Spear Phishing Attacks Research Articles

Vulnerability of Students of Masaryk University to Two Different Types of Phishing

According to the European Union Agency for Cybersecurity’s (ENISA) Threat Landscape (ETL) report 2020, phishing is the most commonly used type of cyberattack. Phishing is the technique of delivering false communications that appear to be from a real and respectable source, typically via e-mail or text message. The attacker aims to steal money, obtain access to sensitive data, and login information, or install malware on the victim’s device. Data from the same report shows that during the COVID-19 pandemic, phishing attacks increased by 667% in one month. Simultaneously, warnings about expected waves of phishing e-mails at Masaryk University in Czechia were encountered more often. However, at the time this article was written, there was de facto no anti-phishing research dealing with the problem of phishing attacks on Czech universities. The present article focuses on unintentional human error on the side of students of Masaryk University. The main aim of this article is to uncover the profile of the user who is most prone to victimisation of phishing in the university setting. These results were achieved by performing two real-life phishing simulations. Data suggests that female students are more prone to crash for targeted e-mails. At the same time, all students are more susceptible to spear-phishing attacks than to the generic ones. Findings are explained by analysing the empirical results of the two real-life phishing attacks conducted.

Teenagers: A Social Media Threat Vector

Social media has grown significantly since the early days. During this time, social media has grown to be a mainstay in most teenagers’ lives. Whether they are on Facebook, Snapchat, X (formerly Twitter), or TikTok, teenagers have fully integrated social media into their lives. Teens tend to post the ins and outs of their lives, sharing sensitive information about themselves to people they know, but also to strangers. Although social media can be used for good, it can also be used by nefarious threat actors to take advantage of teenagers. Social engineers count on their subject's desire to increase the number of virtual connections, which may increase the endorphin response received when they get “likes”. As such, social engineers create targeting accounts and then try to get as many people to accept them as possible. This increased footprint levitates the chances of a successful social engineering attack. Add to this, when someone shares an abundance of information about themselves, social engineers use this information to target individuals with spear phishing attacks. To further exacerbate the situation, social media uses algorithms to target its users and feed them with a significant amount of information that is not always vetted as being truthful. When someone is influenced by disinformation, it increases their susceptibility by taking away their desire to verify the truth, but rather accept that what they are being told is the truth. This case study examines the dynamics associated with teenagers and their susceptibility to becoming a victim of cybercrime and how social media perpetuates this situation.

An application for predicting phishing attacks: A case of implementing a support vector machine learning model

The imminent threat that phishing websites poses is a major concern for internet users worldwide. These fraudulent websites are crafted by cyber attackers to appear trustworthy and deceive vulnerable users into divulging confidential data like medical health records, credit card details, passwords, and Personal Identifiable information (PII). To bait their victims, cybercriminals employ tactics such as social engineering, spear-phishing attacks, and email phishing scams. As a result, unsuspecting individuals may be enticed to visit these websites, putting their sensitive information at risk. This work presents an application designed to predict phishing attacks after comparing polynomial and radial basis function of support vector machine (SVM). The proposed application leverages a dataset of known legitimate, suspicious and phishing attacks stored in a database and employs an SVM algorithm for classification based on user input. The application provides a user-friendly graphical user interface (GUI) that allows reporting of new phishing incidents based on the features that have strong relationship in determining if a website is phishing or not. The proposed application utilizes the inherent scalability of database technology to support record expansion whenever there is an instance of a user initiating phishing prediction thereby, making it suitable for use in a wide range of organizational settings.

SpearSim-V2: Synthetic Task Environment for Evaluating Attacker Behaviors

Despite extensive research on phishing, a severe lack of work centered on attackers has resulted in a limited understanding of the adversarial behaviors conducive to attack success and failures. This work describes a novel method for conducting controlled laboratory studies of cognitive vulnerabilities that attackers experience during the design and execution phases of spear-phishing attacks. Based on the SpearSim platform, the new simulation environment integrates cognitive agents that model and predict end-user responses to spear-phishing attacks. This advancement to SpearSim allows the generation of real-time, automated, “human-like” responses to simulated spear-phishing attacks. This enables the execution of experiments focused on attackers and attacker behaviors. We describe the proposed simulation framework, provide details about the implemented simulation environment, and present results to evaluate the performance of the simulation environment. Compared to the earlier version of SpearSim involving human end-users, the new approach generates responses at a much faster rate (3 times faster than human end-users) and importantly with less variance in the time to respond. The cognitive agents used in the simulation predicted human responses to phishing and spear-phishing attackers with moderate accuracy (about 60%). Our proposed method intends to provide an effective and robust way to conduct laboratory experiments on spear-phishing attacks and further understand attackers' decision-making processes that could be exploited to thwart future attacks.

