SlideShare ist ein Scribd-Unternehmen logo

Analysis of Regional Phishing Attack

June Park
June Park

This presentation describes the types and characteristics of regional phishing attacks. We also describe the limitations of the phishing defense system of global browsers such as Google Chrome, and suggest ways to overcome them.

Software
1 von 51
Downloaden Sie, um offline zu lesen
1 A n a l y s i s o f R e g i o n a l P h i s h i n g A t t a c k F i s h i n g t h e P h i s h e r s Photo by Johannes Plenio on Unsplash J u n e P a r k @ N a v e r C o r p . [ S e c u r i t y ]
2 J u n e P a r k S e c u r i t y R e s e a r c h e r @ N A V E R C O R P . A b o u t M e - Security Research and Pentesting @ Samsung (10 years) - DEFCON 27 DEMO LABS (Mobile + Cloud Vuln.) - Interest : Phishing, App Security, Cloud Security - june.park@navercorp.com Journey to the Security Expert
3 AGENDA F i s h i n g t h e P h i s h e r s Global Phishing Attack Trends Why Phishing Attacks keep Growing I n t r o d u c t i o n Phishing Campaign Types Analysis of Adversarial Tactics R e g i o n a l P h i s h i n g L a n d s c a p e Previous Research and Limitations Why We Should Be Prepared for Regional Phishing Attack B a c k g r o u n d & M o t i v a t i o n NAVER Anti Phishing System Early Detection and Prevention Mitigation D e t e c t i o n a n d D e f e n s e
4 AGENDA F i s h i n g t h e P h i s h e r s C o n c l u s i o n Case Analysis 1 : Leak Accounts from Darkweb Case Analysis 2 : Kakaotalk Malware and Phishing H o w t o U t i l i z e C T I Real-World Limitations What We Do for Next? D i s c u s s i o n a n d F u t u r e W o r k
5 - Definition - Global Trends P h i s h i n g A t t a c k T r e n d s - Single Point of Failure - Low Effort High Impact W h y P h i s h i n g A t t a c k s k e e p G r o w i n g Introduction F i s h i n g t h e P h i s h e r s
6 h t t p s : / / f a n c i f u l - t a r s i e r - c 2 3 d 0 9 . n e t l i f y . a p p [ N O T N A V E R . C O M ] A c c o u n t L e a k P e r s o n a l D a t a L e a k P r e p a r e N e w A t t a c k I n p u t L o g i n C r e d e n t i a l C r e d e n t i a l D e l i v e r e d T o H a c k e r s Collect and Sell (Dark-Market) Emails, Files in Cloud Contacts, Etc. Abuse the Service Abuse the Account
7 Phishing Reaches All-Time High in Early 2022 I n t h e f i r s t q u a r t e r o f 2 0 2 2 , A P W G o b s e r v e d 1 , 0 2 5 , 9 6 8 t o t a l p h i s h i n g a t t a c k s . T h i s w a s t h e w o r s t q u a r t e r f o r p h i s h i n g t h a t A P W G h a s e v e r o b s e r v e d , a n d t h e f i r s t t i m e t h a t t h e q u a r t e r l y t o t a l h a s e x c e e d e d o n e m i l l i o n P h ish in g At t a cks, 2 Q2 0 2 1 ~ 1 Q2 0 2 2 b y A P W G G l o b a l T r e n d s
8 FBI Crime Report 2020 - 2021 The type of cybercrime with the most victims in 2020 was phishing. In 2021, this trend also continued, resulting in the largest number of victims by phishing. G l o b a l T r e n d s Photo by Setyaki Irham on Unsplash
9 Single Point of Failure W h y P h i s h i n g A t t a c k s k e e p G r o w i n g On the portal site, users can use all detailed services with a single log-in. Paradoxically, this presents an opportunity for hackers. V i c t i m ’ s C r e d e n t i a l ( S i n g l e P o i n t ) H a c k e r s H a c k e r s T a k e A l l
10 Low Effort Phishing attacks are less difficult than malware or zero-day exploit attacks. High Impact However, the benefits of successful phishing attacks are huge. P h o t o b y D r e w C o f f m a n o n U n s p l a s h P h o t o b y S h a n e o n U n s p l a s h
11 - Inferring Phishing Intention via Webpage Appearance and Dynamics - Google Safe Browsing with ML P r e v i o u s R e s e a r c h - Limitations - Blacklist - Limitations – Adversary’s Tactics - No One Knows Better than You B e P r e p a r e d f o r R e g i o n a l P h i s h i n g Background & Motivation F i s h i n g t h e P h i s h e r s Photo by Aaron Huber on Unsplash
12 Inferring Phishing Intention via Webpage Appearance and Dynamics ( U S E N I X 2 0 2 2 ) P r e v i o u s R e s e a r c h AWL describing the regions and positions of UI components A b s t r a c t W e b p a g e L a y o u t build a CRP classifier that takes the screenshot and the AWL as input, and classifies whether the webpage requires user credentials. C R P C l a s s i f i c a t i o n Emulating user clicks on the reported links/buttons, and retrieve new redirected URLs along with their screenshots and HTML codes C R P T r a n s i t i o n L o c a t i o n
13 Building a more helpful browser with machine learning ( G o o g l e S e c u r i t y ) P r e v i o u s R e s e a r c h identifies 2.5 times more potentially malicious sites and phishing attacks as the previous model R o l l e d O u t a N e w M L M o d e l Chrome predicts when permission prompts are unlikely to be granted based on how the user previously interacted with similar permission prompts, and silences these undesired prompts. I m p r o v e T h e B r o w s i n g E x p e r i e n c e ,
14 But, Why Browser Fail to Detect B e P r e p a r e d f o r R e g i o n a l P h i s h i n g D e t e c t i o n t e c h n i q u e s a r e e v o l v i n g , b u t d e t e c t i o n r a t e s f o r r e g i o n a l p h i s h i n g a r e s t i l l i n s u f f i c i e n t . C h r o m e , E d g e S a f a r i , E t c .
15 Attacker Victims @ Google Safe Browsing Blacklisted D-Day D+7 (Average) Phishing Campaign Start Limitations - Blacklist B e P r e p a r e d f o r R e g i o n a l P h i s h i n g I t t a k e s a n a v e r a g e o f 7 d a y s f o r p h i s h i n g a t t a c k s t o b e b l a c k l i s t e d . Browsers Don’t Detect Now Browsers Detect As Phishing Site Victims
16 • I P B l a c k l i s t • U s e r - A g e n t C h e c k i n g • R e f e r r e r C h e c k i n g • P a r a m e t e r C h e c k i n g Limitations – Adversary’s Tactics B e P r e p a r e d f o r R e g i o n a l P h i s h i n g Y o u w a n t t o d i s c o v e r p h i s h i n g s i t e B u t , Y o u w i l l s e e G o o g l e B y p a s s i n g t e c h n i q u e s Attackers utilize bypassing techniques not to be captured by phishing hunters.
17 “No One Knows Your Brand Better than You” T h a t ’ s w h y W e S t u d y N a v e r P h i s h i n g
18 - 3 Types of Phishing P h i s h i n g C a m p a i g n T y p e s - Sophisticated Phishing - Domain Squatting with HTTPS - Phishing Emails with Social Engineering - Credential Redirection - Circumventing Techniques A n a l y s i s o f A d v e r s a r i a l T a c t i c s Regional Phishing Landscape F i s h i n g t h e P h i s h e r s Photo by Aaron Huber on Unsplash
19 The goal of this type is to steal information from the target. It uses social engineering techniques to lure victims to phishing sites. S o ph ist ica t ed P h ish in g Phishing pages are displayed only when accessed through the search engine. It is a phishing attack against an unspecified number of users. S ea rch Abuse P h ish in g It is a fraudulent method of stealing accounts and money by luring victims after registering false sales in the ”Joonggonara Café” Jo o n g g o n a ra P h ish in g 3 Types of Phishing P h i s h i n g C a m p a i g n T y p e s
