데이터 경제 시대의
개인정보보호

제11회 개인정보보호 페어 & CPO워크숍

2022년 6월 2일(목) ~ 3일(금)ㅣ서울 코엑스 그랜드볼룸


참관등록 조회/확인
  • home
  • /
  • 강연정보

강연정보




Track B. CPO 강연시간 : 2022.6.2 13:10 ~ 13:45
Understanding the Underbelly of Phishing Attacks share facebook share twitter share linkedin share band share kakao

숭실대학교
조해현교수




- 강연 제목
Understanding the Underbelly of Phishing Attacks

- 강연 요약
Phishing is a critical threat to Internet users. Despite extensive research by the security community, phishing attacks remain profitable to attackers and continue to cause substantial damage not only to the victim users that they target, but also the organizations they impersonate. In recent years, phishing websites have taken the place of malware websites as the most prevalent web-based threat. Even though technical countermeasures effectively mitigate web-based malware, phishing websites continue to grow in sophistication and successfully slip past modern defenses. In a cat-and-mouse game with the anti-phishing ecosystem, sophisticated phishing websites implement evasion techniques to delay or avoid detection by automated anti-phishing systems, which, in turn, maximizes the attackers return-on-investment. Thwarting phishers evasion efforts is, thus, an important problem within the anti-phishing community, as timely detection is the key to successful mitigation.
In this presentation, we are going to see what the attackers are exploiting. First off, I’ll present a comprehensive measurement study of online social engineering attacks in the early months of the pandemic. Next, I’ll discuss on the security practices of CAs in the HTTPS phishing ecosystem to better understand the importance of the security practices of CAs and thwart the proliferating HTTPS phishing. Furthermore, I’ll present a large-scale evaluation result of the landscape of client-side cloaking used by phishing websites. Sophisticated client-side evasion techniques, known as cloaking, leverage JavaScript to enable complex interactions between potential victims and the phishing website, and can thus be particularly effective in slowing or entirely preventing automated mitigations.



친구에게 이메일 보내기 목록보기