Distributed Phishing Attacks - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Distributed Phishing Attacks

Description:

Distributed Phishing Attacks. Markus Jakobsson. Indiana ... ( See, e.g., SPLAT) Also detect similarities between pages pointed to (only for likely candidates. ... – PowerPoint PPT presentation

Number of Views:56
Avg rating:3.0/5.0
Slides: 10
Provided by: sit9
Category:

less

Transcript and Presenter's Notes

Title: Distributed Phishing Attacks


1
Distributed Phishing Attacks
  • Markus Jakobsson
  • Indiana University at Bloomington
  • Center for Applied Cybersecurity Research
  • Joint work with Adam Young

2
A typical phishing attack
3
A distributed phishing attack
4
How can this be done?
  • 1. Adversary needs to control many hosts.
  • Malware
  • Symbiotic host program
  • Firewall weaknesses (an arbitrary victim is fine)
  • 2. Hosts must be uncorrelated.
  • 3. Hosts need to report to adversary.
  • Without giving away location of adversary
  • Without giving away compromised credentials

5
Attack structure
  • Adversary randomly plants host pages.
  • Spam victims, using spoofing, referring to host
    pages.
  • Each host page waits to receive credentials, then
    posts to bulletin board(s).
  • Adversary retrieves credentials from bulletin
    board(s).

6
Attack details
  • Posted credentials are hidden using
    steganographic methods. (Not easy to detect what
    is a posting from a host.)
  • Posted credentials are public-key encrypted to
    hide credentials from anybody but the attacker.
  • Alternatively, harvested credentials can be sent
    to an email account associated with the attack
    instance (attacker creates lots of accounts
    uses POP from anonymous location.)

7
Failed protection mechanisms
  • Given information about a few hosts, one cannot
    infer the location/identity of other hosts.
    (Makes honeypots and collaborative detection
    meaningless.)
  • Given knowledge of what bulletin boards are used,
    one cannot shut them down, or this is a DoS on
    the infrastructure besides, the hosts can post
    to several BBs.

8
Promising protection mechanism
  • Gather network statistics. (Already done, just
    augment what is collected can scan for common
    phrases and structures.)
  • Detect a few instances of a DPA.
  • Cluster instances with suspect profile.
  • Automatically demand all hosts in cluster to be
    blocked. (Authenticated requests.)
  • Automatically warn victims of emails in cluster.
    (Provides second line of defense.)

9
Some details of defense
  • Use OCR to detect similarities in appearance
    between images.
  • Use anti-plagiarism techniques to detect
    similarities between texts. (See, e.g., SPLAT)
  • Also detect similarities between pages pointed to
    (only for likely candidates.)
  • Cluster with known offenders and with likely
    offenders. (Based on content and communication
    patterns.)
  • Paper? Please email markus_at_indiana.edu
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Distributed Phishing Attacks" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!