20 Build Phishing Site STAGE A Send Phishing Emails STAGE B Account Hijacking STAGE C Steal Information STAGE D [1] Sophisticated Phishing -Attack Flow A n a l y s i s o f A d v e r s a r i a l T a c t i c s Adversary’s Tactics • Domain Squatting • Free TLS Certificates • Collecting Emails • Social Engineering • Credential Redirection with Proxy Configuration • Change Security Setting • IMAP/POP3 Setting A s t h e m o s t s o p h i s t i c a t e d t y p e o f p h i s h i n g a t t a c k , v a r i o u s t e c h n i q u e s a r e u s e d t o i n c r e a s e t h e a t t a c k s u c c e s s r a t e .
21 A n a l y s i s o f A d v e r s a r i a l T a c t i c s Registering domains similar to Naver, causing the victim to recognize the phishing site as normal. • navers.co.in • help-navers.com • account.nhn-signer.kro.kr • nid.naversec.o-r.kr • nidserver.naverrer.com D o m a i n S q u a t t i n g E x a m p l e + = Attackers implement HTTPS phishing sites using free certificates. It allows an adversary to avoid a browser warning of missing a valid certificates. [1] Sophisticated Phishing -Domain Squatting with HTTPS
22 A n a l y s i s o f A d v e r s a r i a l T a c t i c s [1] Sophisticated Phishing -Phishing Emails with Social Eng. most of the email titles include attention-grabbing information. T o l u r e v i c t i m s
23 A n a l y s i s o f A d v e r s a r i a l T a c t i c s [1] Sophisticated Phishing -Credential Redirection F o r w a r d C r e d e n t i a l I n p u t C r e d e n t i a l F o r w a r d C r e d e n t i a l R e s p o n s e S e s s i o n L o g g i n g C r e d e n t i a l i f r e s p o n s e i s O K P h i s h i n g S i t e ( P r o x y ) h t t p s : / / w w w . n a v e r . c o m V i c t i m P r o x y c o n f i g u r a t i o n f o r r e d i r e c t i n g a v i c t i m ' s c r e d e n t i a l . A n a t t a c k e r o b t a i n s a w o r k i n g c r e d e n t i a l w h e n a v i c t i m h a s s u c c e s s f u l l y s i g n e d i n a t a r g e t w e b s i t e .
24 A n a l y s i s o f A d v e r s a r i a l T a c t i c s [1] Sophisticated Phishing - Circumventing Techniques A t t a c k e r s u t i l i z e b y p a s s i n g t e c h n i q u e s n o t t o b e c a p t u r e d b y p h i s h i n g h u n t e r s . p h i s h i n g s i t e c a n b e a c c e s s i b l e s o l e l y w h e n a c e r t a i n c o n d i t i o n i s m e t w h e r e a n e m p t y p a g e o r a r b i t r a r y w e b s i t e w o u l d b e r e t u r n e d / r e d i r e c t e d o t h e r w i s e . N o R e f e r r e r : R e d i r e c t t o G o o g l e N o P a r a m e t e r s : 4 0 4 n o t f o u n d P a r a m e t e r + R e f e r r e r : P h i s h i n g
25 [2] Search Abuse Phishing -Script Call Chaining A n a l y s i s o f A d v e r s a r i a l T a c t i c s A t t a c k e r s p l a n t m a l i c i o u s s c r i p t s o n h a c k e d s e r v e r s a n d d e s i g n t h e m t o b e c a l l e d i n a c h a i n . S i t e A S i t e c C o m p r o m i s e d … S i t e B a a . c o m / j s _ c o m m o n . j s b b . c o m / l o g i n . j s c c . c o m / l o g i n . p h p 2 - 1 . C a l l 2 - 2 , C a l l 1 . S e a r c h & F o l l o w L i n k s 2 - 3 . C a l l 3 . R e t u r n P h i s h i n g P a g e S i t e D 4 . S e n d C r e d e n t i a l s C o m p r o m i s e d P h i s h i n g S h o w u p w i t h < i f r a m e > p o p - u p I n s o m e c a s e s , c r e d e n t i a l s a r e e n c r y p t e d ( R S A ) b l a h b l a h . t x t
26 [2] Search Abuse Phishing - Circumventing Techniques A n a l y s i s o f A d v e r s a r i a l T a c t i c s p h i s h i n g s i t e c a n b e a c c e s s i b l e s o l e l y w h e n a c e r t a i n c o n d i t i o n i s m e t R e f e r r e r C h e c k ( I f v i c t i m s f o l l o w e d s e a r c h e n g i n e l i n k s ) C o o k i e C h e c k ( P h i s h i n g o n l y w o r k s o n f i r s t v i s i t ) T i m e C h e c k ( P h i s h i n g o n l y w o r k s a t s p e c i f i e d t i m e ) C r e d e n t i a l E n c r y p t i o n ( T o d i s r u p t a c c o u n t p r o t e c t i o n a c t i v i t i e s ) Phishing works If all conditions are met
27 [2] Search Abuse Phishing -Social Engineering A n a l y s i s o f A d v e r s a r i a l T a c t i c s I n o r d e r t o l u r e a s m a n y v i c t i m s a s p o s s i b l e t o p h i s h i n g s i t e s , a t t a c k e r s h a c k e d s i t e s t h a t c o u l d b e t r e n d i n g a n d u s e d t h e m f o r p h i s h i n g . JANUARY FEBRUARY MARCH APRIL MAY JUNE Popular topics can be targeted by hackers. P O P U L A R I T Y
28 [3] Joonggonara Phishing -Attack Flow A n a l y s i s o f A d v e r s a r i a l T a c t i c s 1 . R e g i s t e r B a i t I t e m s 2 . C o n t a c t C o n t a c t m e v i a K a k a o t a l k 3 . A c t i v a t e & D e l i v e r P h i s h i n g U R L 4 . I n p u t C r e d e n t i a l s T h e p h i s h i n g k i t o f f e r s a n a u t o m a t i o n o f t h e w h o l e p h i s h i n g p r o c e s s i n g i n c l u d i n g t h e p r e p a r a t i o n o f a p h i s h i n g w e b s i t e . s e n s i t i v e i n f o r m a t i o n o b t a i n e d f r o m t h e v i c t i m c a n b e c o m p r o m i s e d f o r a p h i s h i n g a t t a c k i n t h e f u t u r e .
29 [3] Joonggonara Phishing -Hit and Run A n a l y s i s o f A d v e r s a r i a l T a c t i c s 2 . C o n t a c t 3 . A c t i v a t e & D e l i v e r P h i s h i n g U R L 4 . I n p u t C r e d e n t i a l s P h i s h i n g U R L i s a v a i l a b l e f o r o n l y f e w m i n u t e s
30 - Mission & Goal - System Overview - Certificate Transparency Monitoring - Spam Detector - Whale CSD (Client-Side Detection) - Profiling Adversary N A V E R A n t i P h i s h i n g S y s t e m - Break the Chain - Victim Recognition and Protection - NAVER Safe Browsing - APWG - User Interface Improvements P r e v e n t i o n Detection & Defense F i s h i n g t h e P h i s h e r s Photo by charlesdeluvio on Unsplash
31 Mission & Goal N A V E R A n t i P h i s h i n g S y s t e m O u r m i s s i o n i s t o d e t e c t N a v e r p h i s h i n g a s q u i c k l y a s p o s s i b l e a n d t o p r o t e c t u s e r s f r o m v a r i o u s p h i s h i n g a t t a c k s . WRITE HERE YOUR GREAT AND NICE Y O U C A N W R I T E H E R E A company is an association or collection of individuals, whether natural persons, legal persons, or a mixture of both.
32 CT Monitoring Spam Detector Whale CSD Logs User Logs Detect newly created phishing domains early through certificate transparency monitoring. P h i s h i n g D o m a i n Record and analyze phishing site information detected by the Whale browser (client side). P h i s h i n g U R L Categorize phishing mail among spam mails reported by users and extract phishing URLs. P h i s h i n g M a i l & U R L Analyze logs for suspected attackers to prepare for future phishing attacks. A d v e r s a r y P r o f i l e N A P S System Overview N a v e r A n t i P h i s h i n g S y s t e m
33 CT Monitoring N a v e r A n t i P h i s h i n g S y s t e m W h e n a u s e r r e q u e s t s a n S S L / T L S c e r t i f i c a t e , a C A m u s t ( f r o m A p r i l 1 , 2 0 1 8 ) s u b m i t t h e c e r t i f i c a t e d e t a i l s t o a C T l o g . Factors Risk Score Example Suspicious TLD Navers.co.{in} TLD as Domain Naver.{com}.co Brand Keyword {nid.naver.com}.de Suspicious Keyword {nid}.never-{cloud}ing.com Domain Squatting Members.{never}.com # of Hyphens {nid.naver.com-user06-nidlogin}.me # of Sub Domains naver{.}nid{.}coms{.}party Free Certificate Let’s Encrypt or Zero SSL C a l c u l a t e C h e c k P h i s h i n g R e g i s t e r t o B l a c k l i s t
