a broad view of the ecosystem of socially engineered
play

A Broad View of the Ecosystem of Socially Engineered Exploit - PowerPoint PPT Presentation

Sep 14, 2022 •243 likes •1.11k views

A Broad View of the Ecosystem of Socially Engineered Exploit Documents Stevens Le Blond, Cdric Gilbert, Utkarsh Upadhyay, Manuel Gomez Rodriguez and David Choffnes Challenges with measuring targeted attacks Low-volume, socially

  1. A Broad View of the Ecosystem of 
 Socially Engineered Exploit Documents Stevens Le Blond, Cédric Gilbert, Utkarsh Upadhyay, Manuel Gomez Rodriguez and David Choffnes

  2. Challenges with measuring targeted attacks • Low-volume, socially engineered messages that convince 
 specific victims to install malware 2

  3. Challenges with measuring targeted attacks • Low-volume, socially engineered messages that convince 
 specific victims to install malware • Three studies published at Usenix Security’14 • Tibet (Hardy et al.), Middle East (Marczak et al.), and Uyghur (Le Blond et al.) 2

  4. Challenges with measuring targeted attacks • Low-volume, socially engineered messages that convince 
 specific victims to install malware • Three studies published at Usenix Security’14 • Tibet (Hardy et al.), Middle East (Marczak et al.), and Uyghur (Le Blond et al.) 2

  5. Challenges with measuring targeted attacks • Low-volume, socially engineered messages that convince 
 specific victims to install malware • Three studies published at Usenix Security’14 • Tibet (Hardy et al.), Middle East (Marczak et al.), and Uyghur (Le Blond et al.) ? 2

  6. Challenges with measuring targeted attacks • Low-volume, socially engineered messages that convince 
 specific victims to install malware • Three studies published at Usenix Security’14 • Tibet (Hardy et al.), Middle East (Marczak et al.), and Uyghur (Le Blond et al.) ? Measuring targeted attacks 
 is a long and difficult process 2

  7. Can Anti-Virus Aggregators (VirusTotal) help? 3

  8. Can Anti-Virus Aggregators (VirusTotal) help? 3

  9. Can Anti-Virus Aggregators (VirusTotal) help? 3

  10. Can Anti-Virus Aggregators (VirusTotal) help? 3

  11. VirusTotal Statistics (one week) 4

  12. VirusTotal Statistics (one week) 4

  13. VirusTotal Statistics (one week) 4

  14. VirusTotal Statistics (one week) 4

  15. VirusTotal Statistics (one week) 4

  16. VirusTotal Statistics (one week) 4

  17. VirusTotal as a vantage point 
 to measure targeted attacks 5

  18. VirusTotal as a vantage point 
 to measure targeted attacks 5

  19. VirusTotal as a vantage point 
 to measure targeted attacks 5

  20. VirusTotal as a vantage point 
 to measure targeted attacks 5

  21. Research questions • Do targeted groups upload exploit documents to VirusTotal? • Can we scale our analysis to hundreds of thousands of samples? • How do attacks faced by different groups compare with each other? • Is VirusTotal used by other actors such as attackers and researchers? 6

  22. Outline 1) Methodology 2) Analysis of exploit documents 3) Future work 7

  23. Exploit document infection process Exploit Decoy Malware 8

  24. Exploit document infection process Exploit Decoy Malware 8

  25. Exploit document infection process Exploit Decoy Malware 8

  26. Exploit document infection process Exploit Decoy Malware 8

  27. Data acquisition and processing workflow 9

  28. Data acquisition and processing workflow 9

  29. Can we scale our analysis to hundreds of thousands of samples? Acquisition 257,635 10

  30. Can we scale our analysis to hundreds of thousands of samples? Acquisition 257,635 10

  31. Can we scale our analysis to hundreds of thousands of samples? Acquisition 257,635 143 10

  32. Data acquisition and processing workflow 11

  33. Can we scale our analysis to hundreds of thousands of samples? Detection 257,635 143 12

  34. Can we scale our analysis to hundreds of thousands of samples? Detection Office w/ EMET Acrobat w/ EMET SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 VIII 2003 IX 2007 X 2010 XI 257,635 143 12

