SlideShare uma empresa Scribd logo

Analysis of Regional Phishing Attack

June Park
June Park

This presentation describes the types and characteristics of regional phishing attacks. We also describe the limitations of the phishing defense system of global browsers such as Google Chrome, and suggest ways to overcome them.

Software
1 de 51
Baixar para ler offline
1 A n a l y s i s o f R e g i o n a l P h i s h i n g A t t a c k F i s h i n g t h e P h i s h e r s Photo by Johannes Plenio on Unsplash J u n e P a r k @ N a v e r C o r p . [ S e c u r i t y ]
2 J u n e P a r k S e c u r i t y R e s e a r c h e r @ N A V E R C O R P . A b o u t M e - Security Research and Pentesting @ Samsung (10 years) - DEFCON 27 DEMO LABS (Mobile + Cloud Vuln.) - Interest : Phishing, App Security, Cloud Security - june.park@navercorp.com Journey to the Security Expert
3 AGENDA F i s h i n g t h e P h i s h e r s Global Phishing Attack Trends Why Phishing Attacks keep Growing I n t r o d u c t i o n Phishing Campaign Types Analysis of Adversarial Tactics R e g i o n a l P h i s h i n g L a n d s c a p e Previous Research and Limitations Why We Should Be Prepared for Regional Phishing Attack B a c k g r o u n d & M o t i v a t i o n NAVER Anti Phishing System Early Detection and Prevention Mitigation D e t e c t i o n a n d D e f e n s e
4 AGENDA F i s h i n g t h e P h i s h e r s C o n c l u s i o n Case Analysis 1 : Leak Accounts from Darkweb Case Analysis 2 : Kakaotalk Malware and Phishing H o w t o U t i l i z e C T I Real-World Limitations What We Do for Next? D i s c u s s i o n a n d F u t u r e W o r k
5 - Definition - Global Trends P h i s h i n g A t t a c k T r e n d s - Single Point of Failure - Low Effort High Impact W h y P h i s h i n g A t t a c k s k e e p G r o w i n g Introduction F i s h i n g t h e P h i s h e r s
6 h t t p s : / / f a n c i f u l - t a r s i e r - c 2 3 d 0 9 . n e t l i f y . a p p [ N O T N A V E R . C O M ] A c c o u n t L e a k P e r s o n a l D a t a L e a k P r e p a r e N e w A t t a c k I n p u t L o g i n C r e d e n t i a l C r e d e n t i a l D e l i v e r e d T o H a c k e r s Collect and Sell (Dark-Market) Emails, Files in Cloud Contacts, Etc. Abuse the Service Abuse the Account
7 Phishing Reaches All-Time High in Early 2022 I n t h e f i r s t q u a r t e r o f 2 0 2 2 , A P W G o b s e r v e d 1 , 0 2 5 , 9 6 8 t o t a l p h i s h i n g a t t a c k s . T h i s w a s t h e w o r s t q u a r t e r f o r p h i s h i n g t h a t A P W G h a s e v e r o b s e r v e d , a n d t h e f i r s t t i m e t h a t t h e q u a r t e r l y t o t a l h a s e x c e e d e d o n e m i l l i o n P h ish in g At t a cks, 2 Q2 0 2 1 ~ 1 Q2 0 2 2 b y A P W G G l o b a l T r e n d s
8 FBI Crime Report 2020 - 2021 The type of cybercrime with the most victims in 2020 was phishing. In 2021, this trend also continued, resulting in the largest number of victims by phishing. G l o b a l T r e n d s Photo by Setyaki Irham on Unsplash
9 Single Point of Failure W h y P h i s h i n g A t t a c k s k e e p G r o w i n g On the portal site, users can use all detailed services with a single log-in. Paradoxically, this presents an opportunity for hackers. V i c t i m ’ s C r e d e n t i a l ( S i n g l e P o i n t ) H a c k e r s H a c k e r s T a k e A l l
10 Low Effort Phishing attacks are less difficult than malware or zero-day exploit attacks. High Impact However, the benefits of successful phishing attacks are huge. P h o t o b y D r e w C o f f m a n o n U n s p l a s h P h o t o b y S h a n e o n U n s p l a s h
11 - Inferring Phishing Intention via Webpage Appearance and Dynamics - Google Safe Browsing with ML P r e v i o u s R e s e a r c h - Limitations - Blacklist - Limitations – Adversary’s Tactics - No One Knows Better than You B e P r e p a r e d f o r R e g i o n a l P h i s h i n g Background & Motivation F i s h i n g t h e P h i s h e r s Photo by Aaron Huber on Unsplash
12 Inferring Phishing Intention via Webpage Appearance and Dynamics ( U S E N I X 2 0 2 2 ) P r e v i o u s R e s e a r c h AWL describing the regions and positions of UI components A b s t r a c t W e b p a g e L a y o u t build a CRP classifier that takes the screenshot and the AWL as input, and classifies whether the webpage requires user credentials. C R P C l a s s i f i c a t i o n Emulating user clicks on the reported links/buttons, and retrieve new redirected URLs along with their screenshots and HTML codes C R P T r a n s i t i o n L o c a t i o n
13 Building a more helpful browser with machine learning ( G o o g l e S e c u r i t y ) P r e v i o u s R e s e a r c h identifies 2.5 times more potentially malicious sites and phishing attacks as the previous model R o l l e d O u t a N e w M L M o d e l Chrome predicts when permission prompts are unlikely to be granted based on how the user previously interacted with similar permission prompts, and silences these undesired prompts. I m p r o v e T h e B r o w s i n g E x p e r i e n c e ,
14 But, Why Browser Fail to Detect B e P r e p a r e d f o r R e g i o n a l P h i s h i n g D e t e c t i o n t e c h n i q u e s a r e e v o l v i n g , b u t d e t e c t i o n r a t e s f o r r e g i o n a l p h i s h i n g a r e s t i l l i n s u f f i c i e n t . C h r o m e , E d g e S a f a r i , E t c .
15 Attacker Victims @ Google Safe Browsing Blacklisted D-Day D+7 (Average) Phishing Campaign Start Limitations - Blacklist B e P r e p a r e d f o r R e g i o n a l P h i s h i n g I t t a k e s a n a v e r a g e o f 7 d a y s f o r p h i s h i n g a t t a c k s t o b e b l a c k l i s t e d . Browsers Don’t Detect Now Browsers Detect As Phishing Site Victims
16 • I P B l a c k l i s t • U s e r - A g e n t C h e c k i n g • R e f e r r e r C h e c k i n g • P a r a m e t e r C h e c k i n g Limitations – Adversary’s Tactics B e P r e p a r e d f o r R e g i o n a l P h i s h i n g Y o u w a n t t o d i s c o v e r p h i s h i n g s i t e B u t , Y o u w i l l s e e G o o g l e B y p a s s i n g t e c h n i q u e s Attackers utilize bypassing techniques not to be captured by phishing hunters.
17 “No One Knows Your Brand Better than You” T h a t ’ s w h y W e S t u d y N a v e r P h i s h i n g
18 - 3 Types of Phishing P h i s h i n g C a m p a i g n T y p e s - Sophisticated Phishing - Domain Squatting with HTTPS - Phishing Emails with Social Engineering - Credential Redirection - Circumventing Techniques A n a l y s i s o f A d v e r s a r i a l T a c t i c s Regional Phishing Landscape F i s h i n g t h e P h i s h e r s Photo by Aaron Huber on Unsplash
19 The goal of this type is to steal information from the target. It uses social engineering techniques to lure victims to phishing sites. S o ph ist ica t ed P h ish in g Phishing pages are displayed only when accessed through the search engine. It is a phishing attack against an unspecified number of users. S ea rch Abuse P h ish in g It is a fraudulent method of stealing accounts and money by luring victims after registering false sales in the ”Joonggonara Café” Jo o n g g o n a ra P h ish in g 3 Types of Phishing P h i s h i n g C a m p a i g n T y p e s