34 Spam Detector N a v e r A n t i P h i s h i n g S y s t e m A m o n g s p a m e m a i l s r e p o r t e d b y u s e r s , s u s p e c t e d p h i s h i n g e m a i l s a r e c l a s s i f i e d a n d a n a l y z e d b y t h e s e c u r i t y t e a m . S e n d a p h i s h i n g m a i l S P A M D B R e p o r t ! K e y w o r d _ A K e y w o r d _ C K e y w o r d _ B K e y w o r d _ E K e y w o r d _ D K e y w o r d _ F K e y w o r d _ G K e y w o r d _ H C h e c k P h i s h i n g R e g i s t e r t o B l a c k l i s t
35 Whale CSD Logs N a v e r A n t i P h i s h i n g S y s t e m T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . P h i s h i n g F e a t u r e E x t r a c t i o n C h e c k P h i s h i n g R e g i s t e r t o B l a c k l i s t
36 Profiling Adversary N a v e r A n t i P h i s h i n g S y s t e m T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . S M T P S e r v e r I n f o . F r o m A d d r e s s ( S e n d e r ) T a r g e t A d d r e s s ( R e c e i v e r ) … H o s t i n g S e r v e r I n f o . P r o x y S e r v e r I n f o . P a s s i v e D N S … M a k e a p r o f i l e o f A d v e r s a r y G r o u p A G r o u p B G r o u p C M a t c h N e w P h i s h i n g D e t e c t e d
37 Break the Chain P r e v e n t i o n B y a n a l y z i n g t h e e l e m e n t s o f e a c h s t a g e o f a p h i s h i n g a t t a c k a n d b r e a k i n g t h e l i n k , w e p r e v e n t t h e s p r e a d o f d a m a g e . • Block targeted phishing attacks • prevent the spread of victims Block Phishing Mails Block Phishing URLs Victim Protection Improve Usable Security • Block users accessing phishing URLs • Account protection and information leakage prevention for phishing victim accounts • Increase user awareness of phishing attacks
38 Break the Chain P r e v e n t i o n B y a n a l y z i n g t h e e l e m e n t s o f e a c h s t a g e o f a p h i s h i n g a t t a c k a n d b r e a k i n g t h e l i n k , w e p r e v e n t t h e s p r e a d o f d a m a g e . Attacker Blocked @ Google Safe Browsing Blacklisted D-Day D+7 (Average) Phishing Campaign Start Now Other Browsers Detect As Phishing Site Phish! @ NAPS in 24 Hours Detected by Naver Safe Browsing Blocked D+1 (Average)
39 Victim Recognition and Protection P r e v e n t i o n T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . F o r w a r d C r e d e n t i a l I n p u t C r e d e n t i a l F o r w a r d C r e d e n t i a l R e s p o n s e S e s s i o n L o g g i n g C r e d e n t i a l i f r e s p o n s e i s O K P h i s h i n g S i t e ( P r o x y ) h t t p s : / / w w w . n a v e r . c o m V i c t i m H o s t i n g A d d r e s s x . x . x . x y . y . y . y z . z . z . z L o g i n H i s t o r y v i c t i m _ 0 0 1 : x . x . x . x v i c t i m _ 0 0 2 : x . x . x . x v i c t i m _ 0 0 3 : x . x . x . x V i c t i m R e c h o g n i t i o n V e r i f i c a t i o n & P r o t e c t i o n
40 NAVER Safe Browsing P r e v e n t i o n T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . CT Monitoring Spam Detector Whale CSD Logs User Logs N A P S + Block Naver Phishing
41 NAVER Safe Browsing with Whale P r e v e n t i o n O t h e r b r o w s e r s c a n n o t d e t e c t N a v e r p h i s h i n g w i t h t h e d e t e c t i o n b y p a s s t e c h n i q u e a p p l i e d . W h a l e i s p o s s i b l e , b e c a u s e w e h a v e a t e a m t h a t s p e c i a l i z e s i n a n a l y z i n g a n d r e s p o n d i n g t o N a v e r p h i s h i n g . S a f a r i , E d g e , E t c . N a v e r W h a l e <
42 Strengthen warning messages when accessing phishing sites C h a n g e t h e W a r n i n g S c r e e n Provides notification when user security anomalies are detected E n h a n c e d S e c u r i t y A l e r t Conduct security enhancement campaigns to prevent phishing S e c u r i t y C a m p a i g n Our security and service teams are collaborating to improve usable security, and the results are continuously reflected in our services. User Interface Improvements P r e v e n t i o n W e a r e i m p r o v i n g t h e u s e r i n t e r f a c e t o i n f o r m u s e r s a b o u t p h i s h i n g s i t e s . A S - I S T o - B E
43 OUR LATEST ACHIEVEMENTS IN NUMBERS P r e v e n t i o n T h e N a v e r S e c u r i t y T e a m i s c o n t i n u o u s l y r e s e a r c h i n g p h i s h i n g a t t a c k s a n d a c t i v e l y r e s p o n d i n g t o t h e m . 8000+ Registered @ Naver Safe Browsing Naver Phishing 400K+ Blocked Proactively Phishing Mail 1M+ Blocked by Naver Safe Browsing Phishing URLs 5+ Utilize Phishing Data APPS
44 C a s e A n a l y s i s 1 : D a r k w e b C a s e A n a l y s i s 1 : K a k a o t a l k M a l w a r e a n d P h i s h i n g How to Utilize CTI F i s h i n g t h e P h i s h e r s Photo by AbsolutVision on Unsplash
45 We are monitoring various channels to protect Naver accounts from being leaked on the Internet. We protect leaked accounts by analyzing information collected from OSINT, Telegram, etc. In addition, accounts leaked on darkweb or leaked by malware are monitored and protected. Behind the Scene to Protect Users D a r k w e b Photo by Ryoji Iwata on Unsplash u s e r 0 0 1 / q w e 1 2 3 4 ~ ! u s e r 0 0 2 / u s e r ! @ u s e r 0 0 3 / p a s s c o d e # @
46 CTI Information Sharing K a k a o t a l k m a l w a r e a n d P h i s h i n g T h r o u g h r a p i d i n f o r m a t i o n s h a r i n g , i t i s p o s s i b l e t o a n a l y z e a n d r e s p o n d t o r i s k f a c t o r s t h a t m a y o c c u r i n N a v e r .
47 R e a l - w o r l d P r o b l e m N e x t S t e p Discussion & Future work F i s h i n g t h e P h i s h e r s Photo by AbsolutVision on Unsplash
48 Why Don’t We Cooperate? R e a l - W o r l d P r o b l e m I n o r d e r t o r e s p o n d t o p h i s h i n g i n t h e r e g i o n , i n c l u d i n g N a v e r , c o o p e r a t i o n a n d i n f o r m a t i o n s h a r i n g a r e e s s e n t i a l . I n v e s t i g a t i o n o f h a c k e d s e r v e r s It should be possible to quickly retrieve the phishing victim accounts collected by the attacker. I n v e s t i g a t i o n o f s c a m m e r s It is necessary to investigate fraudsters who steal not only accounts, but also personal information and money. s h a r i n g o f p h i s h i n g i n f o r m a t i o n Collaborative response is needed rather than individual battles Photo by Aubrey Odom-Mabey on Unsplash
49 The More We Care, The Safer Naver is N e x t S t e p W e a r e r e s e a r c h i n g p h i s h i n g a t t a c k s a n d w o r k i n g h a r d t o r e f l e c t t h e m i n o u r s e r v i c e . E x p a n d i n g S a f e B r o w s i n g Building a safe service ecosystem from phishing C o o p e r a t i o n w i t h … Organization, Internet company, T.I, Etc. R e s e a r c h & D e v e l o p m e n t Phishing analysis and response automation Photo by Kelly Sikkema on Unsplash
50 Conclusion F i s h i n g t h e P h i s h e r s Photo by AbsolutVision on Unsplash
51 GET IN TOUCH WITH US L O C A T I O N NA V ER 17 84 C O N T A C T M E j un e .park@n ave rc orp.c om