  35. Can we scale our analysis to hundreds of thousands of samples? Detection Office w/ EMET Acrobat w/ EMET SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 VIII 2003 IX 2007 X 2010 XI 257,635 143 12

  36. Can we scale our analysis to hundreds of thousands of samples? Detection Office w/ EMET Acrobat w/ EMET SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 VIII 2003 IX 2007 X 2010 XI 257,635 143 - 219,794 -29 37,841 114 12

  37. How many versions of 
 readers do we have to test? CDF # affected versions 13

  38. How many versions of 
 readers do we have to test? CDF # affected versions Few exploits are portable across all reader versions 13

  39. Data acquisition and processing workflow 14

  40. Can we scale our analysis to hundreds of thousands of samples? Extraction Office w/ EMET Acrobat w/ EMET SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 VIII 2003 IX 2007 X 2010 XI - 219,794 -29 257,635 143 37,841 114 15

  41. Can we scale our analysis to hundreds of thousands of samples? Extraction Office w/ driver Acrobat w/ driver Office w/ EMET Acrobat w/ EMET SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 VIII 2003 VIII 2003 IX 2007 IX 2007 X 2010 X 2010 XI XI - 219,794 -29 257,635 143 37,841 114 15

  42. Can we scale our analysis to hundreds of thousands of samples? Extraction Office w/ driver Acrobat w/ driver Office w/ EMET Acrobat w/ EMET SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 VIII 2003 VIII 2003 IX 2007 IX 2007 X 2010 X 2010 XI XI - 219,794 -29 257,635 143 37,841 114 15

  43. Can we scale our analysis to hundreds of thousands of samples? Extraction Office w/ driver Acrobat w/ driver Office w/ EMET Acrobat w/ EMET SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 VIII 2003 VIII 2003 IX 2007 IX 2007 X 2010 X 2010 XI XI - 219,794 -29 -34,026 257,635 143 -11 37,841 114 3,815 103 15

  44. Data acquisition and processing workflow 16

  45. Can we scale our analysis to hundreds of thousands of samples? Analysis Acrobat w/ driver Office w/ driver Office w/ EMET Acrobat w/ EMET SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 VIII 2003 VIII 2003 IX 2007 IX 2007 X 2010 X 2010 XI XI - 219,794 -29 257,635 143 -34,026 -11 37,841 114 3,815 103 17

  46. Can we scale our analysis to hundreds of thousands of samples? Analysis Acrobat w/ driver Office w/ driver Office w/ EMET Acrobat w/ EMET SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 VIII 2003 VIII 2003 IX 2007 IX 2007 X 2010 X 2010 XI XI - 219,794 257,635 -34,026 37,841 3,815 17

  47. Can we scale our analysis to hundreds of thousands of samples? Analysis Malware Acrobat w/ driver sandboxes Office w/ driver Translators Office w/ EMET Acrobat w/ EMET SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 VIII 2003 VIII 2003 IX 2007 IX 2007 X 2010 X 2010 XI XI - 219,794 -34,026 37,841 3,815 17

  48. Can we scale our analysis to hundreds of thousands of samples? Analysis Malware Acrobat w/ driver sandboxes Office w/ driver Translators Office w/ EMET Acrobat w/ EMET SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 VIII 2003 VIII 2003 IX 2007 IX 2007 X 2010 X 2010 XI XI - 219,794 -34,026 37,841 3,815 17

  49. Can we scale our analysis to hundreds of thousands of samples? Analysis Malware Acrobat w/ driver sandboxes Office w/ driver Translators Office w/ EMET Acrobat w/ EMET SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 SP0 SP1 SP2 SP3 0.0 1.0 2.0 3.0 4.0 5.0 VIII 2003 VIII 2003 IX 2007 IX 2007 X 2010 X 2010 XI XI - 219,794 -34,026 2,447 3,705 37,841 3,815 17

