Documente Academic
Documente Profesional
Documente Cultură
B. Spear Phishing:
Spear Phishing as the name suggests mainly points to
specific person, rather than a wide group. Here attackers
PRVWO\ ³VWXG\´ DERXW WKH SHUVRQ on social media, like the
way how he/she customizes their communications and
KHQFH ZKLOH DWWDFNLQJ WKH\¶OO DSSHDU WR EH PRUH DXWKHQWLF
Spear Phishing is usually the first step that is used while
performing a targeted attack.
Countermeasures for spear phishing
x User Education:
Spear phishing targets an individual user, and as such the
user education for the security awareness from phishing
attacks is mandatory, spear phishing can be really fatal for a
company because it is used as a base intrusion while
destrR\LQJDFRPSDQ\¶VVHFXULW\V\VWHPV
C. Whaling
Whaling is the type of phishing where the attacker performs Figure 1: Block Diagram
phishing on a higher executive of a company, like the For analysis of our work we referred the reports trend that is
Director of Operations, as he/she might be having some of provided by the summary of Phishing Activity Trends
the valuable inner data, which is of considerable importance Report (3rd Quarter ± 2017) by Anti-Phishing Working
to the company, as such whaling is of particular importance group [1] APWG) the monthly report analyses the phishing
for the company. attacks reported to the APWG through the website at
Countermeasures against whaling: [1].The total number of unique phishing reports submitted to
APWG in 3rd Quarter was 296,208. There was a consistent
Implementing multi ± layer security systems:
It has to be accepted that only providing user education to amount of decline in the phishing sites. Phishers are
the employees is not going to help in a company, as people typically using the HTTPS protocol to fool people as people
doing whaling phishing are way more sophisticated in see that any site which is having secure HTTPS certificate
SHUIRUPLQJWKHVH W\SHVRIDWWDFNVDQGWKH\¶OOLQWUXGH XVLQJ (Green), is safe to share the information. People who usually
do the online payment continued to be the most affected
spear phishing on an employee at his/her most vulnerable
groups. Phishing was found in more than 200 different top ±
time, that is whether it is a personal situation, or a long day
at office. It is therefore advised to have a multilayer security level domains. Phishers use the simple technique of having a
system, in office. HTTPS protected phishing site that mimics a secure
terminal (as supposed by user), however the mere presence
Updating Cyber security Policies: of HTTPS does not indicate that the site is safe from
phishing and many internet users do not know this. A
As technology is evolving day by day so does the techniques
phisher who has just bought a domain name, and secured it
used by Cybercriminals, as such the FRPSDQ\¶V security
policies should be updated timely. ZLWK DQ +7736 FHUWLILFDWH GRHVQ¶W PHDQ WKDW LW LV WKH
official site, maybe the site is used to mimic, and hence the
XVHU¶V3&JHWVFRPSURPLVHG
D. Pharming
Same as phishing, pharming sends users to a hoax website TABLE 1: ANALYSIS FOR THE THIRD QUARTER FOR PHISHING.
that appears to be original and genuine as well. Here,
contrary to the general phishing techniques, here the user Content July August September
GRHVQ¶WHYHQKDYHWRFOLFNDOLQNWREH taken to a bogus site. No. of unique 60,232 73,393 57,317
7KH ZHEVLWH¶V '16 6HUYHU FDQ EH VWUDLJKW DZD\ LQIHFWHG phishing site
XQGHUSKLVKLQJKHUHWKHXVHUGRHVQ¶WHYHQKDYHWRFOLFNWKH detected
link in order to get to malicious sites. No. of unique 99,024 99,172 98.012
phishing email
received
E. Countermeasures against pharming: No. of brands 277 313 325
Mostly the countermeasures that are used iQ ³'HFHSWLYH targeted
3KLVKLQJ´ DUH XVHG WR IRU WKH SKDUPLQJ DOVR DFFHSW IRU WKH
things such as taking holistic approach towards DNS
Servers, Sophisticated security training for senior IT
engineers.