Empfohlen

Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligenceabhisheksinghcs
 
malware analysis
malware analysismalware analysis
malware analysis20CS201AkashR
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware AnalysisAlbert Hui
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Secure Coding and Threat Modeling
Secure Coding and Threat ModelingSecure Coding and Threat Modeling
Secure Coding and Threat ModelingMiriam Celi, CISSP, GISP, MSCS, MBA
 
Steganography
Steganography Steganography
Steganography Humajabeen31
 

Empfohlen

Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligenceabhisheksinghcs
 
malware analysis
malware analysismalware analysis
malware analysis20CS201AkashR
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware AnalysisAlbert Hui
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Secure Coding and Threat Modeling
Secure Coding and Threat ModelingSecure Coding and Threat Modeling
Secure Coding and Threat ModelingMiriam Celi, CISSP, GISP, MSCS, MBA
 
Steganography
Steganography Steganography
Steganography Humajabeen31
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
OpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxOpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxanonymousanonymous428352
 
Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Brent Muir
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing RansomwareNapier University
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101Digit Oktavianto
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Data governance, Information security strategy
Data governance, Information security strategyData governance, Information security strategy
Data governance, Information security strategyvasanthi4ever
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Encase Forensic
Encase ForensicEncase Forensic
Encase ForensicMegha Sahu
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101Narudom Roongsiriwong, CISSP
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Wise Person
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyMehrdad Jingoism
 

Weitere ähnliche Inhalte

Was ist angesagt?

Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Brent Muir
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Data governance, Information security strategy
Data governance, Information security strategyData governance, Information security strategy
Data governance, Information security strategyvasanthi4ever
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Encase Forensic
Encase ForensicEncase Forensic
Encase ForensicMegha Sahu
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 

Was ist angesagt? (20)

Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 
OpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxOpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptx
 
Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS Defending Against the Dark Arts of LOLBINS
Defending Against the Dark Arts of LOLBINS
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Data governance, Information security strategy
Data governance, Information security strategyData governance, Information security strategy
Data governance, Information security strategy
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detection
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Encase Forensic
Encase ForensicEncase Forensic
Encase Forensic
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 

Ähnlich wie Analysis of Regional Phishing Attack

Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Wise Person
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyMehrdad Jingoism
 
Ceh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsCeh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsMehrdad Jingoism
 
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018Sri Ambati
 
Cisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itCisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itShivamSharma909
 
The evolution of the internet
The evolution of the internetThe evolution of the internet
The evolution of the internetRachelQuince
 
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamCYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamUniversity of Hertfordshire
 
Presentation Tariff Guide for Telecom Consumers
Presentation Tariff Guide for Telecom ConsumersPresentation Tariff Guide for Telecom Consumers
Presentation Tariff Guide for Telecom Consumersmrkhanlodhi
 
Blockchain. The silent revolution.
Blockchain. The silent revolution.Blockchain. The silent revolution.
Blockchain. The silent revolution.AURACHAIN
 
Managing a Crisis in the New World of Social Media
Managing a Crisis in the New World of Social MediaManaging a Crisis in the New World of Social Media
Managing a Crisis in the New World of Social Mediaali Bullock
 