Spear Watch: A Thorough Examination to Identify Spear Phishing Attacks

A form of cybersecurity assault known as phishing involves hostile actors sending messages while posing as a reliable individual or organization. Spear-phishing assaults target a particular victim, and communications that pretend to be from someone they know and contain personal information are updated to directly address that victim. Spear-phishing takes more planning and effort to complete than phishing. Because these attacks are so skillfully customized, conventional security frequently cannot stop them. They are consequently getting harder to find. The spear phishing emails generally require a sophisticated security protocol, deploying threat detection and response tools. There are many research works with newer techniques applied for such systems. Most of them use AI, ML algorithms in identifying the threat and taking necessary actions. This paper emphasizes the importance of having much more enhanced techniques by means of research & development. To start with, the research this work focuses on exploring various detection techniques, where machine learning, natural language processing algorithms are used especially on behaviour analysis, and anomaly detection. This paper lays a foundation for future research in this area.

Designing an Email Attack by Analysing the Victim’s Profile. An Alternative Anti-Phishing Training Method

According to Thomson-Reuters the top cyber threat today is phishing in which people are tricked either to click a malicious link or give out personal information. It’s a fact that 96% of these phishing attacks comes from emails, which amount to more than 3.4 billion daily, as reported by Cisco. Austrian aerospace company FACC, Belgian bank Crelan, Acorn financial services and many other companies were recently fell victims of phishing emails losing millions of dollars. Even if experts provide lists of signs that users should seek in an email in order to understand if it is legitimate or scam, the attackers have elevated the quality of the email messages making them believable and very hard to discern them. In order to respond to this elevated threat, unconventional user training is required, focusing on recognizing a phishing email. Knowing how an attacker thinks and prepares the attack vector against a target, we claim that it will make users more suspicious when they receive one. In this regard, an innovative education intervention (consisted of two phases) was designed and developed. In the first phase, 98 participants were asked to visit an artificial social media profile and prepare a phishing email in order to persuade the victim to click a link. Then, the participants were presented with an innovative guided workflow to prepare a spear phishing email which was based on social media intelligence. In the second phase, they were asked to prepare one more email for the same person applying this time the guided workflow. Comparing the two different emails created, we found that the guided workflow led to the creation of more authentic emails which could potentially trick the victim easier. Based on the theory of active learning, we believe that by teaching users how attackers exploit their personal information in order to develop their attack vectors, it will increase their awareness not only for the typical phishing emails but also for more sophisticated spear phishing attacks.

An Analysis of the Privacy and Security Issues Affecting the Usage of Social Media

Social media have become extremely popular in recent years, and their widespread adoption has led to the presence of huge volumes of users’ personal information on the Internet. The ever-increasing number of social media users on one hand and the massive amount of information being shared daily on the other hand have encouraged attackers to develop and use different techniques to collect and analyze such information for a number of malicious purposes, including spamming, attacking through viruses, phishing, spear-phishing attacks and identity theft among others. Clearly, this trend represents a significant challenge affecting both users and administrators, and likewise create a privacy and security issues for social media users. In this paper, common security and privacy issues were examined along with recommendations to social media users to protect themselves from these issues whenever they use social media.

Personalized persuasion: Quantifying susceptibility to information exploitation in spear-phishing attacks

Many cyberattacks begin with a malicious email message, known as spear phishing, targeted at unsuspecting victims. Although security technologies have improved significantly in recent years, spear phishing continues to be successful due to the bespoke nature of such attacks. Crafting such emails requires attackers to conduct careful research about their victims and collect personal information about them and their acquaintances. Despite the widespread nature of spear-phishing attacks, little is understood about the human factors behind them. This is particularly the case when considering the role of attack personalization on end-user vulnerability. To study spear-phishing attacks in the laboratory, we developed a simulation environment called SpearSim that simulates the tasks involved in the generation and reception of spear-phishing messages. Using SpearSim, we conducted a laboratory experiment with human subjects to study the effect of information availability and information exploitation end-user vulnerability. The results of the experiment show that end-users in the high information-availability condition were 2.97 times more vulnerable to spear-phishing attacks than those in the low information-availability condition. We found that access to more personal information about targets can result in attacks involving contextually meaningful impersonation and narratives. We discuss the implications of this research for the design of anti-phishing training solutions.