431
2018 First International Conference on Secure Cyber Computing and Communication (ICSCCC)
Count of unique
Month 1 Month 2 Month 3
phishing URLs
Figure 3: Pie Chart depicting that users are easily forged when the
Quarter 1, 2016 86,557 79,259 123,555
phishers use COM as the site domain. At 53% COM is the domain with the
highest numbers of the users getting affected. Quarter 2, 2016 158,988 148,295 158,782
TABLE 2: TOTAL NUMBER OF INCIDENTS REPORTED AT Quarter 3, 2016 155,102 104,349 104,973
FACEBOOK, THE TABLE INDICATES THAT MOST OF THE
PHISHING ATTACKS IN THE RECENT HISTORY OCCURRED IN Quarter 4, 2016 89,232 118,928 69,533
THE UNITED STATES, IT IS ALSO REMARKABLE TO SEE THAT
THERE IS A HUGE DROP FROM THE US TO IRELAND.
Quarter 1, 2017 42,899 50,567 51,265
Country of hosting July Aug Sept Total
United States 1,392 1,686 1,082 4,160 Quarter 2, 2017 50,328 45,327 20,720
Ireland 375 208 165 748
Brazil 148 239 175 562 Quarter 3, 2017 60,232 73,393 57,317
France 19 60 87 166 To make the number of phishing attacks less in number,
Germany 21 68 57 146 VeriSign is now crawling millions of websites and identify
Canada 44 68 33 145 that look ideal to one of the DJHQW¶V site while having
Switzerland 0 77 8 85 different domain information. Once a website is marked as a
Netherlands 12 34 22 68 phishing site, legal procedure is applied to shut the site
United Kingdom 11 21 30 62 down. The main problem with crawling and blacklisting
Czech Republic 19 25 13 57 web sites is that the anti-phishing companies and the
Other (35 Countries) 59 121 52 232 attackers will be in constant struggle with each other where
Total 2,100 2,607 1,724 6,431 attackers create fake and malicious websites only to get it
shut down and the cycle repeats. Hence users are always
In recent times, users are provided with many methods, so
under the threat of a phishing attack, hence the attack is
that they can be protected from the various levels of the
always imminent. Also, efficiency of blacklisting methods is
phishing attacks. There are quite a few attempts to reduce
dependent on the lists quality, and how frequently they are
spam mails from reaching to the end users. [2] [3], while
maintained. Also repeated checking should be done.
other techniques decrement fraud websites [4], while some
checks the genuineness of web pages that a user visits [5]. Two browser-based client-side solutions are proposed by
All these methods have some pros and inevitable cons. The Stanford University for the detection and avoidance of
main reasons of existence of phishing attacks even today is phishing attacks [5] [7]. They are implemented as browser
because of the fact that mails can be spoofed easily to plugins.
432
2018 First International Conference on Secure Cyber Computing and Communication (ICSCCC)
PwdHash [7] is a plug-LQWKDWFRQYHUWVXVHU¶VSDVVZRUGVLQWR All the browser processes are executed inside the virtual
passwords that are domain specific such that the generated environment.
passwords can be reused safely on multiple web sites,
supported on Internet Explorer. Due to the fact that the IV. RESULT ANALYSIS
generated passwords are domain specific, any password The main features of the browser is provided by the
phished by a malicious website cannot be used anywhere Manager App Container. It incorporates several other sub
HOVHOLNHDEDQN¶VZHEVLWHIRUWUDQVDFWLRQ%XWLWRQO\ZRUNV containers within it to divide the backend processes. They
for passwords and cannot protect private information of the are:
users like credit card information or social security number. x Internet App Container: Gets the source codebase
SpoofGuard [5] is another such plugin which offers a of a website from a domain and renders it.
symptom based solution which searches for traits in
websites like similar domain names and masked links. x Intranet App Container: Gets the source codebase
of websites from the Intranet. These sites can be
TABLE 4: BRANDS THAT WERE AFFECTED BY PHISHING IN control interface dashboards for various devices on
PAST TWO YEARS. the network like Wi-Fi router, printers or any IoT
devices. By separating it from the Internet, they are
Phishing protected from attackers.