Why Insight Engines Matter in 2020 and Beyond
Why Insight Engines Matter in 2020 and BeyondWhy Insight Engines Matter in 2020 and Beyond
Why Insight Engines Matter in 2020 and BeyondLucidworks
 
10 mobile business apps you should be using
10 mobile business apps you should be using10 mobile business apps you should be using
10 mobile business apps you should be usingBreanna Nathorst
 
Working Like a Network
Working Like a NetworkWorking Like a Network
Working Like a NetworkJonas Altman
 
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerCrypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerGreg Foss
 
Demonolithing The Monolith? Bullocks!
Demonolithing The Monolith? Bullocks!Demonolithing The Monolith? Bullocks!
Demonolithing The Monolith? Bullocks!Scott Sosna
 
Maurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_ThreatsMaurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_ThreatsMaurizio Taffone
 

Ähnlich wie Analysis of Regional Phishing Attack (20)

Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptography
 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile World
 
Ceh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsCeh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoors
 
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018
 
Reddit Advertising
Reddit AdvertisingReddit Advertising
Reddit Advertising
 
Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer need
 
Cisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itCisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of it
 
The evolution of the internet
The evolution of the internetThe evolution of the internet
The evolution of the internet
 
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamCYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
 
Presentation Tariff Guide for Telecom Consumers
Presentation Tariff Guide for Telecom ConsumersPresentation Tariff Guide for Telecom Consumers
Presentation Tariff Guide for Telecom Consumers
 
Blockchain. The silent revolution.
Blockchain. The silent revolution.Blockchain. The silent revolution.
Blockchain. The silent revolution.
 
Managing a Crisis in the New World of Social Media
Managing a Crisis in the New World of Social MediaManaging a Crisis in the New World of Social Media
Managing a Crisis in the New World of Social Media
 
Why Insight Engines Matter in 2020 and Beyond
Why Insight Engines Matter in 2020 and BeyondWhy Insight Engines Matter in 2020 and Beyond
Why Insight Engines Matter in 2020 and Beyond
 
Croosing
Croosing Croosing
Croosing
 
10 mobile business apps you should be using
10 mobile business apps you should be using10 mobile business apps you should be using
10 mobile business apps you should be using
 
Working Like a Network
Working Like a NetworkWorking Like a Network
Working Like a Network
 
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerCrypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto Farmer
 
Demonolithing The Monolith? Bullocks!
Demonolithing The Monolith? Bullocks!Demonolithing The Monolith? Bullocks!
Demonolithing The Monolith? Bullocks!
 
Maurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_ThreatsMaurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_Threats
 

Kürzlich hochgeladen

Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 

Kürzlich hochgeladen (20)

Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 

Analysis of Regional Phishing Attack

  • 1. 1 A n a l y s i s o f R e g i o n a l P h i s h i n g A t t a c k F i s h i n g t h e P h i s h e r s Photo by Johannes Plenio on Unsplash J u n e P a r k @ N a v e r C o r p . [ S e c u r i t y ]
  • 2. 2 J u n e P a r k S e c u r i t y R e s e a r c h e r @ N A V E R C O R P . A b o u t M e - Security Research and Pentesting @ Samsung (10 years) - DEFCON 27 DEMO LABS (Mobile + Cloud Vuln.) - Interest : Phishing, App Security, Cloud Security - june.park@navercorp.com Journey to the Security Expert
  • 3. 3 AGENDA F i s h i n g t h e P h i s h e r s Global Phishing Attack Trends Why Phishing Attacks keep Growing I n t r o d u c t i o n Phishing Campaign Types Analysis of Adversarial Tactics R e g i o n a l P h i s h i n g L a n d s c a p e Previous Research and Limitations Why We Should Be Prepared for Regional Phishing Attack B a c k g r o u n d & M o t i v a t i o n NAVER Anti Phishing System Early Detection and Prevention Mitigation D e t e c t i o n a n d D e f e n s e
  • 4. 4 AGENDA F i s h i n g t h e P h i s h e r s C o n c l u s i o n Case Analysis 1 : Leak Accounts from Darkweb Case Analysis 2 : Kakaotalk Malware and Phishing H o w t o U t i l i z e C T I Real-World Limitations What We Do for Next? D i s c u s s i o n a n d F u t u r e W o r k
  • 5. 5 - Definition - Global Trends P h i s h i n g A t t a c k T r e n d s - Single Point of Failure - Low Effort High Impact W h y P h i s h i n g A t t a c k s k e e p G r o w i n g Introduction F i s h i n g t h e P h i s h e r s
  • 6. 6 h t t p s : / / f a n c i f u l - t a r s i e r - c 2 3 d 0 9 . n e t l i f y . a p p [ N O T N A V E R . C O M ] A c c o u n t L e a k P e r s o n a l D a t a L e a k P r e p a r e N e w A t t a c k I n p u t L o g i n C r e d e n t i a l C r e d e n t i a l D e l i v e r e d T o H a c k e r s Collect and Sell (Dark-Market) Emails, Files in Cloud Contacts, Etc. Abuse the Service Abuse the Account
  • 7. 7 Phishing Reaches All-Time High in Early 2022 I n t h e f i r s t q u a r t e r o f 2 0 2 2 , A P W G o b s e r v e d 1 , 0 2 5 , 9 6 8 t o t a l p h i s h i n g a t t a c k s . T h i s w a s t h e w o r s t q u a r t e r f o r p h i s h i n g t h a t A P W G h a s e v e r o b s e r v e d , a n d t h e f i r s t t i m e t h a t t h e q u a r t e r l y t o t a l h a s e x c e e d e d o n e m i l l i o n P h ish in g At t a cks, 2 Q2 0 2 1 ~ 1 Q2 0 2 2 b y A P W G G l o b a l T r e n d s
  • 8. 8 FBI Crime Report 2020 - 2021 The type of cybercrime with the most victims in 2020 was phishing. In 2021, this trend also continued, resulting in the largest number of victims by phishing. G l o b a l T r e n d s Photo by Setyaki Irham on Unsplash
  • 9. 9 Single Point of Failure W h y P h i s h i n g A t t a c k s k e e p G r o w i n g On the portal site, users can use all detailed services with a single log-in. Paradoxically, this presents an opportunity for hackers. V i c t i m ’ s C r e d e n t i a l ( S i n g l e P o i n t ) H a c k e r s H a c k e r s T a k e A l l
  • 10. 10 Low Effort Phishing attacks are less difficult than malware or zero-day exploit attacks. High Impact However, the benefits of successful phishing attacks are huge. P h o t o b y D r e w C o f f m a n o n U n s p l a s h P h o t o b y S h a n e o n U n s p l a s h
  • 11. 11 - Inferring Phishing Intention via Webpage Appearance and Dynamics - Google Safe Browsing with ML P r e v i o u s R e s e a r c h - Limitations - Blacklist - Limitations – Adversary’s Tactics - No One Knows Better than You B e P r e p a r e d f o r R e g i o n a l P h i s h i n g Background & Motivation F i s h i n g t h e P h i s h e r s Photo by Aaron Huber on Unsplash
  • 12. 12 Inferring Phishing Intention via Webpage Appearance and Dynamics ( U S E N I X 2 0 2 2 ) P r e v i o u s R e s e a r c h AWL describing the regions and positions of UI components A b s t r a c t W e b p a g e L a y o u t build a CRP classifier that takes the screenshot and the AWL as input, and classifies whether the webpage requires user credentials. C R P C l a s s i f i c a t i o n Emulating user clicks on the reported links/buttons, and retrieve new redirected URLs along with their screenshots and HTML codes C R P T r a n s i t i o n L o c a t i o n
  • 13. 13 Building a more helpful browser with machine learning ( G o o g l e S e c u r i t y ) P r e v i o u s R e s e a r c h identifies 2.5 times more potentially malicious sites and phishing attacks as the previous model R o l l e d O u t a N e w M L M o d e l Chrome predicts when permission prompts are unlikely to be granted based on how the user previously interacted with similar permission prompts, and silences these undesired prompts. I m p r o v e T h e B r o w s i n g E x p e r i e n c e ,
  • 14. 14 But, Why Browser Fail to Detect B e P r e p a r e d f o r R e g i o n a l P h i s h i n g D e t e c t i o n t e c h n i q u e s a r e e v o l v i n g , b u t d e t e c t i o n r a t e s f o r r e g i o n a l p h i s h i n g a r e s t i l l i n s u f f i c i e n t . C h r o m e , E d g e S a f a r i , E t c .
  • 15. 15 Attacker Victims @ Google Safe Browsing Blacklisted D-Day D+7 (Average) Phishing Campaign Start Limitations - Blacklist B e P r e p a r e d f o r R e g i o n a l P h i s h i n g I t t a k e s a n a v e r a g e o f 7 d a y s f o r p h i s h i n g a t t a c k s t o b e b l a c k l i s t e d . Browsers Don’t Detect Now Browsers Detect As Phishing Site Victims
  • 16. 16 • I P B l a c k l i s t • U s e r - A g e n t C h e c k i n g • R e f e r r e r C h e c k i n g • P a r a m e t e r C h e c k i n g Limitations – Adversary’s Tactics B e P r e p a r e d f o r R e g i o n a l P h i s h i n g Y o u w a n t t o d i s c o v e r p h i s h i n g s i t e B u t , Y o u w i l l s e e G o o g l e B y p a s s i n g t e c h n i q u e s Attackers utilize bypassing techniques not to be captured by phishing hunters.
  • 17. 17 “No One Knows Your Brand Better than You” T h a t ’ s w h y W e S t u d y N a v e r P h i s h i n g
  • 18. 18 - 3 Types of Phishing P h i s h i n g C a m p a i g n T y p e s - Sophisticated Phishing - Domain Squatting with HTTPS - Phishing Emails with Social Engineering - Credential Redirection - Circumventing Techniques A n a l y s i s o f A d v e r s a r i a l T a c t i c s Regional Phishing Landscape F i s h i n g t h e P h i s h e r s Photo by Aaron Huber on Unsplash
  • 19. 19 The goal of this type is to steal information from the target. It uses social engineering techniques to lure victims to phishing sites. S o ph ist ica t ed P h ish in g Phishing pages are displayed only when accessed through the search engine. It is a phishing attack against an unspecified number of users. S ea rch Abuse P h ish in g It is a fraudulent method of stealing accounts and money by luring victims after registering false sales in the ”Joonggonara Café” Jo o n g g o n a ra P h ish in g 3 Types of Phishing P h i s h i n g C a m p a i g n T y p e s
  • 20. 20 Build Phishing Site STAGE A Send Phishing Emails STAGE B Account Hijacking STAGE C Steal Information STAGE D [1] Sophisticated Phishing -Attack Flow A n a l y s i s o f A d v e r s a r i a l T a c t i c s Adversary’s Tactics • Domain Squatting • Free TLS Certificates • Collecting Emails • Social Engineering • Credential Redirection with Proxy Configuration • Change Security Setting • IMAP/POP3 Setting A s t h e m o s t s o p h i s t i c a t e d t y p e o f p h i s h i n g a t t a c k , v a r i o u s t e c h n i q u e s a r e u s e d t o i n c r e a s e t h e a t t a c k s u c c e s s r a t e .