Impact Analysis of Resilience Against Malicious Code Attacks via Emails

The damage caused by malicious software is increasing owing to the COVID-19 pandemic, such as ransomware attacks on information technology and operational technology systems based on corporate networks and social infrastructures and spear-phishing attacks on business or research institutes. Recently, several studies have been conducted to prevent further phishing emails in the workplace because malware attacks employ emails as the primary means of penetration. However, according to the latest research, there appears to be a limitation in blocking email spoofing through advanced blocking systems such as spam email filtering solutions and advanced persistent threat systems. Therefore, experts believe that it is more critical to restore services immediately through resilience than the advanced prevention program in the event of damage caused by malicious software. In accordance with this trend, we conducted a survey among 100 employees engaging in information security regarding the effective factors for countering malware attacks through email. Furthermore, we confirmed that resilience, backup, and restoration were effective factors in responding to phishing emails. In contrast, practical exercise and attack visualization were recognized as having little effect on malware attacks. In conclusion, our study reminds business and supervisory institutions to carefully examine their regular voluntary exercises or mandatory training programs and assists private corporations and public institutions to establish counter-strategies for dealing with malware attacks.

Spear-Phishing Susceptibility Stemming From Personality Traits

This study explores the psychological aspects of social engineering by analyzing personality traits in the context of spear-phishing attacks. Phishing emails were constructed by leveraging multiple vulnerable personality traits to maximize the success of an attack. The emails were then used to test several hypotheses regarding phishing susceptibility by simulating a series of spear-phishing campaigns inside a software development company. The company’s employees underwent a standard Big Five personality test, four different phishing emails over four weeks, and cybersecurity training. The results were aggregated before and after the cybersecurity course, and binary logistic regression analyses were performed at each phase of the phishing attack. The results show that personality traits correlate with phishing susceptibility under certain circumstances and pave the way for new methods of protecting individuals from phishing attacks.

SpearSim: Design and Evaluation of Synthetic Task Environment for Studies on Spear Phishing Attacks

Despite significant advancements in security technologies, phishing attacks continue to be rampant and successful because distinguishing phishing emails from real messages remains difficult to most end-users, mainly the targeted kind known as spear-phishing. There is a severe lack of human factor studies on spear-phishing attacks due to lack of methods and datasets. We have designed a novel multi-player synthetic task environment, called SpearSim, for conducting laboratory experiments on spear-phishing attacks. Using SpearSim, we have conducted an experiment to understand how information exploitation in spear-phishing attacks influences end-user decision-making. This paper describes the SpearSim system’s design and discusses the results from the experiment conducted with SpearSim. The experiment results show that people are more vulnerable to spear-phishing attacks when attackers can explore and exploit different kinds of personal information available to them about their targets. We discuss the implications of this research for the design of anti-phishing training solutions and privacy enhancing technologies.

Enterprise Credential Spear-phishing attack detection

The latest report by Kaspersky on email Spam and targeted Phishing attacks, by percentage, highlights the need of an urgent solution. Attachment-driven Spear-phishing struggles to succeed against many email providers’ malware-filtration systems, which proactively check emails for malicious software. In this paper, we provided a solution that can detect targeted Spear-phishing attacks based on required similarities in the specific domain which it has been targeted. The strategy is to figure out whether the domain is genuine or a forgery, which is to be evaluated by multi novel grading algorithms. Therefore, this research addresses targeted attacks on specific organisations by presenting a new enterprise solution. This detection system focuses on domain names, which tend to be registered domain names trusted by the victims. The results from this investigation show that this detection system has proven its ability to reduce email phishing attacks significantly.