20 Build Phishing Site STAGE A Send Phishing Emails STAGE B Account Hijacking STAGE C Steal Information STAGE D [1] Sophisticated Phishing -Attack Flow A n a l y s i s o f A d v e r s a r i a l T a c t i c s Adversary’s Tactics • Domain Squatting • Free TLS Certificates • Collecting Emails • Social Engineering • Credential Redirection with Proxy Configuration • Change Security Setting • IMAP/POP3 Setting A s t h e m o s t s o p h i s t i c a t e d t y p e o f p h i s h i n g a t t a c k , v a r i o u s t e c h n i q u e s a r e u s e d t o i n c r e a s e t h e a t t a c k s u c c e s s r a t e .
21 A n a l y s i s o f A d v e r s a r i a l T a c t i c s Registering domains similar to Naver, causing the victim to recognize the phishing site as normal. • navers.co.in • help-navers.com • account.nhn-signer.kro.kr • nid.naversec.o-r.kr • nidserver.naverrer.com D o m a i n S q u a t t i n g E x a m p l e + = Attackers implement HTTPS phishing sites using free certificates. It allows an adversary to avoid a browser warning of missing a valid certificates. [1] Sophisticated Phishing -Domain Squatting with HTTPS
22 A n a l y s i s o f A d v e r s a r i a l T a c t i c s [1] Sophisticated Phishing -Phishing Emails with Social Eng. most of the email titles include attention-grabbing information. T o l u r e v i c t i m s
23 A n a l y s i s o f A d v e r s a r i a l T a c t i c s [1] Sophisticated Phishing -Credential Redirection F o r w a r d C r e d e n t i a l I n p u t C r e d e n t i a l F o r w a r d C r e d e n t i a l R e s p o n s e S e s s i o n L o g g i n g C r e d e n t i a l i f r e s p o n s e i s O K P h i s h i n g S i t e ( P r o x y ) h t t p s : / / w w w . n a v e r . c o m V i c t i m P r o x y c o n f i g u r a t i o n f o r r e d i r e c t i n g a v i c t i m ' s c r e d e n t i a l . A n a t t a c k e r o b t a i n s a w o r k i n g c r e d e n t i a l w h e n a v i c t i m h a s s u c c e s s f u l l y s i g n e d i n a t a r g e t w e b s i t e .
24 A n a l y s i s o f A d v e r s a r i a l T a c t i c s [1] Sophisticated Phishing - Circumventing Techniques A t t a c k e r s u t i l i z e b y p a s s i n g t e c h n i q u e s n o t t o b e c a p t u r e d b y p h i s h i n g h u n t e r s . p h i s h i n g s i t e c a n b e a c c e s s i b l e s o l e l y w h e n a c e r t a i n c o n d i t i o n i s m e t w h e r e a n e m p t y p a g e o r a r b i t r a r y w e b s i t e w o u l d b e r e t u r n e d / r e d i r e c t e d o t h e r w i s e . N o R e f e r r e r : R e d i r e c t t o G o o g l e N o P a r a m e t e r s : 4 0 4 n o t f o u n d P a r a m e t e r + R e f e r r e r : P h i s h i n g
25 [2] Search Abuse Phishing -Script Call Chaining A n a l y s i s o f A d v e r s a r i a l T a c t i c s A t t a c k e r s p l a n t m a l i c i o u s s c r i p t s o n h a c k e d s e r v e r s a n d d e s i g n t h e m t o b e c a l l e d i n a c h a i n . S i t e A S i t e c C o m p r o m i s e d … S i t e B a a . c o m / j s _ c o m m o n . j s b b . c o m / l o g i n . j s c c . c o m / l o g i n . p h p 2 - 1 . C a l l 2 - 2 , C a l l 1 . S e a r c h & F o l l o w L i n k s 2 - 3 . C a l l 3 . R e t u r n P h i s h i n g P a g e S i t e D 4 . S e n d C r e d e n t i a l s C o m p r o m i s e d P h i s h i n g S h o w u p w i t h < i f r a m e > p o p - u p I n s o m e c a s e s , c r e d e n t i a l s a r e e n c r y p t e d ( R S A ) b l a h b l a h . t x t
26 [2] Search Abuse Phishing - Circumventing Techniques A n a l y s i s o f A d v e r s a r i a l T a c t i c s p h i s h i n g s i t e c a n b e a c c e s s i b l e s o l e l y w h e n a c e r t a i n c o n d i t i o n i s m e t R e f e r r e r C h e c k ( I f v i c t i m s f o l l o w e d s e a r c h e n g i n e l i n k s ) C o o k i e C h e c k ( P h i s h i n g o n l y w o r k s o n f i r s t v i s i t ) T i m e C h e c k ( P h i s h i n g o n l y w o r k s a t s p e c i f i e d t i m e ) C r e d e n t i a l E n c r y p t i o n ( T o d i s r u p t a c c o u n t p r o t e c t i o n a c t i v i t i e s ) Phishing works If all conditions are met
27 [2] Search Abuse Phishing -Social Engineering A n a l y s i s o f A d v e r s a r i a l T a c t i c s I n o r d e r t o l u r e a s m a n y v i c t i m s a s p o s s i b l e t o p h i s h i n g s i t e s , a t t a c k e r s h a c k e d s i t e s t h a t c o u l d b e t r e n d i n g a n d u s e d t h e m f o r p h i s h i n g . JANUARY FEBRUARY MARCH APRIL MAY JUNE Popular topics can be targeted by hackers. P O P U L A R I T Y
28 [3] Joonggonara Phishing -Attack Flow A n a l y s i s o f A d v e r s a r i a l T a c t i c s 1 . R e g i s t e r B a i t I t e m s 2 . C o n t a c t C o n t a c t m e v i a K a k a o t a l k 3 . A c t i v a t e & D e l i v e r P h i s h i n g U R L 4 . I n p u t C r e d e n t i a l s T h e p h i s h i n g k i t o f f e r s a n a u t o m a t i o n o f t h e w h o l e p h i s h i n g p r o c e s s i n g i n c l u d i n g t h e p r e p a r a t i o n o f a p h i s h i n g w e b s i t e . s e n s i t i v e i n f o r m a t i o n o b t a i n e d f r o m t h e v i c t i m c a n b e c o m p r o m i s e d f o r a p h i s h i n g a t t a c k i n t h e f u t u r e .
29 [3] Joonggonara Phishing -Hit and Run A n a l y s i s o f A d v e r s a r i a l T a c t i c s 2 . C o n t a c t 3 . A c t i v a t e & D e l i v e r P h i s h i n g U R L 4 . I n p u t C r e d e n t i a l s P h i s h i n g U R L i s a v a i l a b l e f o r o n l y f e w m i n u t e s
30 - Mission & Goal - System Overview - Certificate Transparency Monitoring - Spam Detector - Whale CSD (Client-Side Detection) - Profiling Adversary N A V E R A n t i P h i s h i n g S y s t e m - Break the Chain - Victim Recognition and Protection - NAVER Safe Browsing - APWG - User Interface Improvements P r e v e n t i o n Detection & Defense F i s h i n g t h e P h i s h e r s Photo by charlesdeluvio on Unsplash
31 Mission & Goal N A V E R A n t i P h i s h i n g S y s t e m O u r m i s s i o n i s t o d e t e c t N a v e r p h i s h i n g a s q u i c k l y a s p o s s i b l e a n d t o p r o t e c t u s e r s f r o m v a r i o u s p h i s h i n g a t t a c k s . WRITE HERE YOUR GREAT AND NICE Y O U C A N W R I T E H E R E A company is an association or collection of individuals, whether natural persons, legal persons, or a mixture of both.
32 CT Monitoring Spam Detector Whale CSD Logs User Logs Detect newly created phishing domains early through certificate transparency monitoring. P h i s h i n g D o m a i n Record and analyze phishing site information detected by the Whale browser (client side). P h i s h i n g U R L Categorize phishing mail among spam mails reported by users and extract phishing URLs. P h i s h i n g M a i l & U R L Analyze logs for suspected attackers to prepare for future phishing attacks. A d v e r s a r y P r o f i l e N A P S System Overview N a v e r A n t i P h i s h i n g S y s t e m
33 CT Monitoring N a v e r A n t i P h i s h i n g S y s t e m W h e n a u s e r r e q u e s t s a n S S L / T L S c e r t i f i c a t e , a C A m u s t ( f r o m A p r i l 1 , 2 0 1 8 ) s u b m i t t h e c e r t i f i c a t e d e t a i l s t o a C T l o g . Factors Risk Score Example Suspicious TLD Navers.co.{in} TLD as Domain Naver.{com}.co Brand Keyword {nid.naver.com}.de Suspicious Keyword {nid}.never-{cloud}ing.com Domain Squatting Members.{never}.com # of Hyphens {nid.naver.com-user06-nidlogin}.me # of Sub Domains naver{.}nid{.}coms{.}party Free Certificate Let’s Encrypt or Zero SSL C a l c u l a t e C h e c k P h i s h i n g R e g i s t e r t o B l a c k l i s t
