Disguised executable files in spear-phishing emails: Detecting the point of entry in advanced persistent threat
نویسندگان
چکیده
Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files. Keywords—Cyber attacks, advanced persistent threat, spear-phishing emails, disguised executable file, malware, intrusion detection system.
منابع مشابه
Breaching the Human Firewall: Social engineering in Phishing and Spear-Phishing Emails
We examined the influence of three social engineering strategies on users’ judgments of how safe it is to click on a link in an email. The three strategies examined were authority, scarcity and social proof, and the emails were either genuine, phishing or spear-phishing. Of the three strategies, the use of authority was the most effective strategy in convincing users that a link in an email was...
متن کاملUnderstanding susceptibility to phishing emails: Assessing the impact of individual differences and culture
In a lab-based empirical study, we examined how individual differences and an aspect of national culture impacted on participants’ responses to phishing and spear-phishing emails. Results showed that the strongest predictor of the participants’ ability to detect these malicious emails was cultural orientation towards the needs of the individual rather than the needs of society. For both types o...
متن کاملDETECTING TARGETED MALICIOUS EMAIL THROUGH SUPERVISED CLASSIFICATION OF PERSISTENT THREAT AND RECIPIENT ORIENTED FEATURES by Rohan
Detecting Targeted Malicious Email through Supervised Classification of Persistent Threat and Recipient Oriented Features Targeted email attacks to enable computer network exploitation have become more prevalent, more insidious, and more widely documented in recent years. Beyond nuisance spam or phishing designed to trick users into revealing personal information, targeted malicious email (TME)...
متن کاملDefending against Spear Phishing: Motivating Users through Fear appeal Manipulations
Phishing is a pervasive form of online fraud that causes billions in losses annually. Spear phishing is a highly targeted and successful type of phishing that uses socially engineered emails to defraud most of its recipients. Unfortunately, anti-phishing training campaigns struggle with effectively fighting this threat— partially because users see security as a secondary priority, and partially...
متن کاملThat Ain't You: Blocking Spearphishing Through Behavioral Modelling
One of the ways in which attackers steal sensitive information from corporations is by sending spearphishing emails. A typical spearphishing email appears to be sent by one of the victim’s coworkers or business partners, but has instead been crafted by the attacker. A particularly insidious type of spearphishing emails are the ones that do not only claim to be written by a certain person, but a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- PeerJ PrePrints
دوره 5 شماره
صفحات -
تاریخ انتشار 2017