Detection Techniques
Review of Phishing Detection Techniques Swati Gaikwad Computer Engineering, DACOE, Pune, India. swatigaikwad0385@gmail.com Abstract Nowadays phishing attacks are increasing with burgeoning rate which is
More informationHow to prevent phishing attacks? In 3 Pages. Author: Soroush Dalili irsdl {4t[ yahoo }d0t] com Website: Soroush.SecProject.
How to prevent phishing attacks? In 3 Pages Author: Soroush Dalili Email: irsdl {4t[ yahoo }d0t] com Website: Soroush.SecProject.Com March 2009 How to prevent phishing attacks? 1. Introduction Phishing
More informationRobust Defenses for Cross-Site Request Forgery Review
Robust Defenses for Cross-Site Request Forgery Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationSecurity and Privacy
E-mail Security and Privacy Department of Computer Science Montclair State University Course : CMPT 320 Internet/Intranet Security Semester : Fall 2008 Student Instructor : Alex Chen : Dr. Stefan Robila
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationFAQ. Usually appear to be sent from official address
FAQ 1. What is Phishing Email? A form of fraud by which an attacker masquerades as a reputable entity in order to obtain your personal information. Usually appear to be sent from official email address
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationPhishing: When is the Enemy
Phishing: When E-mail is the Enemy Phishing, once only a consumer worry, is creating headaches for e-mail administrators as businesses become the next target. CONTENTS Understanding the Enemy 2 Three Things
More informationPhishing in the Age of SaaS
Phishing in the Age of SaaS AN ESSENTIAL GUIDE FOR BUSINESSES AND USERS The Cloud Security Platform Q3 2017 intro Phishing attacks have become the primary hacking method used against organizations. In
More information3.5 SECURITY. How can you reduce the risk of getting a virus?
3.5 SECURITY 3.5.4 MALWARE WHAT IS MALWARE? Malware, short for malicious software, is any software used to disrupt the computer s operation, gather sensitive information without your knowledge, or gain
More informationFighting Spam, Phishing and Malware With Recurrent Pattern Detection
Fighting Spam, Phishing and Malware With Recurrent Pattern Detection White Paper September 2017 www.cyren.com 1 White Paper September 2017 Fighting Spam, Phishing and Malware With Recurrent Pattern Detection
More informationKaspersky Security Network
The Kaspersky Security Network (KSN) is a complex distributed infrastructure dedicated to intelligently processing cybersecurity-related data streams from millions of voluntary participants around the
More informationCustom Plugin A Solution to Phishing and Pharming Attacks
Custom Plugin A Solution to Phishing and Pharming Attacks Omer Mahmood School of Information Technology Charles Darwin University Darwin, NT, Australia Abstract - This paper proposes a new method to detect,
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationTHE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More informationIT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)
IT Security Protecting Ourselves From Phishing Attempts Ray Copeland Chief Information Officer (CIO) Phishing Defined The fraudulent practice of sending emails claiming to be from reputable people or companies
More informationA Look Back at Security Problems in the TCP/IP Protocol Suite Review
A Look Back at Security Problems in the TCP/IP Protocol Suite Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 26, 2011 1 Introduction to the topic and the reason
More informationClient-side defenses against web-based identity theft
Client-side defenses against web-based identity theft Students: Robert Ledesma, Blake Ross, Yuka Teraguchi Faculty: Dan Boneh and John Mitchell Stanford University PORTIA Project 1 Phishing Attack Spam
More informationThe Rise of Phishing. Dave Brunswick Tumbleweed Communications Anti-Phishing Working Group
The Rise of Phishing Dave Brunswick Tumbleweed Communications Anti-Phishing Working Group 2 The Anti-Phishing Working Group Industry association focused on eliminating identity theft and fraud from the
More informationRobust Defenses for Cross-Site Request Forgery
University of Cyprus Department of Computer Science Advanced Security Topics Robust Defenses for Cross-Site Request Forgery Name: Elena Prodromou Instructor: Dr. Elias Athanasopoulos Authors: Adam Barth,
More informationIncident Play Book: Phishing
Incident Play Book: Phishing Issue: 1.0 Issue Date: September 12, 2017 Copyright 2017 Independent Electricity System Operator. Some Rights Reserved. The following work is licensed under the Creative Commons
More informationPassword Rescue: A New Approach to Phishing Prevention
Password Rescue: A New Approach to Phishing Prevention Dinei Florêncio and Cormac Herley Microsoft Research, One Microsoft Way, Redmond, WA July 7, 2006 Abstract A phishing attack exploits both the enormous
More informationWHITEPAPER. Vulnerability Analysis of Certificate Validation Systems
WHITEPAPER Vulnerability Analysis of Certificate Validation Systems The US Department of Defense (DoD) has deployed one of the largest Public Key Infrastructure (PKI) in the world. It serves the Public
More informationAN ANTI-SPOOFING TOOL: SPOOFGUARD++
AN ANTI-SPOOFING TOOL: SPOOFGUARD++ A dissertation submitted to The University of Manchester for the degree of MSc in Advance Computer Science in the Faculty of Engineering and Physical Sciences 2011 MOHAMMED
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationHow to recognize phishing s
Phishing email messages, websites, and phone calls are designed to steal money, steal data and/or destroy information. Cybercriminals can do this by installing malicious software on your computer or stealing
More informationEBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.
EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have
More informationFrequently Asked Questions (FAQ)
Your personal information and account security is important to us. This product employs a Secure Sign On process that includes layers of protection at time of product log in to mitigate risk, and thwart
More informationIntroduction. Logging in. WebMail User Guide
Introduction modusmail s WebMail allows you to access and manage your email, quarantine contents and your mailbox settings through the Internet. This user guide will walk you through each of the tasks
More informationA Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
More informationApplying Context to Web Authentication
Applying Context to Web Authentication John Linn, Burt Kaliski, and Moti Yung, RSA Laboratories; Magnus Nyström, RSA Security Inc. Prepared for W3C Workshop on Transparency and Usability of Web Authentication,
More informationSecurity Using Digital Signatures & Encryption
Email Security Using Digital Signatures & Encryption CONTENTS. Introduction The Need for Email Security Digital Signatures & Encryption 101 Digital Signatures & Encryption in Action Selecting the Right
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationEvolution of Spear Phishing. White Paper
Evolution of Spear Phishing White Paper Executive Summary Phishing is a well-known security threat, but few people understand the difference between phishing and spear phishing. Spear phishing is the latest
More informationProtecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution
Protecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution Today's security threats increasingly involve application-layer DDoS attacks mounted by organized groups of attackers
More informationLayer by Layer: Protecting from Attack in Office 365
Layer by Layer: Protecting Email from Attack in Office 365 Office 365 is the world s most popular office productivity suite, with user numbers expected to surpass 100 million in 2017. With the vast amount
More informationAuthentication Security
Authentication Security Hui Zhu Copyright 2005 www.ebizsec.com Agenda Authentication Components Authentication Hacking Consideration for Authentication Security Principle for Authentication Security Case
More informationUnique Phishing Attacks (2008 vs in thousands)
The process of attempting to acquire sensitive information, such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. In the 2 nd half
More informationCE Advanced Network Security Phishing I
CE 817 - Advanced Network Security Phishing I Lecture 15 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained
More informationWebomania Solutions Pvt. Ltd. 2017
The other name for link manipulation is Phishing or you can say link manipulation is type of phishing attack done generally to mislead the user to a replica website or a looka-like of some well-known site.
More informationFeatured Articles II Security Research and Development Research and Development of Advanced Security Technology
364 Hitachi Review Vol. 65 (2016), No. 8 Featured Articles II Security Research and Development Research and Development of Advanced Security Technology Tadashi Kaji, Ph.D. OVERVIEW: The damage done by
More informationPhishing Activity Trends Report January, 2005
Phishing Activity Trends Report January, 2005 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent web sites which attempt to trick them into divulging
More informationProtecting from Attack in Office 365
A hacker only needs one person to click on their fraudulent link to access credit card, debit card and Social Security numbers, names, addresses, proprietary information and other sensitive data. Protecting
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationThe Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015
The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table
More informationFighting Phishing I: Get phish or die tryin.