Phishing Evolves: Analyzing the Enduring Cybercrime

ABSTRACT Phishing, the fraudulent attempt to obtain sensitive information by disguising oneself as a trustworthy entity via electronic communication, has quickly evolved beyond low-skill schemes that relied on casting “a wide net.” Spear phishing attacks target a particular high-value individual utilizing sophisticated techniques. This study aims to describe the current state of phishing, the expected technological advances and developments of the near future, and the best prevention and enforcement strategies. Data comes from interviews with approximately 60 information technology security professionals, “hackers,” and academic researchers. Routine Activity Theory provided an operational framework; while it is an imperfect fit for most crimes, it provides enough explanatory power for cyber-crimes. Interviewees mainly agreed: First, technological advances increase the proliferation of phishing attacks, but also aid in their detection. It has never been easier to conduct a simple attack, but a good attack requires more effort than ever before. Second, phishing is directly responsible financial fraud and, indirectly, as the primary attack vector for ransomware. Third, newer types of attacks utilizing technology, like deepfakes, will make the problem worse in the short-term. Fourth, prevention will come from machine learning and public education akin to WIFI security improvement via the combination of encryption and password awareness.

An examination of susceptibility to spear phishing cyber attacks in non-English speaking communities

PurposeSpear phishing is a fraudulent practice that targets specific and well-researched users in an organization to collect their credentials. Previous studies have addressed the underlying drivers that significantly influence susceptibility to spear phishing. However, findings may not be generalized to other cultures and environments such as the developing Non-English-speaking countries. To fill this knowledge gap, this research investigated the drivers that affect susceptibility to spear phishing in the Middle Eastern culture. We proposed and tested a theoretical model that explains users' behavior toward phishing material in the context of Non-English-speaking countries. Design/Methodology/ApproachWe created the proposed model relying on the perceived risk theory, the theory of planned behavior, and the OSIR decision making model. The proposed model addressed the impact of information privacy risks, information security risks, and information security knowledge on the susceptibility to spear phishing attacks through the moderating trust construct. The study was conducted in Jordan, a developing and Non-English-speaking country in the Middle East. We designed a lab experiment to evaluate the robustness of the proposed model based on a multistage research, where 83 university students used a phishing website then answered a related survey. Collected data were empirically tested and evaluated using Partial Least Square Analysis and Structural Equation Modeling. FindingsThe results demonstrated the influence of the identified factors on the susceptibility to spear phishing. The study may provide an assistance in evaluating and selecting tools, methods and features for handling targeted types of phishing. Originality/ValueThere are several novel aspects in this study. 1) the experimental nature of study, where we used a real-life spear phishing scenario. 2) the nature of the targeted websites. We created spoofed pages of two webpages that provide academic activities, where students’ level of trust in those websites is likely higher than other websites. 3) the investigation of the mediation role of trust construct, particularly within a university environment, is a new direction in susceptibility to spear phishing. Unlike existing models that measure the direct effect of personality characteristics on phishing susceptibility, our model introduces trust attitude as an aggregation of positive and negative security-privacy interpretations. Finally, the study was conducted in a developing country environment where the Arabic Language is used in initiating and executing the attack.

The Need for New Antiphishing Measures Against Spear-Phishing Attacks

In this study, we provide extensive analysis of the (unique) characteristics of phishing and spear-phishing attacks, argue that spear-phishing attacks cannot be well captured by current countermeasures, identify ways forward, and analyze an advanced spear-phishing campaign targeting white-collar workers in 32 countries.

An Improved Method of Detecting Macro Malware on an Imbalanced Dataset

In spear-phishing attacks, macro malware written in VBA (Visual Basic for Applications) is often used to compromise the target computers. Macro malware is often obfuscated in several ways to evade detection. To detect new macro malware, several methods with machine learning techniques have been proposed. While many methods were evaluated with the inadequate or balanced dataset with the same number of benign and malicious samples, practical performance is still open to discussion. In reality, the population of VBA macros consists of wide variety of samples. To evaluate practical performance, an imbalanced dataset which contains many benign samples is required. In this paper, we propose an improved method of detecting macro malware on an imbalanced dataset. Our method uses 2 language models (Doc2vec and Latent Semantic Indexing (LSI)) and 4 popular classifiers. These language models are used to extract features and mitigate the class imbalance problem by selecting important features. We create an imbalanced dataset with more than 30,000 samples and evaluate the practical performance. The experimental result demonstrates that our method mitigates the class imbalance problem and could detect completely new malware regardless of the family type. The result also reveals that LSI is more robust than Doc2vec to the class imbalance problem.

D4I - Digital forensics framework for reviewing and investigating cyber attacks.