34 Spam Detector N a v e r A n t i P h i s h i n g S y s t e m A m o n g s p a m e m a i l s r e p o r t e d b y u s e r s , s u s p e c t e d p h i s h i n g e m a i l s a r e c l a s s i f i e d a n d a n a l y z e d b y t h e s e c u r i t y t e a m . S e n d a p h i s h i n g m a i l S P A M D B R e p o r t ! K e y w o r d _ A K e y w o r d _ C K e y w o r d _ B K e y w o r d _ E K e y w o r d _ D K e y w o r d _ F K e y w o r d _ G K e y w o r d _ H C h e c k P h i s h i n g R e g i s t e r t o B l a c k l i s t
35 Whale CSD Logs N a v e r A n t i P h i s h i n g S y s t e m T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . P h i s h i n g F e a t u r e E x t r a c t i o n C h e c k P h i s h i n g R e g i s t e r t o B l a c k l i s t
36 Profiling Adversary N a v e r A n t i P h i s h i n g S y s t e m T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . S M T P S e r v e r I n f o . F r o m A d d r e s s ( S e n d e r ) T a r g e t A d d r e s s ( R e c e i v e r ) … H o s t i n g S e r v e r I n f o . P r o x y S e r v e r I n f o . P a s s i v e D N S … M a k e a p r o f i l e o f A d v e r s a r y G r o u p A G r o u p B G r o u p C M a t c h N e w P h i s h i n g D e t e c t e d
37 Break the Chain P r e v e n t i o n B y a n a l y z i n g t h e e l e m e n t s o f e a c h s t a g e o f a p h i s h i n g a t t a c k a n d b r e a k i n g t h e l i n k , w e p r e v e n t t h e s p r e a d o f d a m a g e . • Block targeted phishing attacks • prevent the spread of victims Block Phishing Mails Block Phishing URLs Victim Protection Improve Usable Security • Block users accessing phishing URLs • Account protection and information leakage prevention for phishing victim accounts • Increase user awareness of phishing attacks
38 Break the Chain P r e v e n t i o n B y a n a l y z i n g t h e e l e m e n t s o f e a c h s t a g e o f a p h i s h i n g a t t a c k a n d b r e a k i n g t h e l i n k , w e p r e v e n t t h e s p r e a d o f d a m a g e . Attacker Blocked @ Google Safe Browsing Blacklisted D-Day D+7 (Average) Phishing Campaign Start Now Other Browsers Detect As Phishing Site Phish! @ NAPS in 24 Hours Detected by Naver Safe Browsing Blocked D+1 (Average)
39 Victim Recognition and Protection P r e v e n t i o n T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . F o r w a r d C r e d e n t i a l I n p u t C r e d e n t i a l F o r w a r d C r e d e n t i a l R e s p o n s e S e s s i o n L o g g i n g C r e d e n t i a l i f r e s p o n s e i s O K P h i s h i n g S i t e ( P r o x y ) h t t p s : / / w w w . n a v e r . c o m V i c t i m H o s t i n g A d d r e s s x . x . x . x y . y . y . y z . z . z . z L o g i n H i s t o r y v i c t i m _ 0 0 1 : x . x . x . x v i c t i m _ 0 0 2 : x . x . x . x v i c t i m _ 0 0 3 : x . x . x . x V i c t i m R e c h o g n i t i o n V e r i f i c a t i o n & P r o t e c t i o n
40 NAVER Safe Browsing P r e v e n t i o n T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . CT Monitoring Spam Detector Whale CSD Logs User Logs N A P S + Block Naver Phishing
41 NAVER Safe Browsing with Whale P r e v e n t i o n O t h e r b r o w s e r s c a n n o t d e t e c t N a v e r p h i s h i n g w i t h t h e d e t e c t i o n b y p a s s t e c h n i q u e a p p l i e d . W h a l e i s p o s s i b l e , b e c a u s e w e h a v e a t e a m t h a t s p e c i a l i z e s i n a n a l y z i n g a n d r e s p o n d i n g t o N a v e r p h i s h i n g . S a f a r i , E d g e , E t c . N a v e r W h a l e <
42 Strengthen warning messages when accessing phishing sites C h a n g e t h e W a r n i n g S c r e e n Provides notification when user security anomalies are detected E n h a n c e d S e c u r i t y A l e r t Conduct security enhancement campaigns to prevent phishing S e c u r i t y C a m p a i g n Our security and service teams are collaborating to improve usable security, and the results are continuously reflected in our services. User Interface Improvements P r e v e n t i o n W e a r e i m p r o v i n g t h e u s e r i n t e r f a c e t o i n f o r m u s e r s a b o u t p h i s h i n g s i t e s . A S - I S T o - B E
43 OUR LATEST ACHIEVEMENTS IN NUMBERS P r e v e n t i o n T h e N a v e r S e c u r i t y T e a m i s c o n t i n u o u s l y r e s e a r c h i n g p h i s h i n g a t t a c k s a n d a c t i v e l y r e s p o n d i n g t o t h e m . 8000+ Registered @ Naver Safe Browsing Naver Phishing 400K+ Blocked Proactively Phishing Mail 1M+ Blocked by Naver Safe Browsing Phishing URLs 5+ Utilize Phishing Data APPS
44 C a s e A n a l y s i s 1 : D a r k w e b C a s e A n a l y s i s 1 : K a k a o t a l k M a l w a r e a n d P h i s h i n g How to Utilize CTI F i s h i n g t h e P h i s h e r s Photo by AbsolutVision on Unsplash
45 We are monitoring various channels to protect Naver accounts from being leaked on the Internet. We protect leaked accounts by analyzing information collected from OSINT, Telegram, etc. In addition, accounts leaked on darkweb or leaked by malware are monitored and protected. Behind the Scene to Protect Users D a r k w e b Photo by Ryoji Iwata on Unsplash u s e r 0 0 1 / q w e 1 2 3 4 ~ ! u s e r 0 0 2 / u s e r ! @ u s e r 0 0 3 / p a s s c o d e # @
46 CTI Information Sharing K a k a o t a l k m a l w a r e a n d P h i s h i n g T h r o u g h r a p i d i n f o r m a t i o n s h a r i n g , i t i s p o s s i b l e t o a n a l y z e a n d r e s p o n d t o r i s k f a c t o r s t h a t m a y o c c u r i n N a v e r .
47 R e a l - w o r l d P r o b l e m N e x t S t e p Discussion & Future work F i s h i n g t h e P h i s h e r s Photo by AbsolutVision on Unsplash
48 Why Don’t We Cooperate? R e a l - W o r l d P r o b l e m I n o r d e r t o r e s p o n d t o p h i s h i n g i n t h e r e g i o n , i n c l u d i n g N a v e r , c o o p e r a t i o n a n d i n f o r m a t i o n s h a r i n g a r e e s s e n t i a l . I n v e s t i g a t i o n o f h a c k e d s e r v e r s It should be possible to quickly retrieve the phishing victim accounts collected by the attacker. I n v e s t i g a t i o n o f s c a m m e r s It is necessary to investigate fraudsters who steal not only accounts, but also personal information and money. s h a r i n g o f p h i s h i n g i n f o r m a t i o n Collaborative response is needed rather than individual battles Photo by Aubrey Odom-Mabey on Unsplash
49 The More We Care, The Safer Naver is N e x t S t e p W e a r e r e s e a r c h i n g p h i s h i n g a t t a c k s a n d w o r k i n g h a r d t o r e f l e c t t h e m i n o u r s e r v i c e . E x p a n d i n g S a f e B r o w s i n g Building a safe service ecosystem from phishing C o o p e r a t i o n w i t h … Organization, Internet company, T.I, Etc. R e s e a r c h & D e v e l o p m e n t Phishing analysis and response automation Photo by Kelly Sikkema on Unsplash
50 Conclusion F i s h i n g t h e P h i s h e r s Photo by AbsolutVision on Unsplash
51 GET IN TOUCH WITH US L O C A T I O N NA V ER 17 84 C O N T A C T M E j un e .park@n ave rc orp.c om