Fighting Phishing I: Get phish or die tryin. Micah Nelson and Max Hyppolite bit.ly/nercomp_sap918 Please, don t forget to submit your feedback for today s session at the above URL. If you use social media
More informationWeb Security, Summer Term 2012
IIG University of Freiburg Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist Sommer Semester Web Security, Summer Term 2012 7 Broken Authentication and Session
More informationWeb Security, Summer Term 2012
Table of Contents IIG University of Freiburg Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist Sommer Semester Introduction Examples of Attacks Brute Force Session
More informationProtect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com
Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com KASPERSKY FRAUD PREVENTION 1. Ways of Attacking Online Banking The prime motive behind cybercrime is making money and today s sophisticated criminal
More informationHow Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong
How Enterprise Tackles Phishing Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong Hackers turning to easy marks - Social engineering Phishing was the #1 threat vector (> 50%) for Office
More informationDMARC Continuing to enable trust between brand owners and receivers
DMARC Continuing to enable trust between brand owners and receivers February 2014 1 DMARC Defined DMARC stands for: Domain-based Message Authentication, Reporting & Conformance (pronounced dee-mark ) 2
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationWHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?
WHAT IS CORPORATE ACCOUNT TAKEOVER? Corporate Account Takeover (also referred to as CATO) is a type of fraud where criminals gain access to a business financial accounts to make unauthorized transactions.
More informationINTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
INTRODUCTION: DDOS ATTACKS 1 DDOS ATTACKS Though Denial of Service (DoS) and Distributed Denial of Service (DDoS) have been common attack techniques used by malicious actors for some time now, organizations
More informationISO/IEC Common Criteria. Threat Categories
ISO/IEC 15408 Common Criteria Threat Categories 2005 Bar Biszick-Lockwood / QualityIT Redmond, WA 2003 Purpose This presentation introduces you to the threat categories contained in ISO/IEC 15408, used
More informationSPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of
More informationPhishing is Yesterday s News Get Ready for Pharming
April 2005 Copyright 2005 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. Entrust is a registered trademark of Entrust
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More informationPREVENTING FROM PHISHING ATTACK BY IMPLEMENTING URL PATTERN MATCHING TECHNIQUE IN WEB
International Journal of Civil Engineering and Technology (IJCIET) Volume 8, Issue 9, September 2017, pp. 1200 1208, Article ID: IJCIET_08_09_135 Available online at http://http://www.iaeme.com/ijciet/issues.asp?jtype=ijciet&vtype=8&itype=9
More informationPhishing Activity Trends Report August, 2006
Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account
More informationLongline Phishing: -borne Threats, Cloud Computing, Big Data, and the Rise of Industrial Phishing Attacks. A Proofpoint White Paper WHITE PAPER
Longline Phishing: Email-borne Threats, Cloud Computing, Big Data, and the Rise of Industrial Phishing Attacks A Proofpoint White Paper threat protection compliance archiving & governance secure communication
More informationPhishing Activity Trends Report August, 2005
Phishing Activity Trends Report August, 25 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial
More informationINF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015
INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3
More informationThe Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It
The Credential Phishing Handbook Why It Still Works and 4 Steps to Prevent It Introduction Phishing is more than 20 years old, but still represents more than 90% of targeted attacks. The reason is simple:
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationSurvey of Cyber Moving Targets. Presented By Sharani Sankaran
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More informationOverview Cross-Site Scripting (XSS) Christopher Lam Introduction Description Programming Languages used Types of Attacks Reasons for XSS Utilization Attack Scenarios Steps to an XSS Attack Compromises
More informationFor the purposes of this discussion, the following two attacks are key:
Introduction Reports of phishing attacks have inundated the press for good reason. The cleverness of social engineering has again damaged the prospects for online commerce, and online banking in particular.