Many companies have cited lack of cyber-security as the main barrier to Industrie 4.0 or digitalization. Security functions include protection, detection, response and investigation. Cyber-attack investigation is important as it can support the mitigation of damages and maturing future prevention approaches. Nowadays, the investigation of cyber-attacks has evolved more than ever leveraging combinations of intelligent tools and digital forensics processes. Intelligent tools (e.g., YARA rules and Indicators of Compromise) are effective only when there is prior knowledge about software and mechanisms used in the cyber-attack, i.e., they are not attack-agnostic. Therefore, the effectiveness of these intelligent tools is inversely proportional to the number of the never-seen-before software and mechanisms utilized. Digital forensic processes, while not suffering from such issue, lack the ability to provide in-depth support to a cyber-attack investigation mainly due to insufficient detailed instructions in the examination and analysis phases. This paper proposes a digital forensics framework for reviewing and investigating cyber-attacks, called D4I, which focuses on enhancing the examination and analysis phases. First, the framework proposes a digital artifacts categorization and mapping to the Cyber-Kill-Chain steps of attacks. Second, it provides detailed instructing steps for the examination and analysis phases. The applicability of D4I is demonstrated with an application example that concerns a typical case of a spear phishing attack.

Detecting lateral spear phishing attacks in organisations

Lateral spear phishing attack is a powerful type of social engineering attack carried out using compromised email account(s) within the target organisation. Spear phishing attacks are difficult to detect due to the nature of these attacks. The inclusion of a lateral attack vector makes detection more challenging. The authors present an approach to detect lateral spear phishing attacks in organisations in real-time. Their approach uses features derived from domain knowledge and analysis of characteristics pertaining to such attacks, combined with their scoring technique which works on non-labelled dataset. They evaluate the approach on several years' worth of real-world email dataset collected from volunteers in their institute. They were able to achieve false positive rate of below 1%, and also detected two instances of compromised accounts which were not known earlier. A comparison of their scoring technique with machine learning based anomaly detection techniques shows the proposed technique to be more suited for practical use. The proposed approach is primarily aimed at complementing existing detection techniques on email servers. However, they also developed a Chrome browser extension to demonstrate that such a system can also be used independently by organisations within their network.

Spear phishing in a barrel: Insights from a targeted phishing campaign

ABSTRACTExecutives in many industries have fallen prey to socially engineered attacks known as spear phishing. Using highly targeted emails, social engineers trick victims into performing unintended actions by masquerading as legitimate actors. To shed light on effective spear phishing training, we conducted a multi-round experiment. Our results indicate that training users with individual loss messaging might increase the effectiveness of the training. Additionally, we found potential evidence that organizational training can lead to increased overall spear phishing awareness, even for those not directly trained. Despite these promising results, however, individuals’ susceptibility to highly targeted spear phishing attacks remains troubling for practitioners and researchers.

Optimal Defense Strategy Selection for Spear-Phishing Attack Based on a Multistage Signaling Game

The integration of industrial control systems (ICS) with information technologies offers not only convenience but also creates security problems, from public networks to ICS. Spear-phishing attacks account for a considerable proportion of such security incidents. Therefore, there have been many studies about dealing with spear-phishing attacks. Most of these studies focus on studying strategies with better defense capabilities for spear-phishing attacks while neglecting the cost of implementing the strategies. However, a strategy with strong defense capabilities may not always be highly cost-effective. Moreover, considerable research has tended to consider the attacker and defender separately while ignoring the fact that the spear-phishing attack-defense process is a dynamic process of confrontation between the attacker and the defender. Actually, the deployment of defense strategies should comprehensively consider the defender's condition and the adversary's possible actions. Therefore, how to select the optimal strategy that defends against spear-phishing attacks with minimum overhead is a problem worthy of further study. Motivated by this consideration, we construct the multistage spear-phishing attack-defense signaling game model (MSPAD-SGM), which comprehensively considers the defense capability, the strategy cost, and the possible strategies of the two sides. Based on this model, we propose the optimal strategy selection algorithm for the spear-phishing attack-defense process. In addition, rather than numerical values, we adopt symbolic variables to quantify the payoffs and present a deep analysis of how the variation of payoffs influences the game result, which helps to reduce the subjectivity and improve the feasibility of our model. The simulation and deduction of the proposed approach are presented in a case study of MSPAD-SGM to demonstrate the feasibility and effectiveness of the proposed strategy's optimal selection approach. Our method provides decision support for the spear-phishing attack-defense process and improves the dynamic analysis efficiency of defense decision-making.