Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Researchers Work to Counter Spear Phishing Attacks

11.01.2013
The email resembled the organization’s own employee e-newsletter and asked recipients to visit a website to confirm that they wanted to continue receiving the newsletter.

Another email carried an attachment it said contained the marketing plan the recipient had requested at a recent conference. A third email bearing a colleague’s name suggested a useful website to visit.

None of these emails were what they pretended to be. The first directed victims to a website that asked for personal information, including the user’s password. The second included a virus launched when the “marketing plan” was opened. The third directed users to a website that attempted to install a malicious program.

All three are examples of what information security experts at the Georgia Tech Research Institute (GTRI) say is the most challenging threat facing corporate networks today: “spear phishing.”

Generic emails asking employees to open malicious attachments, provide confidential information or follow links to infected websites have been around for a long time. What’s new today is that the authors of these emails are now targeting their attacks using specific knowledge about employees and the organizations they work for. The inside knowledge used in these spear phishing attacks gains the trust of recipients.

“Spear phishing is the most popular way to get into a corporate network these days,” said Andrew Howard, a GTRI research scientist who heads up the organization’s malware unit. “Because the malware authors now have some information about the people they are sending these to, they are more likely to get a response. When they know something about you, they can dramatically increase their odds.”

The success of spear phishing attacks depends on finding the weakest link in a corporate network. That weakest link can be just one person who falls for an authentic-looking email.

“Organizations can spend millions and millions of dollars to protect their networks, but all it takes is one carefully-crafted email to let someone into it,” Howard said. “It’s very difficult to put technical controls into place to prevent humans from making a mistake. To keep these attacks out, email users have to do the right thing every single time.”

Howard and other GTRI researchers are now working to help email recipients by taking advantage of the same public information the malware authors use to con their victims. Much of that information comes from social media sites that both companies and malware authors find helpful. Other information may be found in Securities and Exchange Commission (SEC) filings, or even on an organization’s own website.

“There are lots of open sources of information that will increase the chances of eliciting a response in spear phishing,” Howard said. “We are looking at a way to warn users based on this information. We’d like to see email systems smart enough to let users know that information contained in a suspect message is from an open source and suggest they be cautious.”

Other techniques to counter the attacks may come from having access to all the traffic entering a corporate network.

To increase their chance of success, criminals attempting to access a corporate network often target more than one person in an organization. Network security tools could use information about similar spear phishing attempts to warn other members of an organization. And by having access to all email, security systems could learn what’s “normal” for each individual – and recognize unusual email that may be suspicious.

“We are looking at building behavioral patterns for users so we’d know what kinds of email they usually receive. When something comes in that’s suspicious, we could warn the user,” Howard said. “We think the real answer is to keep malicious email from ever getting into a user’s in-box, but that is a much more difficult problem.”

It’s difficult because organizations today depend on receiving, opening and responding to email from customers. Deleting or even delaying emails can have a high business cost.

“What we do requires a careful balance of protecting the user, but allowing the user to get his or her job done,” he said. “Like any security challenge we have to balance that.”

These and other strategies will be part of Phalanx, a new product being developed by GTRI researchers to protect corporate networks from spear phishing. It will be part of Titan, a dynamic framework for malicious software analysis that GTRI launched last spring.

Among the challenges ahead are developing natural language algorithms that can quickly separate potential spear phishing attacks from harmless emails. That could be done by searching for language indicating a request such as “open this attachment” or “verify your password.”

GTRI researchers been gaining experience with corporate networks based on security evaluations they’ve done, and work with GTRI’s own network – which receives millions of emails each day. Fortunately, they say, it’s not just the bad guys who are learning more.

“The chief financial officers of companies now understand the financial impacts of spear phishing, and whey they join forces with the chief information officers, there will be an urgency to address this problem,” he added. “Until then, users are the front line defense. We need every user to have a little paranoia about email.”

Research News
Georgia Institute of Technology
177 North Avenue
Atlanta, Georgia 30332-0181
Media Relations Contact: John Toon (404-894-6986)(jtoon@gatech.edu)
Writer: John Toon

John Toon | Newswise
Further information:
http://www.gatech.edu

More articles from Information Technology:

nachricht NASA CubeSat to test miniaturized weather satellite technology
10.11.2017 | NASA/Goddard Space Flight Center

nachricht New approach uses light instead of robots to assemble electronic components
08.11.2017 | The Optical Society

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: A “cosmic snake” reveals the structure of remote galaxies

The formation of stars in distant galaxies is still largely unexplored. For the first time, astron-omers at the University of Geneva have now been able to closely observe a star system six billion light-years away. In doing so, they are confirming earlier simulations made by the University of Zurich. One special effect is made possible by the multiple reflections of images that run through the cosmos like a snake.

Today, astronomers have a pretty accurate idea of how stars were formed in the recent cosmic past. But do these laws also apply to older galaxies? For around a...

Im Focus: Visual intelligence is not the same as IQ

Just because someone is smart and well-motivated doesn't mean he or she can learn the visual skills needed to excel at tasks like matching fingerprints, interpreting medical X-rays, keeping track of aircraft on radar displays or forensic face matching.

That is the implication of a new study which shows for the first time that there is a broad range of differences in people's visual ability and that these...

Im Focus: Novel Nano-CT device creates high-resolution 3D-X-rays of tiny velvet worm legs

Computer Tomography (CT) is a standard procedure in hospitals, but so far, the technology has not been suitable for imaging extremely small objects. In PNAS, a team from the Technical University of Munich (TUM) describes a Nano-CT device that creates three-dimensional x-ray images at resolutions up to 100 nanometers. The first test application: Together with colleagues from the University of Kassel and Helmholtz-Zentrum Geesthacht the researchers analyzed the locomotory system of a velvet worm.

During a CT analysis, the object under investigation is x-rayed and a detector measures the respective amount of radiation absorbed from various angles....

Im Focus: Researchers Develop Data Bus for Quantum Computer

The quantum world is fragile; error correction codes are needed to protect the information stored in a quantum object from the deteriorating effects of noise. Quantum physicists in Innsbruck have developed a protocol to pass quantum information between differently encoded building blocks of a future quantum computer, such as processors and memories. Scientists may use this protocol in the future to build a data bus for quantum computers. The researchers have published their work in the journal Nature Communications.

Future quantum computers will be able to solve problems where conventional computers fail today. We are still far away from any large-scale implementation,...

Im Focus: Wrinkles give heat a jolt in pillared graphene

Rice University researchers test 3-D carbon nanostructures' thermal transport abilities

Pillared graphene would transfer heat better if the theoretical material had a few asymmetric junctions that caused wrinkles, according to Rice University...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

Ecology Across Borders: International conference brings together 1,500 ecologists

15.11.2017 | Event News

Road into laboratory: Users discuss biaxial fatigue-testing for car and truck wheel

15.11.2017 | Event News

#Berlin5GWeek: The right network for Industry 4.0

30.10.2017 | Event News

 
Latest News

Antarctic landscape insights keep ice loss forecasts on the radar

20.11.2017 | Earth Sciences

Filling the gap: High-latitude volcanic eruptions also have global impact

20.11.2017 | Earth Sciences

Water world

20.11.2017 | Life Sciences

VideoLinks
B2B-VideoLinks
More VideoLinks >>>