s rs r t
play

s rsrt Case study: information sharing - PowerPoint PPT Presentation

Jun 08, 2023 •773 likes •913 views

s rsrt Case study: information sharing in incident response Tyler Moore Phishing attacks Challenges of information sharing To combat phishing attacks, defenders take down the

  1. ❊❝♦♥♦♠✐❝s ♦❢ ❈②❜❡rs❡❝✉r✐t② Case study: information sharing in incident response Tyler Moore

  2. Phishing attacks

  3. Challenges of information sharing ◮ To combat phishing attacks, defenders “take down” the hacked website hosting the impersonating content ◮ Interested parties must find the offending content and request its removal ◮ Sharing timely incident information is often hard to do well

  4. Lack of coordination among defenders

  5. Non-cooperation in the fight against phishing

  6. Mule-recruitment websites

  7. Mule-recruitment websites

  8. Mule-recruitment websites

  9. Misaligned incentives in combating cybercrime ◮ Incentive on the party requesting content removal matters most ◮ Banks are highly motivated to remove phishing websites ◮ Banks’ incentives remain imperfect: they only remove websites directly impersonating their brand, while overlooking mule-recruitment websites ◮ Scams without a clear champion often operate with impunity

  10. Identifying intervention points ◮ For many forms of intervention, from self-regulation to intermediary liability, finding a suitable intervention point is key ◮ Look for (1) concentrations of badness passing through and (2) an ability to intervene ◮ Lots of natural intervention points in fight against cybercrime, such as ISPs, web hosting providers

  11. Benchmarking to correct information asymmetries ◮ ISP abuse teams help remediate infected customers ensnared in botnets ◮ Some do a better job at dealing with abuse reports than others ◮ Without knowledge of comparative performance, there can be little incentive to improve

  12. Benchmarking to correct information asymmetries ◮ Van Eeten et al. independently tracked infection rates at all major Dutch ISPs ◮ Dutch government requested they not make the results public, but share them only with the group of ISPs, and hide company information ◮ Two ISPs trailed the rest by a wide margin ◮ Equipped with this information, the security teams got management to invest more and they quickly improved

  13. Thank you for your attention! Please post any questions you may have on our discussion forum.

Recommend

More recommend