  • 21. 21 A n a l y s i s o f A d v e r s a r i a l T a c t i c s Registering domains similar to Naver, causing the victim to recognize the phishing site as normal. • navers.co.in • help-navers.com • account.nhn-signer.kro.kr • nid.naversec.o-r.kr • nidserver.naverrer.com D o m a i n S q u a t t i n g E x a m p l e + = Attackers implement HTTPS phishing sites using free certificates. It allows an adversary to avoid a browser warning of missing a valid certificates. [1] Sophisticated Phishing -Domain Squatting with HTTPS
  • 22. 22 A n a l y s i s o f A d v e r s a r i a l T a c t i c s [1] Sophisticated Phishing -Phishing Emails with Social Eng. most of the email titles include attention-grabbing information. T o l u r e v i c t i m s
  • 23. 23 A n a l y s i s o f A d v e r s a r i a l T a c t i c s [1] Sophisticated Phishing -Credential Redirection F o r w a r d C r e d e n t i a l I n p u t C r e d e n t i a l F o r w a r d C r e d e n t i a l R e s p o n s e S e s s i o n L o g g i n g C r e d e n t i a l i f r e s p o n s e i s O K P h i s h i n g S i t e ( P r o x y ) h t t p s : / / w w w . n a v e r . c o m V i c t i m P r o x y c o n f i g u r a t i o n f o r r e d i r e c t i n g a v i c t i m ' s c r e d e n t i a l . A n a t t a c k e r o b t a i n s a w o r k i n g c r e d e n t i a l w h e n a v i c t i m h a s s u c c e s s f u l l y s i g n e d i n a t a r g e t w e b s i t e .
  • 24. 24 A n a l y s i s o f A d v e r s a r i a l T a c t i c s [1] Sophisticated Phishing - Circumventing Techniques A t t a c k e r s u t i l i z e b y p a s s i n g t e c h n i q u e s n o t t o b e c a p t u r e d b y p h i s h i n g h u n t e r s . p h i s h i n g s i t e c a n b e a c c e s s i b l e s o l e l y w h e n a c e r t a i n c o n d i t i o n i s m e t w h e r e a n e m p t y p a g e o r a r b i t r a r y w e b s i t e w o u l d b e r e t u r n e d / r e d i r e c t e d o t h e r w i s e . N o R e f e r r e r : R e d i r e c t t o G o o g l e N o P a r a m e t e r s : 4 0 4 n o t f o u n d P a r a m e t e r + R e f e r r e r : P h i s h i n g
  • 25. 25 [2] Search Abuse Phishing -Script Call Chaining A n a l y s i s o f A d v e r s a r i a l T a c t i c s A t t a c k e r s p l a n t m a l i c i o u s s c r i p t s o n h a c k e d s e r v e r s a n d d e s i g n t h e m t o b e c a l l e d i n a c h a i n . S i t e A S i t e c C o m p r o m i s e d … S i t e B a a . c o m / j s _ c o m m o n . j s b b . c o m / l o g i n . j s c c . c o m / l o g i n . p h p 2 - 1 . C a l l 2 - 2 , C a l l 1 . S e a r c h & F o l l o w L i n k s 2 - 3 . C a l l 3 . R e t u r n P h i s h i n g P a g e S i t e D 4 . S e n d C r e d e n t i a l s C o m p r o m i s e d P h i s h i n g S h o w u p w i t h < i f r a m e > p o p - u p I n s o m e c a s e s , c r e d e n t i a l s a r e e n c r y p t e d ( R S A ) b l a h b l a h . t x t
  • 26. 26 [2] Search Abuse Phishing - Circumventing Techniques A n a l y s i s o f A d v e r s a r i a l T a c t i c s p h i s h i n g s i t e c a n b e a c c e s s i b l e s o l e l y w h e n a c e r t a i n c o n d i t i o n i s m e t R e f e r r e r C h e c k ( I f v i c t i m s f o l l o w e d s e a r c h e n g i n e l i n k s ) C o o k i e C h e c k ( P h i s h i n g o n l y w o r k s o n f i r s t v i s i t ) T i m e C h e c k ( P h i s h i n g o n l y w o r k s a t s p e c i f i e d t i m e ) C r e d e n t i a l E n c r y p t i o n ( T o d i s r u p t a c c o u n t p r o t e c t i o n a c t i v i t i e s ) Phishing works If all conditions are met
  • 27. 27 [2] Search Abuse Phishing -Social Engineering A n a l y s i s o f A d v e r s a r i a l T a c t i c s I n o r d e r t o l u r e a s m a n y v i c t i m s a s p o s s i b l e t o p h i s h i n g s i t e s , a t t a c k e r s h a c k e d s i t e s t h a t c o u l d b e t r e n d i n g a n d u s e d t h e m f o r p h i s h i n g . JANUARY FEBRUARY MARCH APRIL MAY JUNE Popular topics can be targeted by hackers. P O P U L A R I T Y
  • 28. 28 [3] Joonggonara Phishing -Attack Flow A n a l y s i s o f A d v e r s a r i a l T a c t i c s 1 . R e g i s t e r B a i t I t e m s 2 . C o n t a c t C o n t a c t m e v i a K a k a o t a l k 3 . A c t i v a t e & D e l i v e r P h i s h i n g U R L 4 . I n p u t C r e d e n t i a l s T h e p h i s h i n g k i t o f f e r s a n a u t o m a t i o n o f t h e w h o l e p h i s h i n g p r o c e s s i n g i n c l u d i n g t h e p r e p a r a t i o n o f a p h i s h i n g w e b s i t e . s e n s i t i v e i n f o r m a t i o n o b t a i n e d f r o m t h e v i c t i m c a n b e c o m p r o m i s e d f o r a p h i s h i n g a t t a c k i n t h e f u t u r e .
  • 29. 29 [3] Joonggonara Phishing -Hit and Run A n a l y s i s o f A d v e r s a r i a l T a c t i c s 2 . C o n t a c t 3 . A c t i v a t e & D e l i v e r P h i s h i n g U R L 4 . I n p u t C r e d e n t i a l s P h i s h i n g U R L i s a v a i l a b l e f o r o n l y f e w m i n u t e s
  • 30. 30 - Mission & Goal - System Overview - Certificate Transparency Monitoring - Spam Detector - Whale CSD (Client-Side Detection) - Profiling Adversary N A V E R A n t i P h i s h i n g S y s t e m - Break the Chain - Victim Recognition and Protection - NAVER Safe Browsing - APWG - User Interface Improvements P r e v e n t i o n Detection & Defense F i s h i n g t h e P h i s h e r s Photo by charlesdeluvio on Unsplash
  • 31. 31 Mission & Goal N A V E R A n t i P h i s h i n g S y s t e m O u r m i s s i o n i s t o d e t e c t N a v e r p h i s h i n g a s q u i c k l y a s p o s s i b l e a n d t o p r o t e c t u s e r s f r o m v a r i o u s p h i s h i n g a t t a c k s . WRITE HERE YOUR GREAT AND NICE Y O U C A N W R I T E H E R E A company is an association or collection of individuals, whether natural persons, legal persons, or a mixture of both.
  • 32. 32 CT Monitoring Spam Detector Whale CSD Logs User Logs Detect newly created phishing domains early through certificate transparency monitoring. P h i s h i n g D o m a i n Record and analyze phishing site information detected by the Whale browser (client side). P h i s h i n g U R L Categorize phishing mail among spam mails reported by users and extract phishing URLs. P h i s h i n g M a i l & U R L Analyze logs for suspected attackers to prepare for future phishing attacks. A d v e r s a r y P r o f i l e N A P S System Overview N a v e r A n t i P h i s h i n g S y s t e m
  • 33. 33 CT Monitoring N a v e r A n t i P h i s h i n g S y s t e m W h e n a u s e r r e q u e s t s a n S S L / T L S c e r t i f i c a t e , a C A m u s t ( f r o m A p r i l 1 , 2 0 1 8 ) s u b m i t t h e c e r t i f i c a t e d e t a i l s t o a C T l o g . Factors Risk Score Example Suspicious TLD Navers.co.{in} TLD as Domain Naver.{com}.co Brand Keyword {nid.naver.com}.de Suspicious Keyword {nid}.never-{cloud}ing.com Domain Squatting Members.{never}.com # of Hyphens {nid.naver.com-user06-nidlogin}.me # of Sub Domains naver{.}nid{.}coms{.}party Free Certificate Let’s Encrypt or Zero SSL C a l c u l a t e C h e c k P h i s h i n g R e g i s t e r t o B l a c k l i s t