Recomendados

MSF process model
MSF process modelMSF process model
MSF process modelMuhammad Taqi Hassan Bukhari
 
구글벤처스 디자인 스프린트 워크샵 프로세스
구글벤처스 디자인 스프린트 워크샵 프로세스구글벤처스 디자인 스프린트 워크샵 프로세스
구글벤처스 디자인 스프린트 워크샵 프로세스Jung Soo Kim
 
제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [WHY 팀] : 나만의 웹툰일기 Toonight
제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [WHY 팀] : 나만의 웹툰일기 Toonight제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [WHY 팀] : 나만의 웹툰일기 Toonight
제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [WHY 팀] : 나만의 웹툰일기 ToonightBOAZ Bigdata
 
How to avoid connection pool deadlock
How to avoid connection pool deadlockHow to avoid connection pool deadlock
How to avoid connection pool deadlockStephan van Hoof
 
Code generator in Compiler Construction
Code generator in Compiler ConstructionCode generator in Compiler Construction
Code generator in Compiler ConstructionMuhammad Haroon
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingAgile Testing Alliance
 
악성코드 개념 및 대응 기술 (사이버 게놈 기술)
악성코드 개념 및 대응 기술 (사이버 게놈 기술)악성코드 개념 및 대응 기술 (사이버 게놈 기술)
악성코드 개념 및 대응 기술 (사이버 게놈 기술)seungdols
 
추천시스템 구축을 위한 빅데이터 분석기법과 사례
추천시스템 구축을 위한 빅데이터 분석기법과 사례추천시스템 구축을 위한 빅데이터 분석기법과 사례
추천시스템 구축을 위한 빅데이터 분석기법과 사례HELENA LEE
 

Recomendados

MSF process model
MSF process modelMSF process model
MSF process modelMuhammad Taqi Hassan Bukhari
 
구글벤처스 디자인 스프린트 워크샵 프로세스
구글벤처스 디자인 스프린트 워크샵 프로세스구글벤처스 디자인 스프린트 워크샵 프로세스
구글벤처스 디자인 스프린트 워크샵 프로세스Jung Soo Kim
 
제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [WHY 팀] : 나만의 웹툰일기 Toonight
제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [WHY 팀] : 나만의 웹툰일기 Toonight제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [WHY 팀] : 나만의 웹툰일기 Toonight
제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [WHY 팀] : 나만의 웹툰일기 ToonightBOAZ Bigdata
 
How to avoid connection pool deadlock
How to avoid connection pool deadlockHow to avoid connection pool deadlock
How to avoid connection pool deadlockStephan van Hoof
 
Code generator in Compiler Construction
Code generator in Compiler ConstructionCode generator in Compiler Construction
Code generator in Compiler ConstructionMuhammad Haroon
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingAgile Testing Alliance
 
악성코드 개념 및 대응 기술 (사이버 게놈 기술)
악성코드 개념 및 대응 기술 (사이버 게놈 기술)악성코드 개념 및 대응 기술 (사이버 게놈 기술)
악성코드 개념 및 대응 기술 (사이버 게놈 기술)seungdols
 
추천시스템 구축을 위한 빅데이터 분석기법과 사례
추천시스템 구축을 위한 빅데이터 분석기법과 사례추천시스템 구축을 위한 빅데이터 분석기법과 사례
추천시스템 구축을 위한 빅데이터 분석기법과 사례HELENA LEE
 
제 14회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [TweetViz팀] : 카프카와 스파크를 통한 tweetdeck 개발
제 14회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [TweetViz팀] : 카프카와 스파크를 통한 tweetdeck 개발제 14회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [TweetViz팀] : 카프카와 스파크를 통한 tweetdeck 개발
제 14회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [TweetViz팀] : 카프카와 스파크를 통한 tweetdeck 개발BOAZ Bigdata
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Ajin Abraham
 
제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Stalker 팀] : 감정분석을 통한 MBTI 기반 개인별 투자 성향 분석
제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Stalker 팀] : 감정분석을 통한 MBTI 기반 개인별 투자 성향 분석제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Stalker 팀] : 감정분석을 통한 MBTI 기반 개인별 투자 성향 분석
제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Stalker 팀] : 감정분석을 통한 MBTI 기반 개인별 투자 성향 분석BOAZ Bigdata
 
Network Analysis Using Wireshark -10- arp and ip analysis
Network Analysis Using Wireshark -10- arp and ip analysis Network Analysis Using Wireshark -10- arp and ip analysis
Network Analysis Using Wireshark -10- arp and ip analysis Yoram Orzach
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham
 
AWS_Architecture_e-commerce
AWS_Architecture_e-commerceAWS_Architecture_e-commerce
AWS_Architecture_e-commerceSEONGTAEK OH
 
Object Oriented Programming with JAVA
Object Oriented Programming with JAVAObject Oriented Programming with JAVA
Object Oriented Programming with JAVADemian Antony DMello
 
제 17회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Catch, Traffic!] : 지하철 혼잡도 및 키워드 분석 데이터 파이프라인 구축
제 17회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Catch, Traffic!] : 지하철 혼잡도 및 키워드 분석 데이터 파이프라인 구축제 17회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Catch, Traffic!] : 지하철 혼잡도 및 키워드 분석 데이터 파이프라인 구축
제 17회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Catch, Traffic!] : 지하철 혼잡도 및 키워드 분석 데이터 파이프라인 구축BOAZ Bigdata
 
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...WhiteSource
 
What's an api
What's an apiWhat's an api
What's an apiJacques Ledoux
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wiresharkn|u - The Open Security Community
 
DDBMS_ Chap 9 Distributed Deadlock & Recovery Deadlock concept
DDBMS_ Chap 9 Distributed Deadlock & Recovery Deadlock conceptDDBMS_ Chap 9 Distributed Deadlock & Recovery Deadlock concept
DDBMS_ Chap 9 Distributed Deadlock & Recovery Deadlock conceptKhushali Kathiriya
 
HowYourAPIBeMyAPI
HowYourAPIBeMyAPIHowYourAPIBeMyAPI
HowYourAPIBeMyAPIJie Liau
 
Herbert Allen
Herbert AllenHerbert Allen
Herbert AllenHerbert Allen
 
apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...
apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...
apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...apidays
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysissecurityxploded
 
CLE Unit - 2 - Information Technology Act
CLE Unit - 2 - Information Technology ActCLE Unit - 2 - Information Technology Act
CLE Unit - 2 - Information Technology ActGyanmanjari Institute Of Technology
 
CLE Unit - 3 - Cyber law and Related Legislation
CLE Unit - 3 - Cyber law and Related LegislationCLE Unit - 3 - Cyber law and Related Legislation
CLE Unit - 3 - Cyber law and Related LegislationGyanmanjari Institute Of Technology
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Wise Person
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyMehrdad Jingoism
 

Mais conteúdo relacionado

Mais procurados

제 14회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [TweetViz팀] : 카프카와 스파크를 통한 tweetdeck 개발
제 14회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [TweetViz팀] : 카프카와 스파크를 통한 tweetdeck 개발제 14회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [TweetViz팀] : 카프카와 스파크를 통한 tweetdeck 개발
제 14회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [TweetViz팀] : 카프카와 스파크를 통한 tweetdeck 개발BOAZ Bigdata
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Ajin Abraham
 
제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Stalker 팀] : 감정분석을 통한 MBTI 기반 개인별 투자 성향 분석
제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Stalker 팀] : 감정분석을 통한 MBTI 기반 개인별 투자 성향 분석제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Stalker 팀] : 감정분석을 통한 MBTI 기반 개인별 투자 성향 분석
제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Stalker 팀] : 감정분석을 통한 MBTI 기반 개인별 투자 성향 분석BOAZ Bigdata
 
Network Analysis Using Wireshark -10- arp and ip analysis
Network Analysis Using Wireshark -10- arp and ip analysis Network Analysis Using Wireshark -10- arp and ip analysis
Network Analysis Using Wireshark -10- arp and ip analysis Yoram Orzach
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham
 
AWS_Architecture_e-commerce
AWS_Architecture_e-commerceAWS_Architecture_e-commerce
AWS_Architecture_e-commerceSEONGTAEK OH
 
Object Oriented Programming with JAVA
Object Oriented Programming with JAVAObject Oriented Programming with JAVA
Object Oriented Programming with JAVADemian Antony DMello
 