  50. Outline 1) Methodology 2) Analysis of exploit documents 3) Future work 18

  51. Do targeted groups upload exploit documents on VirusTotal? Likely targets (inferred from decoys) 19

  52. Do targeted groups upload exploit documents on VirusTotal? Likely targets (inferred from decoys) 19

  53. Do targeted groups upload exploit documents on VirusTotal? Likely targets (inferred from decoys) 19

  54. Do targeted groups upload exploit documents on VirusTotal? Likely targets (inferred from decoys) VirusTotal gives visibility into attacks targeting numerous groups 19

  55. How attacks faced by different groups compare with each other? Languages of decoys Fraction 20

  56. How attacks faced by different groups compare with each other? Languages of decoys Fraction 20

  57. How attacks faced by different groups compare with each other? Languages of decoys Fraction 20

  58. How attacks faced by different groups compare with each other? Languages of decoys Fraction 20

  59. How attacks faced by different groups compare with each other? Languages of decoys Fraction Decoys tend to use the official language of the groups they target 20

  60. How attacks faced by different groups compare with each other? Malware targeting 21

  61. How attacks faced by different groups compare with each other? Malware targeting 21

  62. How attacks faced by different groups compare with each other? Malware targeting 21

  63. How attacks faced by different groups compare with each other? Malware targeting 21

Recommend

A broad view of heritage Historic buildings Archaeological sites Collections

A broad view of heritage Historic buildings Archaeological sites Collections

A broad view of heritage Historic buildings Archaeological sites Collections Places and objects linked to industrial, maritime and transport history Natural and designed landscapes Wildlife A broad view of heritage

189 views • 15 slides
Scanners Divers Prefer a broad view Master specific details before general concepts

Scanners Divers Prefer a broad view Master specific details before general concepts

= Never Anywhere + Anytime Tackling the motivation challenges of continual learning Betha Gutsche, OCLC/WebJunction Elizabeth Iaukea, Washington State Library ALA Annual 2016, Orlando Scanners Divers Prefer a broad view Master

670 views • 28 slides
Engineered quantum systems. G J Milburn Centre for Engineered Quantum Systems, The University of

Engineered quantum systems. G J Milburn Centre for Engineered Quantum Systems, The University of

Engineered quantum systems. G J Milburn Centre for Engineered Quantum Systems, The University of Queensland Taipei, June 2011. Engineered quantum systems? Superconducting qubits and microwave resonators. Entanglement via continuous measurement

641 views • 61 slides
Socially Assistive Robotics Grace Chandler Socially assistive robotics (SAR): An intersection

Socially Assistive Robotics Grace Chandler Socially assistive robotics (SAR): An intersection

Socially Assistive Robotics Grace Chandler Socially assistive robotics (SAR): An intersection between assistive robotics and socially intelligent robotics, often for a therapeutically beneficial role TEACHING: MITs Tenga- A second language

734 views • 47 slides
NEIGHBORHOOD MAP 1. S. BROAD ST - LOOKING NORTH 2. S. BROAD ST - LOOKING SOUTH 3. S. BROAD ST -

NEIGHBORHOOD MAP 1. S. BROAD ST - LOOKING NORTH 2. S. BROAD ST - LOOKING SOUTH 3. S. BROAD ST -

NEIGHBORHOOD MAP 1. S. BROAD ST - LOOKING NORTH 2. S. BROAD ST - LOOKING SOUTH 3. S. BROAD ST - ACROSS THE STREET LOOKING NORTHEAST AT THE SITE 2 5 1111 S. BROAD ST LOT AREA = 10,675 SF 4 1 3 4. S. BROAD ST - ACROSS THE STREET LOOKING

706 views • 36 slides
The importance of taking the broad view: the NuSTAR AGN Physics Program Giorgio Matt (

The importance of taking the broad view: the NuSTAR AGN Physics Program Giorgio Matt (

The importance of taking the broad view: the NuSTAR AGN Physics Program Giorgio Matt ( Universita Roma Tre, Italy ) On behalf of the NuSTAR AGN Physics WG NuSTAR is the fjrst focusing hard X-ray satellite NuSTAR INTEGRAL Grazing Incidence

1.01k views • 47 slides
The importance of taking the broad view: NuSTAR observations of radio-quiet AGN Giorgio Matt (

The importance of taking the broad view: NuSTAR observations of radio-quiet AGN Giorgio Matt (

