260 likes | 731 Views
A lab on understanding Phishing attacks and defenses … Group 21-B Sagar Mehta. Phishing for Phish in the Phispond . Phishing attacks – State of the Art … (simple ). Do-it-yourself phishing kits found on the internet, reveals Sophos Use spamming software/ hire a botnet Url obfuscation .
E N D
A lab on understanding Phishing attacks and defenses … Group 21-B Sagar Mehta Phishing for Phish in the Phispond
Phishing attacks – State of the Art …(simple ) • Do-it-yourself phishing kits found on the internet, reveals Sophos • Use spamming software/ hire a botnet • Url obfuscation Source - A Framework for Detection and Measurement of Phishing Attacks - Doshi et al
What you need to be aware of ? - Subtle aspects … • Unicode attacks – paypal.com/ cyrillic ‘a’ • False security indicators – pad-lock icon, certificates • Address bar hijacking • Discrepancy between anchor text/link • Redirects • Dynamic nature – site up for 4.8 days on average/rotating ips • Negligence – Why Phishing works ? • Legitimate sites usually won’t ask you to update information online, out of band methods – similar to symmetric key exchange …
Statistics … Source - Phishing Activity Trends Report July, 2006 , Anti-Phishing workgroup
Defenses – State of the Art … • Why phishing works ? – Dhamija et al • The Battle Against Phishing:Dynamic Security Skins - Dhamija et al • Detection of Phishing pages based on visual similarity - Liu et al • Modeling and Preventing Phishing Attacks – Jakobsson et al • PHONEY: Mimicking User Response to Detect Phishing Attacks - Chandrasekaran et al Cont …
Defenses – State of the Art • Anomaly Based Web Phishing Page Detection - Pan et al • Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks - McRae et al • A Framework for Detection and Measurement of Phishing Attacks - Doshi et al • Anti-Spam Techniques – spam, a vehicle for Phishing attacks
What to do if you suspect an url/ip is Phishing ? • Look if already present in any blacklist – phishtank, anti-Phishing workgroup • DIG <IP>.multi.surbl.org • entry will resolve into an address (DNS A record) whose last octet indicates which lists it belongs to The bit positions in that octet for the different lists are: 2 = comes from sc.surbl.org4 = comes from ws.surbl.org8 = comes from phishing data source (labelled as [ph] in multi)16 = comes from ob.surbl.org32 = comes from ab.surbl.org64 = comes from jp data source (labelled as [jp] in multi)
Anti-Phishing tools … Source - A Framework for Detection and Measurement of Phishing Attacks - Doshi et al
Enough of the application layer yada yada … • Can we do better ? • Analysis of Phishing at network level – the current set up … • Why it is challenging ? • Lessons learned …
Recent statistics … • A number of phishing websites are in fact legitimate servers that were compromised through software vulnerabilities, exploited by hackers and covertly turned into illegal phishing sites - making the hackers more difficult to track. Source: SecurityFocus.com
What we learned ? • Challenges of Network Level Phishing • Data Sources • Real-Time Mapping • Multiple Domain Hosting • Redirection Techniques • Grad Students
What we are exploring now ? • Combined Data Sources • Application Level Sources • DNS Traces • Multiple Vantage Points • Different Universities with Spam Traps • Is Phishing Targeted? • Percentage Phishing Mails per Spam Trap
What does the lab look like ? • Phishing basics • Attacks – state of the art • Defenses – state of the art • What you need to be aware of so as no to fall prey to Phishing ? • Phishing IQ test - 100% - Hurray !!! I’m the Phishmaster < 70% - Don’t do online transactions …
References … • Why phishing works ? – Dhamija et al • The Battle Against Phishing:Dynamic Security Skins - Dhamija et al • Detection of Phishing pages based on visual similarity - Liu et al. • Modeling and Preventing Phishing Attacks – Jakobsson et al • PHONEY: Mimicking User Response to Detect Phishing Attacks - Chandrasekaran et al • Anomaly Based Web Phishing Page Detection - Pan et al • Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks - McRae et al • A Framework for Detection and Measurement of Phishing Attacks - Doshi et al