Month
&DPSDLJQV¶ Month 1 Month 2
3
targeted brands x Extensions App Container: Renders the in-built
extensions of the browser (if any).
Quarter 1, 2016 431 406 418
x Flash App Container: Renders the flash based
Quarter 2, 2016 411 425 418 applications by isolating it from the main content
processes and running it seperatly. Thus avoiding
Quarter 3, 2016 358 340 361
the exploitation of many oI WKH $GREH )ODVK¶V
Quarter 4, 2016 357 332 264 bugs.
433
2018 First International Conference on Secure Cyber Computing and Communication (ICSCCC)
Thus, using this browser if a user ever receives a malicious [11] H. Huang, J. Tan and L. Liu, "Countermeasure techniques for
email with a suspicious link, it will open in the container deceptive phishing attack," in New Trends in Information and Service
Science, 2009. NISS'09. International Conference on, Pp. 636-641,
EURZVHU¶V YLUWXDO HQYLURQPHQW DQG LI VRPH DWWDFNHU WULHV WR June-2009.
harm it, a simple restart can erase all the damage done
[12] L. Wenyin, G. Huang, L. Xiaoyue, Z. Min and X. Deng, "Detection of
In the same way, the browser would be ineffective if the phishing webpages based on visual similarity," in Special interest
user accidentally clicks on a malicious ad on some website, tracks and posters of the 14th international conference on World Wide
or one of his favorite websites gets compromised and starts Web, pp. 1060-1061, May-2005.
redirecting the user to some attacker's site which downloads [13] S. Sheng, B. Wardman, G. Warner, L. F. Cranor, J. Hong and C.
Zhang, "An empirical analysis of phishing blacklists," CHI '08
and executes malwares like ransomware. Proceedings of the SIGCHI Conference on Human Factors in
Computing Systems, pp. 1065-1074, April- 2009.
[14] B. Parno, C. Kuo and A. Perrig, "Phoolproof phishing prevention," in
V. CONCLUSION AND FUTURE ENHANCEMENT International Conference on Financial Cryptography and Data
Phishing is a major issue throughout the world and causes Security, vol . 4107, 2006.
problems like identity theft. Till today, phishing attacks [15] B. Parmar, "Protecting against spear-phishing," Computer Fraud &
have been the cause of billions of dollars in losses to Security, vol. 2012, pp. 8-11, January. 2012.
companies and the markets all over the world. Sometimes [16] M. Mishra and A. Jain, "Anti-Phishing Techniques: A
Review,"International Journal of Engineering Research and
the phisher only wants to gain information which is worth Application (IJERA), vol. 2 pp. 230-355, January. 2012.
many dollars, to sell it to secondary market, hence the [17] E. Medvet, E. Kirda and C. Kruegel, "Visual-similarity-based
resources that were used by the company are all wasted. phishing detection," in Proceedings of the 4th international
Therefore, phishing attacks are still a very common problem conference on Security and privacy in communication netowrks, Sept.
in the cyberspace. In this paper we researched and presented 2008.
a detailed analysis of some of the common phishing trends [18] P. Kumaraguru, S. Sheng, A. Acquisti, L. F. Cranor and J. Hong,
the countermeasures that have been developed against the "Lessons from a real world evaluation of anti-phishing training," in
eCrime Researchers Summit, pp. 1-12, Oct. 2008.
same. We summarized the reported phishing attacks in past
[19] E. Kirda and C. Kruegel, "Protecting users against phishing attacks,"
two years and analyzed its trends. We have also proposed a 29th Annual International Computer Software and Applications
virtual environment based container web browser solution. Conference (COMPSAC'05), vol. 49, pp. 517-524, Jul. 2005.