The importance of taking the broad view: NuSTAR observations of radio-quiet AGN Giorgio Matt ( Universita Roma Tre, Italy ) On behalf of the NuSTAR AGN Physics WG NuSTAR is the fjrst focusing hard X-ray satellite NuSTAR INTEGRAL Grazing

251 views • 23 slides
Tackling kling Tobacco bacco Through ough Re Re-engineered engineered Pr Prim imar ary y

Tackling kling Tobacco bacco Through ough Re Re-engineered engineered Pr Prim imar ary y

Tackling kling Tobacco bacco Through ough Re Re-engineered engineered Pr Prim imar ary y Care re Daren Wu, M.D. Chief Medical Officer Learning Objectives Understand the key stumbling blocks that can interfere with tobacco

433 views • 40 slides
Note For CPS 196, Spring 2006, I skimmed a tutorial giving a broad view of the area. It is

Note For CPS 196, Spring 2006, I skimmed a tutorial giving a broad view of the area. It is

Note For CPS 196, Spring 2006, I skimmed a tutorial giving a broad view of the area. It is by Joe Hellerstein at Peer-to-Peer and Large- Berkeley and is available at: Scale Distributed Systems db.cs.berkeley.edu/jmh/talks/

293 views • 5 slides
Models: Take a broad view! Structural Dynamic Macroeconomic Models in Asia-Pacific Economies

Models: Take a broad view! Structural Dynamic Macroeconomic Models in Asia-Pacific Economies

BANK INDONESIA and BANK FOR INTERNATIONAL SETTLEMENTS WORKSHOP Models: Take a broad view! Structural Dynamic Macroeconomic Models in Asia-Pacific Economies Economy-wide dynamic stochastic models Bali, Indonesia, June 3-4, 2008 for

328 views • 13 slides
Development of Ecosystem component maps Henna Rinne, HELCOM Secretariat henna.rinne@helcom.fi

Development of Ecosystem component maps Henna Rinne, HELCOM Secretariat henna.rinne@helcom.fi

Development of Ecosystem component maps Henna Rinne, HELCOM Secretariat henna.rinne@helcom.fi 6.9.2016 40 Ecosystem component layers Pelagic habitats (2) Broad-scale seabed habitats (6) Habitat forming species (5) Natura 2000

524 views • 24 slides
Indian Institute Of Technology, Bombay Engineered Versus Natural System ENGINEERED SYSTEM Design

Indian Institute Of Technology, Bombay Engineered Versus Natural System ENGINEERED SYSTEM Design

Indian Institute Of Technology, Bombay Engineered Versus Natural System ENGINEERED SYSTEM Design Operation Optimization Control Engineered system: bottom-up design with known functionality of components Natural system: top down design with

1.08k views • 34 slides
Delivering Engineered Solutions www.bowyerengineering.co.uk

Delivering Engineered Solutions www.bowyerengineering.co.uk

Delivering Engineered Solutions www.bowyerengineering.co.uk stevea@bowyerengineering.co.uk AS9100, ISO 9001 & RR Sabre Accredited Delivering Engineered Solutions Staff and Premises Knowledge &

284 views • 15 slides
Rangeland Ecosystem Services and Influence Of Grazing Management Shannon R. White, Thomas J.

Rangeland Ecosystem Services and Influence Of Grazing Management Shannon R. White, Thomas J.

A Geographically- Broad Assessment of Rangeland Ecosystem Services and Influence Of Grazing Management Shannon R. White, Thomas J. Habib, & Daniel R. Farr Alberta Biodiversity Monitoring Institute University of Alberta Its Our Nature

488 views • 29 slides
About AH Industries A/S Company Structure Manufacturing Engineered Engineering Solutions CI

About AH Industries A/S Company Structure Manufacturing Engineered Engineering Solutions CI

About AH Industries A/S Company Structure Manufacturing Engineered Engineering Solutions CI Value Proposition Supply Chain Components Solutions - Engineered Solutions Georgia Singleblade Yoke Significant benefits can be achieved

143 views • 12 slides
How to Encourage Socially Responsible Behavior? Responsible Behavior? Tore Ellingsen Milano 21