More informationEasyCrypt passes an independent security audit
July 24, 2017 EasyCrypt passes an independent security audit EasyCrypt, a Swiss-based email encryption and privacy service, announced that it has passed an independent security audit. The audit was sponsored
More informationSecure Frame Communication in Browsers Review
Secure Frame Communication in Browsers Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic being
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationBerner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 2
Table of Contents Hacking Web Sites Broken Authentication Emmanuel Benoist Spring Term 2018 Introduction Examples of Attacks Brute Force Session Spotting Replay Attack Session Fixation Attack Session Hijacking
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme file
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationPanda Security 2010 Page 1
Panda Security 2010 Page 1 Executive Summary The malware economy is flourishing and affecting both consumers and businesses of all sizes. The reality is that cybercrime is growing exponentially in frequency
More informationApplication and Data Security with F5 BIG-IP ASM and Oracle Database Firewall
F5 White Paper Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall Organizations need an end-to-end web application and database security solution to protect data, customers,
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme file
More informationTrustwave SEG Cloud BEC Fraud Detection Basics
.trust Trustwave SEG Cloud BEC Fraud Detection Basics Table of Contents About This Document 1 1 Background 2 2 Configuring Trustwave SEG Cloud for BEC Fraud Detection 5 2.1 Enable the Block Business Email
More informationDDoS MITIGATION BEST PRACTICES
DDoS MITIGATION BEST PRACTICES DDoS ATTACKS ARE INCREASING EXPONENTIALLY Organizations are becoming increasingly aware of the threat that Distributed Denial of Service (DDoS) attacks can pose. According
More informationHow WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security
How WebSafe Can Protect Customers from Web-Based Attacks Mark DiMinico Sr. Mgr., Systems Engineering Security Drivers for Fraud Prevention WebSafe Protection Drivers for Fraud Prevention WebSafe Protection
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationPhishing Read Behind The Lines
Phishing Read Behind The Lines Veljko Pejović veljko@cs.ucsb.edu What is Phishing? "Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and
More informationIntroduction. Logging in. WebQuarantine User Guide
Introduction modusgate s WebQuarantine is a web application that allows you to access and manage your email quarantine. This user guide walks you through the tasks of managing your emails using the WebQuarantine
More informationThe Interactive Guide to Protecting Your Election Website
The Interactive Guide to Protecting Your Election Website 1 INTRODUCTION Cloudflare is on a mission to help build a better Internet. Cloudflare is one of the world s largest networks. Today, businesses,
More informationDoD Spear-Phishing Awareness Training. Joint Task Force - Global Network Operations
//FOUO DoD Spear-Phishing Awareness Training Joint Task Force - Global Network Operations Updated: 16 NOV 2006 //FOUO Objective Inform and increase the awareness of all Department of Defense personnel
More informationPhishEye: Live Monitoring of Sandboxed Phishing Kits. Xiao Han Nizar Kheir Davide Balzarotti
PhishEye: Live Monitoring of Sandboxed Phishing Kits Xiao Han Nizar Kheir Davide Balzarotti Summary Motivation Sandboxed phishing kits Implementation Results [APWG Phishing Activity Trends Report 2 nd
More informationQUARTERLY TRENDS AND ANALYSIS REPORT
September 1, 2007 Volume 2, Issue 3 QUARTERLY TRENDS AND ANALYSIS REPORT www.us-cert.gov Introduction This report summarizes and provides analysis of incident reports submitted to US-CERT during the U.S.
More informationSecurity by Any Other Name:
Security by Any Other Name: On the Effectiveness of Provider Based Email Security Ian Foster, Jon Larson, Max Masich, Alex C. Snoeren, Stefan Savage, and Kirill Levchenko University of California, San
More informationBIG-IP Application Security Manager : Getting Started. Version 12.1
BIG-IP Application Security Manager : Getting Started Version 12.1 Table of Contents Table of Contents Introduction to Application Security Manager...5 What is Application Security Manager?...5 When to
More informationObjectives CINS/F1-01
Email Security (1) Objectives Understand how e-mail systems operate over networks. Classify the threats to the security of e-mail. Study how S/MIME and PGP can be used to add security to e-mail systems.
More informationPROTECTING YOUR BUSINESS ASSETS
PROTECTING YOUR BUSINESS ASSETS How to Spot Danger Before Your Computer Gets Infected, Your Site Hosts Malware, and Your Credit Card Number Gets Stolen A MyNAMS Presentation by Regina Smola @2012 Regina
More informationIssues in Using DNS Whois Data for Phishing Site Take Down
Issues in Using DNS Whois Data for Phishing Site Take Down The Anti-Phishing Working Group DNS Policy Committee (www.antiphishing.org) May 2007 Summary Given fundamental policy changes regarding accessibility
More informationADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI. Adaptive Authentication in IBM Tivoli Environments. Solution Brief
ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI Adaptive Authentication in IBM Tivoli Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing costeffective
More informationAccess Controls. CISSP Guide to Security Essentials Chapter 2
Access Controls CISSP Guide to Security Essentials Chapter 2 Objectives Identification and Authentication Centralized Access Control Decentralized Access Control Access Control Attacks Testing Access Controls
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More information