If someone receive an email with file attachment of [20] H. Huang, S. Zhong and J. Tan, "Browser-side countermeasures for
unknown origin or format, like a word document, excel deceptive phishing attack,´ Fifth International Conference on
spreadsheet or PDF file and the user launches it, it may still Information Assurance and Security on, vol. 1, pp. 352-355, Aug.
2009.
harm the computer the computer. This is due to the fact that
[21] J. Hong, "The state of phishing attacks," Communications of the ACM,
that file will be opened by using some other software like
vol. 55, pp. 74-81, Jan. 2012.
MS Word or Adobe Reader and will run outside the scope
[22] T. Halevi, J. Lewis and N. Memon, "Phishing, personality traits and
of the virtual machine. One possible solution to this can be Facebook," arXiv preprint arXiv:1301.7643, Jan. 2013.
implementing some common file readers for pdf, doc, jpg [23] S. Gupta and P. Kumaraguru, "Emerging phishing trends and
etc. within browser itself so that those files can be opened effectiveness of the anti-phishing landing page," in Electronic Crime
within the virtual environment. Research (eCrime), 2014 APWG Symposium on, pp. 36-47, Nov.
2014.
REFERENCES [24] S. Garera, N. Provos, M. Chew and A. D. Rubin, "A framework for
detection and measurement of phishing attacks," in Proceedings of the
[1] $QWL3KLVKLQJZRUNLQJ*URXS³3KLVKLQJ$FWLYLW\7UHQGV5HSRUWUG
ACM workshop on Recurring malcode, pp. 1-8, Nov. 2007.
Quarter´ Aug. 2009. [Online]. Availabe
http://www.antiphishing.org. [25] I. Fette, N. Sadeh and A. Tomasic, "Learning to detect phishing
emails," in Proceedings of the 16th international conference on World
[2] Microsoft, "Sender ID Framework Overview.," Microsoft, 2005.
Wide Web, pp. 649-656 May. 2007.
[Online]. Available: http://www.microsoft.com.
[26] R. Dhamija, J. D. Tygar and M. Hearst, "Why phishing works," in
[3] Yahoo, "Yahoo! Anti - Spam Resource Center.," 2006. [Online].
Proceedings of the SIGCHI conference on Human Factors in
Available: http://antispam.yahoo.com.
computing systems, pp. 581-590, April 2006.
[4] Microsoft, "Anti - Phishing Technologies.," Microsoft, 2005.
[27] R. Dhamija and J. D. Tygar, "The battle against phishing: Dynamic
[Online]. Available: http://www.microsoft.com.
security skins," in Proceedings of the 2005 symposium on Usable
[5] N. Chou, R. Ledesma, Y. Teraguchi, J. C. Mitchell and others, privacy and security, pp. 77-88, July 2005.
"Client-Side Defense Against Web-Based Identity Theft.," in NDSS,
[28] J. Abawajy, "User preference of cyber security awareness delivery
2004.
methods,´ Behaviour and Information Technology, vol. 33, no. 3, pp.
[6] Mutual Internet Practices Association, "DomainKeys Identified Mail 237-248, March. 2014.
(DKIM)," [Online]. Available: https://dkim.org/.
[7] B. Ross, C. Jackson, N. Miyake, D. Boneh and J. C. Mitchell,
"Stronger Password Authentication Using Browser Extensions.,"
SSYM'05 Proceedings of the 14th conference on USENIX Security
Symposium, Volume-14, May-2005
[8] DEBIAN, "Deploy: Debian Project unable to deploy Sender ID,"
2006. [Online]. Available: http://www.debian.org.
[9] B. Wardman, T. Stallings, G. Warner and A. Skjellum, "High-
performance content-based phishing attack detection," in eCrime
Researchers Summit (eCrime), Nv-2011.
[10] T. N. Jagatic, N. A. Johnson, M. Jakobsson and F. Menczer, "Social
phishing," Communications of the ACM, vol. 50, pp. 94-100, Oct-
2007.
434