How to Encourage Socially Responsible Behavior? Responsible Behavior? Tore Ellingsen Milano 21

How to Encourage Socially Responsible Behavior? Responsible Behavior? Tore Ellingsen Milano 21 October 2011 Outline 1. What is socially responsible behavior? 2. Is there any reason to encourage it? 3. If so how? a) What drives socially

321 views • 31 slides
CREATING A SOCIALLY RESPONSIBLE Chief Executive Officer, BSE Limited Mining Investment

CREATING A SOCIALLY RESPONSIBLE Chief Executive Officer, BSE Limited Mining Investment

Thapelo Tsheole CREATING A SOCIALLY RESPONSIBLE Chief Executive Officer, BSE Limited Mining Investment Conference, Gaborone INVESTING CULTURE THAT TRANSLATES TO 21 st May 2019 BETTER RETURNS FOR POTENTIAL INVESTORS What is Socially Responsible

247 views • 13 slides
5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application

5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application

Se minar 5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application Speaker Adam Davis Dave Batker Dr. Ben Guillon Ricardo Bayon 2011 ECOSYSTEM SERVICES SEMINAR SERIES Ecosystem Services Seminar

745 views • 35 slides
Ecosystem Services Assessment Multifunctionality Valuation of Ecosystem services Methods and

Ecosystem Services Assessment Multifunctionality Valuation of Ecosystem services Methods and

Ecosystem Services Assessment Multifunctionality Valuation of Ecosystem services Methods and basis for Suitable for ecosystem services decisions: Monetary terms that we have good knowledge of and is (WTP-studies, cost-benefit

617 views • 4 slides
Advanced Engineered Solutions A Global Leader in Specialty Chemicals Surface Finishing Equipment

Advanced Engineered Solutions A Global Leader in Specialty Chemicals Surface Finishing Equipment

Advanced Engineered Solutions A Global Leader in Specialty Chemicals Surface Finishing Equipment Engineered Powders Analytical Controls Customer Requirements for Nickel Plating Chelsea Edmonds Lynne Michaelson Introduction Corrosion

420 views • 19 slides
Modeling Interfaces Modeling Interfaces Involving Multiple Engineered Features Engineered

Modeling Interfaces Modeling Interfaces Involving Multiple Engineered Features Engineered

Modeling Interfaces Modeling Interfaces Involving Multiple Engineered Features Engineered Features John Walton University of Texas at El Paso July 2009 July 2009 UTEP Thesis: Thesis: When one examines multiple When one examines

342 views • 30 slides
Biodiversity and ecosystem function Managing landscapes for multiple ecosystem services

Biodiversity and ecosystem function Managing landscapes for multiple ecosystem services

Biodiversity and ecosystem function Managing landscapes for multiple ecosystem services Christopher Philipson Twitter @PhilipsonChris Biodiversity and ecosystem function: the grassland experiments Cedar Creek in North America

578 views • 25 slides
Applied Learning Days @ Bukit View Sec 5 - 8 Mar 2018 Objectives To provide opportunities for

Applied Learning Days @ Bukit View Sec 5 - 8 Mar 2018 Objectives To provide opportunities for

Applied Learning Days @ Bukit View Sec 5 - 8 Mar 2018 Objectives To provide opportunities for students to experience experiential learning via fun and meaningful tasks and enhance students development as socially responsible

890 views • 70 slides
Ecosystem Natural Capital Accounting (2) ECOSYSTEM NATURAL CAPITAL ACCOUNTS: A QUICK START PACKAGE

Ecosystem Natural Capital Accounting (2) ECOSYSTEM NATURAL CAPITAL ACCOUNTS: A QUICK START PACKAGE

SUB-REGIONAL CAPACITY BUILDING WORKSHOP ON SUSTAINABLE FINANCE AND RESOURCE MOBILIZATION FOR BIODIVERSITY FOR CARICOM MEMBER STATES ST. JOHNS, ANTIGUA AND BARBUDA 18 - 21 MAY 2015 Ecosystem Natural Capital Accounting (2) ECOSYSTEM NATURAL

438 views • 31 slides

More recommend