제 17회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Catch, Traffic!] : 지하철 혼잡도 및 키워드 분석 데이터 파이프라인 구축
제 17회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Catch, Traffic!] : 지하철 혼잡도 및 키워드 분석 데이터 파이프라인 구축제 17회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Catch, Traffic!] : 지하철 혼잡도 및 키워드 분석 데이터 파이프라인 구축
제 17회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Catch, Traffic!] : 지하철 혼잡도 및 키워드 분석 데이터 파이프라인 구축BOAZ Bigdata
 
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...WhiteSource
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
DDBMS_ Chap 9 Distributed Deadlock & Recovery Deadlock concept
DDBMS_ Chap 9 Distributed Deadlock & Recovery Deadlock conceptDDBMS_ Chap 9 Distributed Deadlock & Recovery Deadlock concept
DDBMS_ Chap 9 Distributed Deadlock & Recovery Deadlock conceptKhushali Kathiriya
 
HowYourAPIBeMyAPI
HowYourAPIBeMyAPIHowYourAPIBeMyAPI
HowYourAPIBeMyAPIJie Liau
 
apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...
apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...
apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...apidays
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 

Mais procurados (20)

제 14회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [TweetViz팀] : 카프카와 스파크를 통한 tweetdeck 개발
제 14회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [TweetViz팀] : 카프카와 스파크를 통한 tweetdeck 개발제 14회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [TweetViz팀] : 카프카와 스파크를 통한 tweetdeck 개발
제 14회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [TweetViz팀] : 카프카와 스파크를 통한 tweetdeck 개발
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
 
제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Stalker 팀] : 감정분석을 통한 MBTI 기반 개인별 투자 성향 분석
제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Stalker 팀] : 감정분석을 통한 MBTI 기반 개인별 투자 성향 분석제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Stalker 팀] : 감정분석을 통한 MBTI 기반 개인별 투자 성향 분석
제 16회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Stalker 팀] : 감정분석을 통한 MBTI 기반 개인별 투자 성향 분석
 
Network Analysis Using Wireshark -10- arp and ip analysis
Network Analysis Using Wireshark -10- arp and ip analysis Network Analysis Using Wireshark -10- arp and ip analysis
Network Analysis Using Wireshark -10- arp and ip analysis
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
 
AWS_Architecture_e-commerce
AWS_Architecture_e-commerceAWS_Architecture_e-commerce
AWS_Architecture_e-commerce
 
Object Oriented Programming with JAVA
Object Oriented Programming with JAVAObject Oriented Programming with JAVA
Object Oriented Programming with JAVA
 
제 17회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Catch, Traffic!] : 지하철 혼잡도 및 키워드 분석 데이터 파이프라인 구축
제 17회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Catch, Traffic!] : 지하철 혼잡도 및 키워드 분석 데이터 파이프라인 구축제 17회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Catch, Traffic!] : 지하철 혼잡도 및 키워드 분석 데이터 파이프라인 구축
제 17회 보아즈(BOAZ) 빅데이터 컨퍼런스 - [Catch, Traffic!] : 지하철 혼잡도 및 키워드 분석 데이터 파이프라인 구축
 
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
 
What's an api
What's an apiWhat's an api
What's an api
 
Web application security
Web application securityWeb application security
Web application security
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
DDBMS_ Chap 9 Distributed Deadlock & Recovery Deadlock concept
DDBMS_ Chap 9 Distributed Deadlock & Recovery Deadlock conceptDDBMS_ Chap 9 Distributed Deadlock & Recovery Deadlock concept
DDBMS_ Chap 9 Distributed Deadlock & Recovery Deadlock concept
 
HowYourAPIBeMyAPI
HowYourAPIBeMyAPIHowYourAPIBeMyAPI
HowYourAPIBeMyAPI
 
Herbert Allen
Herbert AllenHerbert Allen
Herbert Allen
 
apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...
apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...
apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysis
 
CLE Unit - 2 - Information Technology Act
CLE Unit - 2 - Information Technology ActCLE Unit - 2 - Information Technology Act
CLE Unit - 2 - Information Technology Act
 
CLE Unit - 3 - Cyber law and Related Legislation
CLE Unit - 3 - Cyber law and Related LegislationCLE Unit - 3 - Cyber law and Related Legislation
CLE Unit - 3 - Cyber law and Related Legislation
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 

Semelhante a Analysis of Regional Phishing Attack

Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Wise Person
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyMehrdad Jingoism
 
Ceh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsCeh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsMehrdad Jingoism
 
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018Sri Ambati
 
Cisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itCisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itShivamSharma909
 
The evolution of the internet
The evolution of the internetThe evolution of the internet
The evolution of the internetRachelQuince
 
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamCYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamUniversity of Hertfordshire
 
Presentation Tariff Guide for Telecom Consumers
Presentation Tariff Guide for Telecom ConsumersPresentation Tariff Guide for Telecom Consumers
Presentation Tariff Guide for Telecom Consumersmrkhanlodhi
 
Blockchain. The silent revolution.
Blockchain. The silent revolution.Blockchain. The silent revolution.
Blockchain. The silent revolution.AURACHAIN
 
Managing a Crisis in the New World of Social Media
Managing a Crisis in the New World of Social MediaManaging a Crisis in the New World of Social Media
Managing a Crisis in the New World of Social Mediaali Bullock
 
Why Insight Engines Matter in 2020 and Beyond
Why Insight Engines Matter in 2020 and BeyondWhy Insight Engines Matter in 2020 and Beyond
Why Insight Engines Matter in 2020 and BeyondLucidworks
 
10 mobile business apps you should be using
10 mobile business apps you should be using10 mobile business apps you should be using
10 mobile business apps you should be usingBreanna Nathorst
 
Working Like a Network
Working Like a NetworkWorking Like a Network
Working Like a NetworkJonas Altman
 
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerCrypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerGreg Foss
 
Demonolithing The Monolith? Bullocks!
Demonolithing The Monolith? Bullocks!Demonolithing The Monolith? Bullocks!
Demonolithing The Monolith? Bullocks!Scott Sosna
 
Maurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_ThreatsMaurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_ThreatsMaurizio Taffone
 

Semelhante a Analysis of Regional Phishing Attack (20)

Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptography
 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile World
 
Ceh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsCeh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoors
 
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018
 
Reddit Advertising
Reddit AdvertisingReddit Advertising
Reddit Advertising
 
Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer need
 
Cisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itCisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of it
 
The evolution of the internet
The evolution of the internetThe evolution of the internet
The evolution of the internet
 
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamCYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
 
Presentation Tariff Guide for Telecom Consumers
Presentation Tariff Guide for Telecom ConsumersPresentation Tariff Guide for Telecom Consumers
Presentation Tariff Guide for Telecom Consumers
 
Blockchain. The silent revolution.
Blockchain. The silent revolution.Blockchain. The silent revolution.
Blockchain. The silent revolution.
 
Managing a Crisis in the New World of Social Media
Managing a Crisis in the New World of Social MediaManaging a Crisis in the New World of Social Media
Managing a Crisis in the New World of Social Media
 
Why Insight Engines Matter in 2020 and Beyond
Why Insight Engines Matter in 2020 and BeyondWhy Insight Engines Matter in 2020 and Beyond
Why Insight Engines Matter in 2020 and Beyond
 
Croosing
Croosing Croosing
Croosing
 
10 mobile business apps you should be using
10 mobile business apps you should be using10 mobile business apps you should be using
10 mobile business apps you should be using
 
Working Like a Network
Working Like a NetworkWorking Like a Network
Working Like a Network
 
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerCrypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto Farmer
 
Demonolithing The Monolith? Bullocks!
Demonolithing The Monolith? Bullocks!Demonolithing The Monolith? Bullocks!
Demonolithing The Monolith? Bullocks!
 
Maurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_ThreatsMaurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_Threats
 

Último

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 

Último (20)

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 

Analysis of Regional Phishing Attack

  • 1. 1 A n a l y s i s o f R e g i o n a l P h i s h i n g A t t a c k F i s h i n g t h e P h i s h e r s Photo by Johannes Plenio on Unsplash J u n e P a r k @ N a v e r C o r p . [ S e c u r i t y ]
  • 2. 2 J u n e P a r k S e c u r i t y R e s e a r c h e r @ N A V E R C O R P . A b o u t M e - Security Research and Pentesting @ Samsung (10 years) - DEFCON 27 DEMO LABS (Mobile + Cloud Vuln.) - Interest : Phishing, App Security, Cloud Security - june.park@navercorp.com Journey to the Security Expert
  • 3. 3 AGENDA F i s h i n g t h e P h i s h e r s Global Phishing Attack Trends Why Phishing Attacks keep Growing I n t r o d u c t i o n Phishing Campaign Types Analysis of Adversarial Tactics R e g i o n a l P h i s h i n g L a n d s c a p e Previous Research and Limitations Why We Should Be Prepared for Regional Phishing Attack B a c k g r o u n d & M o t i v a t i o n NAVER Anti Phishing System Early Detection and Prevention Mitigation D e t e c t i o n a n d D e f e n s e
  • 4. 4 AGENDA F i s h i n g t h e P h i s h e r s C o n c l u s i o n Case Analysis 1 : Leak Accounts from Darkweb Case Analysis 2 : Kakaotalk Malware and Phishing H o w t o U t i l i z e C T I Real-World Limitations What We Do for Next? D i s c u s s i o n a n d F u t u r e W o r k
  • 5. 5 - Definition - Global Trends P h i s h i n g A t t a c k T r e n d s - Single Point of Failure - Low Effort High Impact W h y P h i s h i n g A t t a c k s k e e p G r o w i n g Introduction F i s h i n g t h e P h i s h e r s
  • 6. 6 h t t p s : / / f a n c i f u l - t a r s i e r - c 2 3 d 0 9 . n e t l i f y . a p p [ N O T N A V E R . C O M ] A c c o u n t L e a k P e r s o n a l D a t a L e a k P r e p a r e N e w A t t a c k I n p u t L o g i n C r e d e n t i a l C r e d e n t i a l D e l i v e r e d T o H a c k e r s Collect and Sell (Dark-Market) Emails, Files in Cloud Contacts, Etc. Abuse the Service Abuse the Account
  • 7. 7 Phishing Reaches All-Time High in Early 2022 I n t h e f i r s t q u a r t e r o f 2 0 2 2 , A P W G o b s e r v e d 1 , 0 2 5 , 9 6 8 t o t a l p h i s h i n g a t t a c k s . T h i s w a s t h e w o r s t q u a r t e r f o r p h i s h i n g t h a t A P W G h a s e v e r o b s e r v e d , a n d t h e f i r s t t i m e t h a t t h e q u a r t e r l y t o t a l h a s e x c e e d e d o n e m i l l i o n P h ish in g At t a cks, 2 Q2 0 2 1 ~ 1 Q2 0 2 2 b y A P W G G l o b a l T r e n d s
  • 8. 8 FBI Crime Report 2020 - 2021 The type of cybercrime with the most victims in 2020 was phishing. In 2021, this trend also continued, resulting in the largest number of victims by phishing. G l o b a l T r e n d s Photo by Setyaki Irham on Unsplash
  • 9. 9 Single Point of Failure W h y P h i s h i n g A t t a c k s k e e p G r o w i n g On the portal site, users can use all detailed services with a single log-in. Paradoxically, this presents an opportunity for hackers. V i c t i m ’ s C r e d e n t i a l ( S i n g l e P o i n t ) H a c k e r s H a c k e r s T a k e A l l
  • 10. 10 Low Effort Phishing attacks are less difficult than malware or zero-day exploit attacks. High Impact However, the benefits of successful phishing attacks are huge. P h o t o b y D r e w C o f f m a n o n U n s p l a s h P h o t o b y S h a n e o n U n s p l a s h
  • 11. 11 - Inferring Phishing Intention via Webpage Appearance and Dynamics - Google Safe Browsing with ML P r e v i o u s R e s e a r c h - Limitations - Blacklist - Limitations – Adversary’s Tactics - No One Knows Better than You B e P r e p a r e d f o r R e g i o n a l P h i s h i n g Background & Motivation F i s h i n g t h e P h i s h e r s Photo by Aaron Huber on Unsplash
  • 12. 12 Inferring Phishing Intention via Webpage Appearance and Dynamics ( U S E N I X 2 0 2 2 ) P r e v i o u s R e s e a r c h AWL describing the regions and positions of UI components A b s t r a c t W e b p a g e L a y o u t build a CRP classifier that takes the screenshot and the AWL as input, and classifies whether the webpage requires user credentials. C R P C l a s s i f i c a t i o n Emulating user clicks on the reported links/buttons, and retrieve new redirected URLs along with their screenshots and HTML codes C R P T r a n s i t i o n L o c a t i o n
  • 13. 13 Building a more helpful browser with machine learning ( G o o g l e S e c u r i t y ) P r e v i o u s R e s e a r c h identifies 2.5 times more potentially malicious sites and phishing attacks as the previous model R o l l e d O u t a N e w M L M o d e l Chrome predicts when permission prompts are unlikely to be granted based on how the user previously interacted with similar permission prompts, and silences these undesired prompts. I m p r o v e T h e B r o w s i n g E x p e r i e n c e ,
  • 14. 14 But, Why Browser Fail to Detect B e P r e p a r e d f o r R e g i o n a l P h i s h i n g D e t e c t i o n t e c h n i q u e s a r e e v o l v i n g , b u t d e t e c t i o n r a t e s f o r r e g i o n a l p h i s h i n g a r e s t i l l i n s u f f i c i e n t . C h r o m e , E d g e S a f a r i , E t c .
  • 15. 15 Attacker Victims @ Google Safe Browsing Blacklisted D-Day D+7 (Average) Phishing Campaign Start Limitations - Blacklist B e P r e p a r e d f o r R e g i o n a l P h i s h i n g I t t a k e s a n a v e r a g e o f 7 d a y s f o r p h i s h i n g a t t a c k s t o b e b l a c k l i s t e d . Browsers Don’t Detect Now Browsers Detect As Phishing Site Victims
  • 16. 16 • I P B l a c k l i s t • U s e r - A g e n t C h e c k i n g • R e f e r r e r C h e c k i n g • P a r a m e t e r C h e c k i n g Limitations – Adversary’s Tactics B e P r e p a r e d f o r R e g i o n a l P h i s h i n g Y o u w a n t t o d i s c o v e r p h i s h i n g s i t e B u t , Y o u w i l l s e e G o o g l e B y p a s s i n g t e c h n i q u e s Attackers utilize bypassing techniques not to be captured by phishing hunters.
  • 17. 17 “No One Knows Your Brand Better than You” T h a t ’ s w h y W e S t u d y N a v e r P h i s h i n g
  • 18. 18 - 3 Types of Phishing P h i s h i n g C a m p a i g n T y p e s - Sophisticated Phishing - Domain Squatting with HTTPS - Phishing Emails with Social Engineering - Credential Redirection - Circumventing Techniques A n a l y s i s o f A d v e r s a r i a l T a c t i c s Regional Phishing Landscape F i s h i n g t h e P h i s h e r s Photo by Aaron Huber on Unsplash
  • 19. 19 The goal of this type is to steal information from the target. It uses social engineering techniques to lure victims to phishing sites. S o ph ist ica t ed P h ish in g Phishing pages are displayed only when accessed through the search engine. It is a phishing attack against an unspecified number of users. S ea rch Abuse P h ish in g It is a fraudulent method of stealing accounts and money by luring victims after registering false sales in the ”Joonggonara Café” Jo o n g g o n a ra P h ish in g 3 Types of Phishing P h i s h i n g C a m p a i g n T y p e s
