Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social...

50

Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2 , Roberto Perdici 3,1 , Manos Antonakakis 1 , Mustaque Ahamd 1,4 1 Georgia Ins-tute of Technology 2 Damballa, Inc. 3 University of Georgia 4 New York University Abu Dhabi [email protected], [email protected], [email protected], [email protected]

Upload
lylien
Category

Documents
view
212
download
0

Embed Size (px):

Transcript of Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social...

Page 1: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Towards Measuring and Mitigating Social Engineering Software Download Attacks

Terry Nelms1,2, Roberto Perdici3,1, Manos Antonakakis1, Mustaque Ahamd1,4

1Georgia Ins-tute of Technology 2Damballa, Inc.

3University of Georgia 4New York University Abu Dhabi

[email protected], [email protected], [email protected], [email protected]

Page 2: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

How Modern Malware Infections Occur

2

Social Engineering Download

Drive-‐by Download

Page 3: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Study of Web-Based Social Engineering Downloads

  Data collection on a large academic network for two months.

  Real-time deep packet inspection of network traffic.

  Maintain a data buffer of all recent HTTP transactions.

  On executable download record all web traffic from client.

3

Page 4: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Study of Web-Based Social Engineering Downloads

4

Web Path

Social Engineering Download

•  Collected a total of 35,638 downloads •  2,004 real world successful SE downloads •  Full web path reconstruc-on •  Extensive manual analysis

Page 5: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Outline

  Categorizing SE Download Tactics

  Measuring SE Download Properties

  Detecting SE Download Attacks

5

Page 6: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Outline

  Categorizing SE Download Tactics

  Measuring SE Download Properties

  Detecting SE Download Attacks

6

Page 7: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

SE Download Categorization

Ad Web PostSearch

User Attention

Persuasion

ImpersonateRepackageDecoy Invent Entice Comply

Deception

Alarm

Page 8: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

SE Download Categorization

Ad Web PostSearch

User Attention

Persuasion

ImpersonateRepackageDecoy Invent Entice Comply

Deception

Alarm

Page 9: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

SE Download Categorization

Ad Web PostSearch

User Attention

Persuasion

ImpersonateRepackageDecoy Invent Entice Comply

Deception

Alarm

Page 10: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Advertisement

Page 11: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

SE Download Categorization

Ad Web PostSearch

User Attention

Persuasion

ImpersonateRepackageDecoy Invent Entice Comply

Deception

Alarm

Page 12: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Search

Page 13: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Search

www.open-‐download.com

www.mozilla.org

Page 14: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

SE Download Categorization

Ad Web PostSearch

User Attention

Persuasion

ImpersonateRepackageDecoy Invent Entice Comply

Deception

Alarm

Page 15: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Web Post

Page 16: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

SE Download Categorization

Ad Web PostSearch

User Attention

Persuasion

ImpersonateRepackageDecoy Invent Entice Comply

Deception

Alarm

Page 17: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

SE Download Categorization

Ad Web PostSearch

User Attention

Persuasion

ImpersonateRepackageDecoy Invent Entice Comply

Deception

Alarm

Page 18: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Decoy

Page 19: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

SE Download Categorization

Ad Web PostSearch

User Attention

Persuasion

ImpersonateRepackageDecoy Invent Entice Comply

Deception

Alarm

Page 20: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Repackage

Page 21: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

SE Download Categorization

Ad Web PostSearch

User Attention

Persuasion

ImpersonateRepackageDecoy Invent Entice Comply

Deception

Alarm

Page 22: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Impersonate

Page 23: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

SE Download Categorization

Ad Web PostSearch

User Attention

Persuasion

ImpersonateRepackageDecoy Invent Entice Comply

Deception

Alarm

Page 24: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Invent

Page 25: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

SE Download Categorization

Ad Web PostSearch

User Attention

Persuasion

ImpersonateRepackageDecoy Invent Entice Comply

Deception

Alarm

Page 26: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Alarm

Page 27: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

SE Download Categorization

Ad Web PostSearch

User Attention

Persuasion

ImpersonateRepackageDecoy Invent Entice Comply

Deception

Alarm

Page 28: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Entice

Page 29: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

SE Download Categorization

Ad Web PostSearch

User Attention

Persuasion

ImpersonateRepackageDecoy Invent Entice Comply

Deception

Alarm

Page 30: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Comply

Page 31: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Outline

  Categorizing SE Download Tactics

  Measuring SE Download Properties

  Detecting SE Download Attacks

31

Page 32: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Popularity of SE Tactics for Tricking the User

32

Trick Total Percentage

Repackage+Entice 972 48.5%

Invent+Impersonate+Alarm 434 21.7%

Invent+Impersonate+Comply 384 19.2%

Repackage+Decoy 155 7.7%

Impersonate+Decoy 46 2.3%

Impersonate+Entice+Decoy 12 0.6%

Invent+Comply 4 0.2%

Impersonate+Alarm 1 0.1%

Page 33: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Popularity of SE Tactics for Tricking the User

33

Trick Total Percentage

Repackage+Entice 972 48.5%

Invent+Impersonate+Alarm 434 21.7%

Invent+Impersonate+Comply 384 19.2%

Repackage+Decoy 155 7.7%

Impersonate+Decoy 46 2.3%

Impersonate+Entice+Decoy 12 0.6%

Invent+Comply 4 0.2%

Impersonate+Alarm 1 0.1%

Top 3 Responsible for over 89%.

