TY  - JOUR
A1  - Urban, Tobias
A1  - Große-Kampmann, Matteo
A1  - Tatang, Dennis
A1  - Holz, Thorsten
A1  - Pohlmann, Norbert
T1  - Plenty of Phish in the Sea: Analyzing Potential Pre-Attack Surfaces
T2  - European Symposium on Research in Computer Security - ESORICS '20
N2  - Advanced Persistent Threats (APTs) are one of the main challenges in modern computer security. They are planned and performed by well-funded, highly-trained and often state-based actors. The first step of such an attack is the reconnaissance of the target. In this phase, the adversary tries to gather as much intelligence on the victim as possible to prepare further actions. An essential part of this initial data collection phase is the identification of possible gateways to intrude the target.
In this paper, we aim to analyze the data that threat actors can use to plan their attacks. To do so, we analyze in a first step 93 APT reports and find that most (80 %) of them begin by sending phishing emails to their victims. Based on this analysis, we measure the extent of data openly available of 30 entities to understand if and how much data they leak that can potentially be used by an adversary to craft sophisticated spear phishing emails. We then use this data to quantify how many employees are potential targets for such attacks. We show that 83 % of the analyzed entities leak several attributes of uses, which can all be used to craft sophisticated phishing emails.
KW  - advanced persistent threats
KW  - phishing
KW  - OSINT
KW  - reconnaissance
KW  - MITRE
KW  - cyber kill chain
KW  - measurement study
Y1  - 2020
UR  - https://whge.opus.hbz-nrw.de/frontdoor/index/index/docId/4422
UR  - https://norbert-pohlmann.com/wp-content/uploads/2019/08/414-Plenty-of-Phish-in-the-Sea-Analyzing-Potential-Pre-Attack-Surface-Prof.-Norbert-Pohlmann.pdf
SP  - 272
EP  - 291
ER  -