  • 34. 34 Spam Detector N a v e r A n t i P h i s h i n g S y s t e m A m o n g s p a m e m a i l s r e p o r t e d b y u s e r s , s u s p e c t e d p h i s h i n g e m a i l s a r e c l a s s i f i e d a n d a n a l y z e d b y t h e s e c u r i t y t e a m . S e n d a p h i s h i n g m a i l S P A M D B R e p o r t ! K e y w o r d _ A K e y w o r d _ C K e y w o r d _ B K e y w o r d _ E K e y w o r d _ D K e y w o r d _ F K e y w o r d _ G K e y w o r d _ H C h e c k P h i s h i n g R e g i s t e r t o B l a c k l i s t
  • 35. 35 Whale CSD Logs N a v e r A n t i P h i s h i n g S y s t e m T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . P h i s h i n g F e a t u r e E x t r a c t i o n C h e c k P h i s h i n g R e g i s t e r t o B l a c k l i s t
  • 36. 36 Profiling Adversary N a v e r A n t i P h i s h i n g S y s t e m T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . S M T P S e r v e r I n f o . F r o m A d d r e s s ( S e n d e r ) T a r g e t A d d r e s s ( R e c e i v e r ) … H o s t i n g S e r v e r I n f o . P r o x y S e r v e r I n f o . P a s s i v e D N S … M a k e a p r o f i l e o f A d v e r s a r y G r o u p A G r o u p B G r o u p C M a t c h N e w P h i s h i n g D e t e c t e d
  • 37. 37 Break the Chain P r e v e n t i o n B y a n a l y z i n g t h e e l e m e n t s o f e a c h s t a g e o f a p h i s h i n g a t t a c k a n d b r e a k i n g t h e l i n k , w e p r e v e n t t h e s p r e a d o f d a m a g e . • Block targeted phishing attacks • prevent the spread of victims Block Phishing Mails Block Phishing URLs Victim Protection Improve Usable Security • Block users accessing phishing URLs • Account protection and information leakage prevention for phishing victim accounts • Increase user awareness of phishing attacks
  • 38. 38 Break the Chain P r e v e n t i o n B y a n a l y z i n g t h e e l e m e n t s o f e a c h s t a g e o f a p h i s h i n g a t t a c k a n d b r e a k i n g t h e l i n k , w e p r e v e n t t h e s p r e a d o f d a m a g e . Attacker Blocked @ Google Safe Browsing Blacklisted D-Day D+7 (Average) Phishing Campaign Start Now Other Browsers Detect As Phishing Site Phish! @ NAPS in 24 Hours Detected by Naver Safe Browsing Blocked D+1 (Average)
  • 39. 39 Victim Recognition and Protection P r e v e n t i o n T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . F o r w a r d C r e d e n t i a l I n p u t C r e d e n t i a l F o r w a r d C r e d e n t i a l R e s p o n s e S e s s i o n L o g g i n g C r e d e n t i a l i f r e s p o n s e i s O K P h i s h i n g S i t e ( P r o x y ) h t t p s : / / w w w . n a v e r . c o m V i c t i m H o s t i n g A d d r e s s x . x . x . x y . y . y . y z . z . z . z L o g i n H i s t o r y v i c t i m _ 0 0 1 : x . x . x . x v i c t i m _ 0 0 2 : x . x . x . x v i c t i m _ 0 0 3 : x . x . x . x V i c t i m R e c h o g n i t i o n V e r i f i c a t i o n & P r o t e c t i o n
  • 40. 40 NAVER Safe Browsing P r e v e n t i o n T h e C S D f e a t u r e o f t h e W h a l e b r o w s e r h e l p s c l i e n t s d e t e c t a n d b l o c k p h i s h i n g , e v e n i f t h e p h i s h i n g s i t e i s n o t b l a c k l i s t e d . CT Monitoring Spam Detector Whale CSD Logs User Logs N A P S + Block Naver Phishing
  • 41. 41 NAVER Safe Browsing with Whale P r e v e n t i o n O t h e r b r o w s e r s c a n n o t d e t e c t N a v e r p h i s h i n g w i t h t h e d e t e c t i o n b y p a s s t e c h n i q u e a p p l i e d . W h a l e i s p o s s i b l e , b e c a u s e w e h a v e a t e a m t h a t s p e c i a l i z e s i n a n a l y z i n g a n d r e s p o n d i n g t o N a v e r p h i s h i n g . S a f a r i , E d g e , E t c . N a v e r W h a l e <
  • 42. 42 Strengthen warning messages when accessing phishing sites C h a n g e t h e W a r n i n g S c r e e n Provides notification when user security anomalies are detected E n h a n c e d S e c u r i t y A l e r t Conduct security enhancement campaigns to prevent phishing S e c u r i t y C a m p a i g n Our security and service teams are collaborating to improve usable security, and the results are continuously reflected in our services. User Interface Improvements P r e v e n t i o n W e a r e i m p r o v i n g t h e u s e r i n t e r f a c e t o i n f o r m u s e r s a b o u t p h i s h i n g s i t e s . A S - I S T o - B E
  • 43. 43 OUR LATEST ACHIEVEMENTS IN NUMBERS P r e v e n t i o n T h e N a v e r S e c u r i t y T e a m i s c o n t i n u o u s l y r e s e a r c h i n g p h i s h i n g a t t a c k s a n d a c t i v e l y r e s p o n d i n g t o t h e m . 8000+ Registered @ Naver Safe Browsing Naver Phishing 400K+ Blocked Proactively Phishing Mail 1M+ Blocked by Naver Safe Browsing Phishing URLs 5+ Utilize Phishing Data APPS
  • 44. 44 C a s e A n a l y s i s 1 : D a r k w e b C a s e A n a l y s i s 1 : K a k a o t a l k M a l w a r e a n d P h i s h i n g How to Utilize CTI F i s h i n g t h e P h i s h e r s Photo by AbsolutVision on Unsplash
  • 45. 45 We are monitoring various channels to protect Naver accounts from being leaked on the Internet. We protect leaked accounts by analyzing information collected from OSINT, Telegram, etc. In addition, accounts leaked on darkweb or leaked by malware are monitored and protected. Behind the Scene to Protect Users D a r k w e b Photo by Ryoji Iwata on Unsplash u s e r 0 0 1 / q w e 1 2 3 4 ~ ! u s e r 0 0 2 / u s e r ! @ u s e r 0 0 3 / p a s s c o d e # @
  • 46. 46 CTI Information Sharing K a k a o t a l k m a l w a r e a n d P h i s h i n g T h r o u g h r a p i d i n f o r m a t i o n s h a r i n g , i t i s p o s s i b l e t o a n a l y z e a n d r e s p o n d t o r i s k f a c t o r s t h a t m a y o c c u r i n N a v e r .
  • 47. 47 R e a l - w o r l d P r o b l e m N e x t S t e p Discussion & Future work F i s h i n g t h e P h i s h e r s Photo by AbsolutVision on Unsplash
  • 48. 48 Why Don’t We Cooperate? R e a l - W o r l d P r o b l e m I n o r d e r t o r e s p o n d t o p h i s h i n g i n t h e r e g i o n , i n c l u d i n g N a v e r , c o o p e r a t i o n a n d i n f o r m a t i o n s h a r i n g a r e e s s e n t i a l . I n v e s t i g a t i o n o f h a c k e d s e r v e r s It should be possible to quickly retrieve the phishing victim accounts collected by the attacker. I n v e s t i g a t i o n o f s c a m m e r s It is necessary to investigate fraudsters who steal not only accounts, but also personal information and money. s h a r i n g o f p h i s h i n g i n f o r m a t i o n Collaborative response is needed rather than individual battles Photo by Aubrey Odom-Mabey on Unsplash
  • 49. 49 The More We Care, The Safer Naver is N e x t S t e p W e a r e r e s e a r c h i n g p h i s h i n g a t t a c k s a n d w o r k i n g h a r d t o r e f l e c t t h e m i n o u r s e r v i c e . E x p a n d i n g S a f e B r o w s i n g Building a safe service ecosystem from phishing C o o p e r a t i o n w i t h … Organization, Internet company, T.I, Etc. R e s e a r c h & D e v e l o p m e n t Phishing analysis and response automation Photo by Kelly Sikkema on Unsplash
  • 50. 50 Conclusion F i s h i n g t h e P h i s h e r s Photo by AbsolutVision on Unsplash
  • 51. 51 GET IN TOUCH WITH US L O C A T I O N NA V ER 17 84 C O N T A C T M E j un e .park@n ave rc orp.c om