Page 34: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Repackage + Entice (48.5%)

Page 35: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Invent + Impersonate + Alarm (21.7)

Page 36: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Invent + Impersonate + Comply (19.2%)

Page 37: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Invent + Impersonate Subclass (Tactics Popularity)

37

Alarm Comply

Fake Flash 68% 20%

Fake Java 30% 0%

Fake AV 1% 0%

Fake Browser 1% 0%

Fake Player 0% 80%

Page 38: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

38

User’s Attention Total Percentage

Ad 1,616 80.6%

Search+Ad 146 7.3%

Search 127 6.3%

Web Post 115 5.7%

Popularity of SE Tactics for Gaining the User’s Attention

Page 39: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Popularity of SE Tactics for Gaining the User’s Attention

39

User’s Attention Total Percentage

Ad 1,616 80.6%

Search+Ad 146 7.3%

Search 127 6.3%

Web Post 115 5.7%

Almost 88% used adver-sements.

Page 40: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Benign Ad Based Downloads

40

Category Percentage

Games 32%

Utilities 30%

Music 15%

Business 11%

Video 8%

Graphics 2%

Social 2%

  7% of all benign downloads are ad-based.

  40% chance that an ad-based download is benign.

  Trion Worlds is the most popular followed by Spotify.

Page 41: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Top 5 Ad Entry Point Domains

Comply Alarm Entice

26% onclickads.net 16% adcash.com 20% doubleclick.net

10% adcash.com 7% onclickads.net 16% google.com

10% popads.net 7% msn.com 12% googleadservices.com

7% putlocker.is 6% yesadsrv.com 11% msn.com

3% allmyvideos.net 4% yu0123456.com 8% coupons.com

41

Page 42: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Top 5 Ad Entry Point Domains

Comply Alarm Entice

26% onclickads.net 16% adcash.com 20% doubleclick.net

10% adcash.com 7% onclickads.net 16% google.com

10% popads.net 7% msn.com 12% googleadservices.com

7% putlocker.is 6% yesadsrv.com 11% msn.com

3% allmyvideos.net 4% yu0123456.com 8% coupons.com

42

Page 43: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Outline

  Categorizing SE Download Tactics

  Measuring SE Download Properties

  Detecting SE Download Attacks

43

Page 44: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

AV Detection (Day 0 and Day 30)

44 0% 10% 20% 30% 40% 50% 60% 70% 80%

Repackage+En-ce

Invent+Impersonate+Alarm

Invent+Impersonate+Comply

Day 0 Day 30

Page 45: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Classifying Social Engineering Downloads

  Ad Chain Features   Ad-Driven   Minimum Ad Domain Age   Maximum Ad Domain Popularity

  Download URL Features   Download Domain Age   Download Domain Alexa Rank

45

Page 46: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Classifying Social Engineering Downloads

46

Predicted Class Ad-Based SE Benign

Ad-Based SE 91.2% 8.8%Benign 0.5% 99.5%

True Posi-ve Rate False Posi-ve Rate

Page 47: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Conclusion

47

Ad Web PostSearch

User Attention

Persuasion

ImpersonateRepackageDecoy Invent Entice Comply

Deception

Alarm

Page 48: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Conclusion

48

User’s Attention Total Percentage

Ad 1,616 80.6%

Search+Ad 146 7.3%

Search 127 6.3%

Web Post 115 5.7%

Trick Total Percentage

Repackage+Entice 972 48.5%

Invent+Impersonate+Alarm 434 21.7%

Invent+Impersonate+Comply 384 19.2%

Repackage+Decoy 155 7.7%

Impersonate+Decoy 46 2.3%

Impersonate+Entice+Decoy 12 0.6%

Invent+Comply 4 0.2%

Impersonate+Alarm 1 0.1%

Comply Alarm Entice

26% onclickads.net 16% adcash.com 20% doubleclick.net

10% adcash.com 7% onclickads.net 16% google.com

10% popads.net 7% msn.com 12% googleadservices.com

7% putlocker.is 6% yesadsrv.com 11% msn.com

3% allmyvideos.net 4% yu0123456.com 8% coupons.com

Page 49: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Conclusion

49

Page 50: Towards Measuring and Mitigating Social Engineering ... · Towards Measuring and Mitigating Social Engineering Software Download Attacks Terry Nelms 1,2, Roberto Perdici3,1, Manos

Questions?

Towards Measuring and Mitigating Social Engineering Software Download Attacks

Terry Nelms1,2, Roberto Perdici3,1, Manos Antonakakis1, Mustaque Ahamd1,4

1Georgia Ins-tute of Technology 2Damballa, Inc.

