Plenty of Phish in the Sea: Analyzing Potential Pre-Attack Surfaces

  • Advanced Persistent Threats (APTs) are one of the main challenges in modern computer security. They are planned and performed by well-funded, highly-trained and often state-based actors. The first step of such an attack is the reconnaissance of the target. In this phase, the adversary tries to gather as much intelligence on the victim as possible to prepare further actions. An essential part of this initial data collection phase is the identification of possible gateways to intrude the target. In this paper, we aim to analyze the data that threat actors can use to plan their attacks. To do so, we analyze in a first step 93 APT reports and find that most (80 %) of them begin by sending phishing emails to their victims. Based on this analysis, we measure the extent of data openly available of 30 entities to understand if and how much data they leak that can potentially be used by an adversary to craft sophisticated spear phishing emails. We then use this data to quantify how many employees are potential targets for such attacks. We show that 83 % of the analyzed entities leak several attributes of uses, which can all be used to craft sophisticated phishing emails.

Export metadata

Additional Services

Share in Twitter Search Google Scholar
Author:Tobias Urban, Matteo Große-Kampmann, Dennis Tatang, Thorsten Holz, Norbert Pohlmann
Parent Title (German):European Symposium on Research in Computer Security - ESORICS '20
Document Type:Article
Year of Completion:2020
Year of first Publication:2020
Publishing Institution:Westfälische Hochschule Gelsenkirchen Bocholt Recklinghausen
Release Date:2024/02/23
Tag:MITRE; OSINT; advanced persistent threats; cyber kill chain; measurement study; phishing; reconnaissance
First Page:272
Last Page:291
Licence (German):License LogoEs gilt das Urheberrechtsgesetz

$Rev: 13159 $