DeepAI AI Chat
Log In Sign Up

Detecting and Characterizing Lateral Phishing at Scale

by   Grant Ho, et al.

We present the first large-scale characterization of lateral phishing attacks, based on a dataset of 113 million employee-sent emails from 92 enterprise organizations. In a lateral phishing attack, adversaries leverage a compromised enterprise account to send phishing emails to other users, benefitting from both the implicit trust and the information in the hijacked user's account. We develop a classifier that finds hundreds of real-world lateral phishing emails, while generating under four false positives per every one-million employee-sent emails. Drawing on the attacks we detect, as well as a corpus of user-reported incidents, we quantify the scale of lateral phishing, identify several thematic content and recipient targeting strategies that attackers follow, illuminate two types of sophisticated behaviors that attackers exhibit, and estimate the success rate of these attacks. Collectively, these results expand our mental models of the 'enterprise attacker' and shed light on the current state of enterprise phishing attacks.


page 4

page 13


A Large-Scale Analysis of Attacker Activity in Compromised Enterprise Accounts

We present a large-scale characterization of attacker activity across 11...

When Textbook RSA is Used to Protect the Privacy of Hundreds of Millions of Users

We evaluate Tencent's QQ Browser, a popular mobile browser in China with...

The Tools and Tactics Used in Intimate Partner Surveillance: An Analysis of Online Infidelity Forums

Abusers increasingly use spyware apps, account compromise, and social en...

Hopper: Modeling and Detecting Lateral Movement (Extended Report)

In successful enterprise attacks, adversaries often need to gain access ...

Bicycle Attacks Considered Harmful: Quantifying the Damage of Widespread Password Length Leakage

We examine the issue of password length leakage via encrypted traffic i....

Towards a First Step to Understand the Cryptocurrency Stealing Attack on Ethereum

We performed the first systematic study of a new attack on Ethereum to s...

Draining the Water Hole: Mitigating Social Engineering Attacks

Cyber adversaries have increasingly leveraged social engineering attacks...