3University of Georgia 4New York University Abu Dhabi

[email protected], [email protected], [email protected], [email protected] 50

Employee Turnover Measuring and Mitigating the Cost of ...inventivetalent.com/pdf/Measuring and Mitigating...±Douglas W. Hubbard, 2010, How to Measure Anything: Finding the soµ }(^/v

Employee Turnover Measuring and Mitigating the Cost of ...inventivetalent.com/pdf/Measuring and Mitigating...±Douglas W. Hubbard, 2010, How to Measure Anything: Finding the soµ }(^/v

MEASURING THE OCEAN ECONOMY: TOWARDS THE …

MEASURING THE OCEAN ECONOMY: TOWARDS THE …

Measuring party orientations towards European …gwmarks/assets/data/pp/Ray -- Measuring...Measuring party orientations towards European integration: Results from an expert survey

Measuring party orientations towards European …gwmarks/assets/data/pp/Ray -- Measuring...Measuring party orientations towards European integration: Results from an expert survey

Towards a Statistical Framework for Measuring Sustainable … · Towards a Statistical Framework for Measuring Sustainable Tourism DG GROW/UNWTO Workshop Measuring the economic impact

Towards a Statistical Framework for Measuring Sustainable … · Towards a Statistical Framework for Measuring Sustainable Tourism DG GROW/UNWTO Workshop Measuring the economic impact

Providing High and Controllable Performance in …...mitigating and quantifying the impact of shared resource interference. First, towards mitigating memory interference and achieving

Providing High and Controllable Performance in …...mitigating and quantifying the impact of shared resource interference. First, towards mitigating memory interference and achieving

Measuring Progress Towards Sustainable Development Goals · Measuring Progress Towards Sustainable Development Goals ii ... to accompany the MDGs at the global level, ... Measuring

Measuring Progress Towards Sustainable Development Goals · Measuring Progress Towards Sustainable Development Goals ii ... to accompany the MDGs at the global level, ... Measuring

Towards Interpreting and Mitigating Shortcut Learning ...

Towards Interpreting and Mitigating Shortcut Learning ...

Measuring Stakeholder Capitalism Towards Common Metrics ...

Measuring Stakeholder Capitalism Towards Common Metrics ...

CK2017: Mapping, Measuring and Mitigating Urban Water Challenges

CK2017: Mapping, Measuring and Mitigating Urban Water Challenges

Measuring Progress Towards College and Career Readiness

Measuring Progress Towards College and Career Readiness

Measuring and Mitigating Processor Performance ... - CUG

Measuring and Mitigating Processor Performance ... - CUG

Measuring Students’ Attitudes Towards Grammar Translation ...

Measuring Students’ Attitudes Towards Grammar Translation ...

Defining, Measuring, and Mitigating Respondent Burdensites.nationalacademies.org/cs/groups/dbassesite/... · Defining, Measuring, and Mitigating Respondent Burden Scott Fricker U.S.

Defining, Measuring, and Mitigating Respondent Burdensites.nationalacademies.org/cs/groups/dbassesite/... · Defining, Measuring, and Mitigating Respondent Burden Scott Fricker U.S.

Measuring progress towards delivery of the target

Measuring progress towards delivery of the target

Monitoring, Measuring and Mitigating Social Media Risks · Monitoring, Measuring and Mitigating Social Media Risks ... Fake reviews and ratings False accusations Customer service

Monitoring, Measuring and Mitigating Social Media Risks · Monitoring, Measuring and Mitigating Social Media Risks ... Fake reviews and ratings False accusations Customer service

Measuring Progress Towards Universal Health Coveragedocuments.worldbank.org › ... › pdf › WPS7470.pdf · 2018-11-05 · Measuring Progress Towards Universal Health Coverage:

Measuring Progress Towards Universal Health Coveragedocuments.worldbank.org › ... › pdf › WPS7470.pdf · 2018-11-05 · Measuring Progress Towards Universal Health Coverage:

Measuring Progress Towards Sustainable Development Goals · 1 Te International Institute or Sustainable Development Measuring Progress Towards Sustainable Development Goals Working

Measuring Progress Towards Sustainable Development Goals · 1 Te International Institute or Sustainable Development Measuring Progress Towards Sustainable Development Goals Working

Progress towards mitigating space weather effects in … · 8/26/2015 · Progress towards mitigating space weather effects in aviation ... Ground-to-aircraft radio communication

Progress towards mitigating space weather effects in … · 8/26/2015 · Progress towards mitigating space weather effects in aviation ... Ground-to-aircraft radio communication

Towards Healthy Public Policy: Assessing & Mitigating Health Burden from Air

Towards Healthy Public Policy: Assessing & Mitigating Health Burden from Air

Providing High and Controllable Performance in …safari/thesis/l...mitigating and quantifying the impact of shared resource interference. First, towards mitigating memory interference

Providing High and Controllable Performance in …safari/thesis/l...mitigating and quantifying the impact of shared resource interference. First, towards mitigating memory interference

Languages

Pages

Legal

Copyright © 2022 FDOCUMENTS