  • 20. 20 Build Phishing Site STAGE A Send Phishing Emails STAGE B Account Hijacking STAGE C Steal Information STAGE D [1] Sophisticated Phishing -Attack Flow A n a l y s i s o f A d v e r s a r i a l T a c t i c s Adversary’s Tactics • Domain Squatting • Free TLS Certificates • Collecting Emails • Social Engineering • Credential Redirection with Proxy Configuration • Change Security Setting • IMAP/POP3 Setting A s t h e m o s t s o p h i s t i c a t e d t y p e o f p h i s h i n g a t t a c k , v a r i o u s t e c h n i q u e s a r e u s e d t o i n c r e a s e t h e a t t a c k s u c c e s s r a t e .
  • 21. 21 A n a l y s i s o f A d v e r s a r i a l T a c t i c s Registering domains similar to Naver, causing the victim to recognize the phishing site as normal. • navers.co.in • help-navers.com • account.nhn-signer.kro.kr • nid.naversec.o-r.kr • nidserver.naverrer.com D o m a i n S q u a t t i n g E x a m p l e + = Attackers implement HTTPS phishing sites using free certificates. It allows an adversary to avoid a browser warning of missing a valid certificates. [1] Sophisticated Phishing -Domain Squatting with HTTPS
  • 22. 22 A n a l y s i s o f A d v e r s a r i a l T a c t i c s [1] Sophisticated Phishing -Phishing Emails with Social Eng. most of the email titles include attention-grabbing information. T o l u r e v i c t i m s
  • 23. 23 A n a l y s i s o f A d v e r s a r i a l T a c t i c s [1] Sophisticated Phishing -Credential Redirection F o r w a r d C r e d e n t i a l I n p u t C r e d e n t i a l F o r w a r d C r e d e n t i a l R e s p o n s e S e s s i o n L o g g i n g C r e d e n t i a l i f r e s p o n s e i s O K P h i s h i n g S i t e ( P r o x y ) h t t p s : / / w w w . n a v e r . c o m V i c t i m P r o x y c o n f i g u r a t i o n f o r r e d i r e c t i n g a v i c t i m ' s c r e d e n t i a l . A n a t t a c k e r o b t a i n s a w o r k i n g c r e d e n t i a l w h e n a v i c t i m h a s s u c c e s s f u l l y s i g n e d i n a t a r g e t w e b s i t e .
  • 24. 24 A n a l y s i s o f A d v e r s a r i a l T a c t i c s [1] Sophisticated Phishing - Circumventing Techniques A t t a c k e r s u t i l i z e b y p a s s i n g t e c h n i q u e s n o t t o b e c a p t u r e d b y p h i s h i n g h u n t e r s . p h i s h i n g s i t e c a n b e a c c e s s i b l e s o l e l y w h e n a c e r t a i n c o n d i t i o n i s m e t w h e r e a n e m p t y p a g e o r a r b i t r a r y w e b s i t e w o u l d b e r e t u r n e d / r e d i r e c t e d o t h e r w i s e . N o R e f e r r e r : R e d i r e c t t o G o o g l e N o P a r a m e t e r s : 4 0 4 n o t f o u n d P a r a m e t e r + R e f e r r e r : P h i s h i n g
  • 25. 25 [2] Search Abuse Phishing -Script Call Chaining A n a l y s i s o f A d v e r s a r i a l T a c t i c s A t t a c k e r s p l a n t m a l i c i o u s s c r i p t s o n h a c k e d s e r v e r s a n d d e s i g n t h e m t o b e c a l l e d i n a c h a i n . S i t e A S i t e c C o m p r o m i s e d … S i t e B a a . c o m / j s _ c o m m o n . j s b b . c o m / l o g i n . j s c c . c o m / l o g i n . p h p 2 - 1 . C a l l 2 - 2 , C a l l 1 . S e a r c h & F o l l o w L i n k s 2 - 3 . C a l l 3 . R e t u r n P h i s h i n g P a g e S i t e D 4 . S e n d C r e d e n t i a l s C o m p r o m i s e d P h i s h i n g S h o w u p w i t h < i f r a m e > p o p - u p I n s o m e c a s e s , c r e d e n t i a l s a r e e n c r y p t e d ( R S A ) b l a h b l a h . t x t
  • 26. 26 [2] Search Abuse Phishing - Circumventing Techniques A n a l y s i s o f A d v e r s a r i a l T a c t i c s p h i s h i n g s i t e c a n b e a c c e s s i b l e s o l e l y w h e n a c e r t a i n c o n d i t i o n i s m e t R e f e r r e r C h e c k ( I f v i c t i m s f o l l o w e d s e a r c h e n g i n e l i n k s ) C o o k i e C h e c k ( P h i s h i n g o n l y w o r k s o n f i r s t v i s i t ) T i m e C h e c k ( P h i s h i n g o n l y w o r k s a t s p e c i f i e d t i m e ) C r e d e n t i a l E n c r y p t i o n ( T o d i s r u p t a c c o u n t p r o t e c t i o n a c t i v i t i e s ) Phishing works If all conditions are met
  • 27. 27 [2] Search Abuse Phishing -Social Engineering A n a l y s i s o f A d v e r s a r i a l T a c t i c s I n o r d e r t o l u r e a s m a n y v i c t i m s a s p o s s i b l e t o p h i s h i n g s i t e s , a t t a c k e r s h a c k e d s i t e s t h a t c o u l d b e t r e n d i n g a n d u s e d t h e m f o r p h i s h i n g . JANUARY FEBRUARY MARCH APRIL MAY JUNE Popular topics can be targeted by hackers. P O P U L A R I T Y
  • 28. 28 [3] Joonggonara Phishing -Attack Flow A n a l y s i s o f A d v e r s a r i a l T a c t i c s 1 . R e g i s t e r B a i t I t e m s 2 . C o n t a c t C o n t a c t m e v i a K a k a o t a l k 3 . A c t i v a t e & D e l i v e r P h i s h i n g U R L 4 . I n p u t C r e d e n t i a l s T h e p h i s h i n g k i t o f f e r s a n a u t o m a t i o n o f t h e w h o l e p h i s h i n g p r o c e s s i n g i n c l u d i n g t h e p r e p a r a t i o n o f a p h i s h i n g w e b s i t e . s e n s i t i v e i n f o r m a t i o n o b t a i n e d f r o m t h e v i c t i m c a n b e c o m p r o m i s e d f o r a p h i s h i n g a t t a c k i n t h e f u t u r e .
  • 29. 29 [3] Joonggonara Phishing -Hit and Run A n a l y s i s o f A d v e r s a r i a l T a c t i c s 2 . C o n t a c t 3 . A c t i v a t e & D e l i v e r P h i s h i n g U R L 4 . I n p u t C r e d e n t i a l s P h i s h i n g U R L i s a v a i l a b l e f o r o n l y f e w m i n u t e s
  • 30. 30 - Mission & Goal - System Overview - Certificate Transparency Monitoring - Spam Detector - Whale CSD (Client-Side Detection) - Profiling Adversary N A V E R A n t i P h i s h i n g S y s t e m - Break the Chain - Victim Recognition and Protection - NAVER Safe Browsing - APWG - User Interface Improvements P r e v e n t i o n Detection & Defense F i s h i n g t h e P h i s h e r s Photo by charlesdeluvio on Unsplash
  • 31. 31 Mission & Goal N A V E R A n t i P h i s h i n g S y s t e m O u r m i s s i o n i s t o d e t e c t N a v e r p h i s h i n g a s q u i c k l y a s p o s s i b l e a n d t o p r o t e c t u s e r s f r o m v a r i o u s p h i s h i n g a t t a c k s . WRITE HERE YOUR GREAT AND NICE Y O U C A N W R I T E H E R E A company is an association or collection of individuals, whether natural persons, legal persons, or a mixture of both.
  • 32. 32 CT Monitoring Spam Detector Whale CSD Logs User Logs Detect newly created phishing domains early through certificate transparency monitoring. P h i s h i n g D o m a i n Record and analyze phishing site information detected by the Whale browser (client side). P h i s h i n g U R L Categorize phishing mail among spam mails reported by users and extract phishing URLs. P h i s h i n g M a i l & U R L Analyze logs for suspected attackers to prepare for future phishing attacks. A d v e r s a r y P r o f i l e N A P S System Overview N a v e r A n t i P h i s h i n g S y s t e m
  • 33. 33 CT Monitoring N a v e r A n t i P h i s h i n g S y s t e m W h e n a u s e r r e q u e s t s a n S S L / T L S c e r t i f i c a t e , a C A m u s t ( f r o m A p r i l 1 , 2 0 1 8 ) s u b m i t t h e c e r t i f i c a t e d e t a i l s t o a C T l o g . Factors Risk Score Example Suspicious TLD Navers.co.{in} TLD as Domain Naver.{com}.co Brand Keyword {nid.naver.com}.de Suspicious Keyword {nid}.never-{cloud}ing.com Domain Squatting Members.{never}.com # of Hyphens {nid.naver.com-user06-nidlogin}.me # of Sub Domains naver{.}nid{.}coms{.}party Free Certificate Let’s Encrypt or Zero SSL C a l c u l a t e C h e c k P h i s h i n g R e g i s t e r t o B l a c k l i s t
