Distributed Phishing Attacks Markus Jakobsson Joint work with Adam Young, LECG.

Slides:

Advertisements

Similar presentations

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

Advertisements

Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---

What is Spam  Any unwanted messages that are sent to many users at once.  Spam can be sent via , text message, online chat, blogs or various other.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

5-Network Defenses Dr. John P. Abraham Professor UTPA.

Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

ECrime Research Richard Clayton Luxembourg 11 th May 2010.

Tracking the Role of Adversaries in Measuring Unwanted Traffic Mark Allman(ICSI) Paul Barford(Univ. Wisconsin) Balachander Krishnamurthy(AT&T Labs - Research)

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Miscreant of Social Networks Paper1: Social Honeypots, Making Friends With A Spammer Near You Paper2: Social phishing Kai and Isaac.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.

Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete server protection –Spam Blocking (95+ percent) Extremely.

Discovering Computers 2010

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Introduction to Honeypot, Botnet, and Security Measurement

Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

ISEC0511 Programming for Information System Security

APT29 HAMMERTOSS Jayakrishnan M.

A Secure Protocol for Computing Dot-products in Clustered and Distributed Environments Ioannis Ioannidis, Ananth Grama and Mikhail Atallah Purdue University.

Internet Security facilities for secure communication.

Fast Portscan Detection Using Sequential Hypothesis Testing Authors: Jaeyeon Jung, Vern Paxson, Arthur W. Berger, and Hari Balakrishnan Publication: IEEE.

Final Introduction ---- Web Security, DDoS, others

JMU GenCyber Boot Camp Summer, Defense Logging Auditing Response.

بسم الله الرحمن الرحيم Islamic University of Gaza Electrical & Computer Engineering Department Prepared By : Eman Khaled El-mashharawi Miriam Mofeed El-Mukhallalati.

1 Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008

The UCSD Network Telescope A Real-time Monitoring System for Tracking Internet Attacks Stefan Savage David Moore, Geoff Voelker, and Colleen Shannon Department.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Guidelines for ENSCONET partners in the use of the e-forum.

AN INSIDE LOOK AT BOTNETS Barford, Paul and Yegneswaran Advances in Information Security, Springer, 2006 Kishore Padma Raju.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Defending Against Internet Worms: A Signature-Based Approach Aurthors: Yong Tang, and Shigang Chen Publication: IEEE INFOCOM'05 Presenter : Richard Bares.

Host and Application Security Lesson 17: Botnets.

1 Introduction to Malcode, DoS Attack, Traceback, RFID Security Cliff C. Zou 03/02/06.

ATO Reactive Training 1st Level Jasmin Kazi

Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.

Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://

PeerReview: Practical Accountability for Distributed Systems SOSP 07.

Mapping Internet Sensor With Probe Response Attacks Authors: John Bethencourt, Jason Franklin, and Mary Vernon. University of Wisconsin, Madison. Usenix.

Presentation for CDA6938 Network Security, Spring 2006 Timing Analysis of Keystrokes and Timing Attacks on SSH Authors: Dawn Xiaodong Song, David Wagner,

Cybersecurity Test Review Introduction to Digital Technology.

Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Paper By : V.T.Lam, S.Antonatos, P.Akritidis, K.G.Anagnostakis Conference : ACM.

IT Ess I v.4x Chapter 1 Cisco Discovery Semester 1 Chapter 8 JEOPADY Q&A by SMBender, Template by K. Martin.

Heat-seeking Honeypots: Design and Experience John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy and Martin Abadi WWW 2011 Presented by Elias P.

Analysing s Michael Jones. Overview How works Types of crimes associated with Mitigations Countermeasures Michael Jones2Analsysing s.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

Social Impacts of IT: P6 By André Sammut. Social Impacts IT impacts our life both in good ways and bad ways. Multiplayer Games Social Networks Anti-social.

Intro to Digital Technology Review for Final Introduction to Digital Technology Finals Seniors Monday, 5/16 – 2 nd Tuesday 5/17 – 1 st,3 rd Underclassmen.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

Botnets A collection of compromised machines

Online Social Network: Threats &

TMG Client Protection 6NPS – Session 7.

ISYM 540 Current Topics in Information System Management

Botnets A collection of compromised machines

Unit 1.6 Systems security Lesson 3

Real World Advanced Threat Protection

Anatomy of a Large Scale Attack

Security Hardening through Awareness August 2018

Red Team Exercise Part 3 Week 4

Knowledge Base.

Introduction to Internet Worm

Cybersecurity Simplified: Phishing

Presentation transcript:

Distributed Phishing Attacks Markus Jakobsson Joint work with Adam Young, LECG

A typical phishing attack

A distributed phishing attack

How can this be done? 1. Adversary needs to control many hosts. Malware Symbiotic host program Firewall weaknesses (an arbitrary victim is fine) 2. Hosts must be uncorrelated. 3. Hosts need to report to adversary. Without giving away location of adversary Without giving away compromised credentials

Attack structure 1.Adversary randomly plants host pages. 2.Spam victims, using spoofing, referring to host pages. 3.Each host page waits to receive credentials, then posts to bulletin board(s). 4.Adversary retrieves credentials from bulletin board(s).

Attack details Posted credentials are hidden using steganographic methods. (Not easy to detect what constitutes a posting from a host.) Posted credentials are public-key encrypted to hide credentials from anybody but the attacker. Alternatively, harvested credentials can be sent to an account associated with the attack instance (attacker creates lots of accounts + uses POP from anonymous location.)

Failed protection mechanisms Given information about a few hosts, one cannot infer the location/identity of other hosts. (Makes honeypots and collaborative detection meaningless.) Given knowledge of what bulletin boards are used, one cannot shut them down, or this is a DoS on the infrastructure … besides, the hosts can post to several BBs.

Promising protection mechanism 1.Gather network statistics. (Already done, just augment what is collected; can scan for common phrases and structures.) 2.Detect a few instances of a DPA. 3.Cluster instances with suspect profile. 4.Automatically demand all hosts in cluster to be blocked (Authenticated requests) or DoS them. 5.Automatically warn victims of s in cluster. (Provides second line of defense.)

Some details of defense Use OCR to detect similarities in appearance between images. Use anti-plagiarism techniques to detect similarities between texts. (See, e.g., SPLAT)SPLAT Also detect similarities between pages pointed to (only for likely candidates.) Cluster with known offenders and with likely offenders. (Based on content and communication patterns.) Paper? Please