  • 34. 34 Spam Detector N a v e r A n t i P h i s h i n g S y s t e m A m o n g s p a m e m a i l s r e p o r t e d b y u s e r s , s u s p e c t e d p h i s h i n g e m a i l s a r e c l a s s i f i e d a n d a n a l y z e d b y t h e s e c u r i t y t e a m . S e n d a p h i s h i n g m a i l S P A M D B R e p o r t ! K e y w o r d _ A K e y w o r d _ C K e y w o r d _ B K e y w o r d _ E K e y w o r d _ D K e y w o r d _ F K e y w o r d _ G K e y w o r d _ H C h e c k P h i s h i n g R e g i s t e r t o B l a c k l i s t
  • 35. 35 Whale CSD Logs N a v e r A n t i P h i s h i n g S y s t e m T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . P h i s h i n g F e a t u r e E x t r a c t i o n C h e c k P h i s h i n g R e g i s t e r t o B l a c k l i s t
  • 36. 36 Profiling Adversary N a v e r A n t i P h i s h i n g S y s t e m T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . S M T P S e r v e r I n f o . F r o m A d d r e s s ( S e n d e r ) T a r g e t A d d r e s s ( R e c e i v e r ) … H o s t i n g S e r v e r I n f o . P r o x y S e r v e r I n f o . P a s s i v e D N S … M a k e a p r o f i l e o f A d v e r s a r y G r o u p A G r o u p B G r o u p C M a t c h N e w P h i s h i n g D e t e c t e d
  • 37. 37 Break the Chain P r e v e n t i o n B y a n a l y z i n g t h e e l e m e n t s o f e a c h s t a g e o f a p h i s h i n g a t t a c k a n d b r e a k i n g t h e l i n k , w e p r e v e n t t h e s p r e a d o f d a m a g e . • Block targeted phishing attacks • prevent the spread of victims Block Phishing Mails Block Phishing URLs Victim Protection Improve Usable Security • Block users accessing phishing URLs • Account protection and information leakage prevention for phishing victim accounts • Increase user awareness of phishing attacks
  • 38. 38 Break the Chain P r e v e n t i o n B y a n a l y z i n g t h e e l e m e n t s o f e a c h s t a g e o f a p h i s h i n g a t t a c k a n d b r e a k i n g t h e l i n k , w e p r e v e n t t h e s p r e a d o f d a m a g e . Attacker Blocked @ Google Safe Browsing Blacklisted D-Day D+7 (Average) Phishing Campaign Start Now Other Browsers Detect As Phishing Site Phish! @ NAPS in 24 Hours Detected by Naver Safe Browsing Blocked D+1 (Average)
  • 39. 39 Victim Recognition and Protection P r e v e n t i o n T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . F o r w a r d C r e d e n t i a l I n p u t C r e d e n t i a l F o r w a r d C r e d e n t i a l R e s p o n s e S e s s i o n L o g g i n g C r e d e n t i a l i f r e s p o n s e i s O K P h i s h i n g S i t e ( P r o x y ) h t t p s : / / w w w . n a v e r . c o m V i c t i m H o s t i n g A d d r e s s x . x . x . x y . y . y . y z . z . z . z L o g i n H i s t o r y v i c t i m _ 0 0 1 : x . x . x . x v i c t i m _ 0 0 2 : x . x . x . x v i c t i m _ 0 0 3 : x . x . x . x V i c t i m R e c h o g n i t i o n V e r i f i c a t i o n & P r o t e c t i o n
  • 40. 40 NAVER Safe Browsing P r e v e n t i o n T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . CT Monitoring Spam Detector Whale CSD Logs User Logs N A P S + Block Naver Phishing
  • 41. 41 NAVER Safe Browsing with Whale P r e v e n t i o n O t h e r b r o w s e r s c a n n o t d e t e c t N a v e r p h i s h i n g w i t h t h e d e t e c t i o n b y p a s s t e c h n i q u e a p p l i e d . W h a l e i s p o s s i b l e , b e c a u s e w e h a v e a t e a m t h a t s p e c i a l i z e s i n a n a l y z i n g a n d r e s p o n d i n g t o N a v e r p h i s h i n g . S a f a r i , E d g e , E t c . N a v e r W h a l e <
  • 42. 42 Strengthen warning messages when accessing phishing sites C h a n g e t h e W a r n i n g S c r e e n Provides notification when user security anomalies are detected E n h a n c e d S e c u r i t y A l e r t Conduct security enhancement campaigns to prevent phishing S e c u r i t y C a m p a i g n Our security and service teams are collaborating to improve usable security, and the results are continuously reflected in our services. User Interface Improvements P r e v e n t i o n W e a r e i m p r o v i n g t h e u s e r i n t e r f a c e t o i n f o r m u s e r s a b o u t p h i s h i n g s i t e s . A S - I S T o - B E
  • 43. 43 OUR LATEST ACHIEVEMENTS IN NUMBERS P r e v e n t i o n T h e N a v e r S e c u r i t y T e a m i s c o n t i n u o u s l y r e s e a r c h i n g p h i s h i n g a t t a c k s a n d a c t i v e l y r e s p o n d i n g t o t h e m . 8000+ Registered @ Naver Safe Browsing Naver Phishing 400K+ Blocked Proactively Phishing Mail 1M+ Blocked by Naver Safe Browsing Phishing URLs 5+ Utilize Phishing Data APPS
  • 44. 44 C a s e A n a l y s i s 1 : D a r k w e b C a s e A n a l y s i s 1 : K a k a o t a l k M a l w a r e a n d P h i s h i n g How to Utilize CTI F i s h i n g t h e P h i s h e r s Photo by AbsolutVision on Unsplash
  • 45. 45 We are monitoring various channels to protect Naver accounts from being leaked on the Internet. We protect leaked accounts by analyzing information collected from OSINT, Telegram, etc. In addition, accounts leaked on darkweb or leaked by malware are monitored and protected. Behind the Scene to Protect Users D a r k w e b Photo by Ryoji Iwata on Unsplash u s e r 0 0 1 / q w e 1 2 3 4 ~ ! u s e r 0 0 2 / u s e r ! @ u s e r 0 0 3 / p a s s c o d e # @
  • 46. 46 CTI Information Sharing K a k a o t a l k m a l w a r e a n d P h i s h i n g T h r o u g h r a p i d i n f o r m a t i o n s h a r i n g , i t i s p o s s i b l e t o a n a l y z e a n d r e s p o n d t o r i s k f a c t o r s t h a t m a y o c c u r i n N a v e r .
  • 47. 47 R e a l - w o r l d P r o b l e m N e x t S t e p Discussion & Future work F i s h i n g t h e P h i s h e r s Photo by AbsolutVision on Unsplash
  • 48. 48 Why Don’t We Cooperate? R e a l - W o r l d P r o b l e m I n o r d e r t o r e s p o n d t o p h i s h i n g i n t h e r e g i o n , i n c l u d i n g N a v e r , c o o p e r a t i o n a n d i n f o r m a t i o n s h a r i n g a r e e s s e n t i a l . I n v e s t i g a t i o n o f h a c k e d s e r v e r s It should be possible to quickly retrieve the phishing victim accounts collected by the attacker. I n v e s t i g a t i o n o f s c a m m e r s It is necessary to investigate fraudsters who steal not only accounts, but also personal information and money. s h a r i n g o f p h i s h i n g i n f o r m a t i o n Collaborative response is needed rather than individual battles Photo by Aubrey Odom-Mabey on Unsplash
  • 49. 49 The More We Care, The Safer Naver is N e x t S t e p W e a r e r e s e a r c h i n g p h i s h i n g a t t a c k s a n d w o r k i n g h a r d t o r e f l e c t t h e m i n o u r s e r v i c e . E x p a n d i n g S a f e B r o w s i n g Building a safe service ecosystem from phishing C o o p e r a t i o n w i t h … Organization, Internet company, T.I, Etc. R e s e a r c h & D e v e l o p m e n t Phishing analysis and response automation Photo by Kelly Sikkema on Unsplash
  • 50. 50 Conclusion F i s h i n g t h e P h i s h e r s Photo by AbsolutVision on Unsplash
  • 51. 51 GET IN TOUCH WITH US L O C A T I O N NA V ER 17 84 C O N T A C T M E j un e .park@n ave rc orp.c om