Phishing attacks and mitigation tactics

Phishing attacks and mitigation tactics

Sosiaalinen hakkerointi, esimerkiksi kalastelu sekä erityisesti kohdennetut kalasteluhyökkäykset ovat edelleen yksi uhkatoimijoiden käytetyimmistä hyökkäystekniikoista. Kohdennetuilla kalasteluhyökkäyksillä hyökkääjä pyrkii saavuttamaan ensimmäisen jalansijan hyökättävän kohteen tietoverkkoon esimer...

Full description

Bibliographic Details
Main Author: Särökaari, Niklas
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format: Master's thesis
Language:eng
Published: 2020
Subjects:
apt
email security
initial access
malicious attachment
social engineering
username
Tietojenkäsittelytiede
Computer Science
601
salasanat
verkkourkinta
sähköposti
verkkohyökkäykset
passwords
phishing
e-mail
cyber attacks
Online Access: https://jyx.jyu.fi/handle/123456789/72569
_version_ 1826225754857275392
author Särökaari, Niklas
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Särökaari, Niklas Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Särökaari, Niklas Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Särökaari, Niklas
datasource_str_mv jyx
description Sosiaalinen hakkerointi, esimerkiksi kalastelu sekä erityisesti kohdennetut kalasteluhyökkäykset ovat edelleen yksi uhkatoimijoiden käytetyimmistä hyökkäystekniikoista. Kohdennetuilla kalasteluhyökkäyksillä hyökkääjä pyrkii saavuttamaan ensimmäisen jalansijan hyökättävän kohteen tietoverkkoon esimerkiksi saastuneen työntekijän työaseman kautta. Tätä pääsyä hyökkääjä käyttää liikkuakseen tietoverkoissa muun muassa saavuttaakseen kampanjansa tavoitteet, joka voi olla valtuuttamattoman pääsyn saaminen arkaluontoiseen tietoon. Offensiivisten työkalujen sekä taktiikoiden, tekniikoiden ja menetelmien kuten haavoittuvuuksien ja niiden väärinkäyttämiseen tarkoitetun ohjelmakoodin julkaiseminen on myös raportoidusti edesauttanut uhkatoimijoita murtautumaan tietoverkkoihin. Nykyään uhkatoimijoille on tyypillisempää väärinkäyttää olemassa olevaa toiminnallisuutta tai avoimesti julkaistuja offensiivisia työkaluja ja haavoittuvuuksia sen sijaan, että uhkatoimijat käyttäisivät rajoitettuja resurssejaan ennestään tuntemattomien haavoittuvuuksien etsintään. Lähdemateriaali on pääasiallisesti kerätty toissijaista lähteistä, kuten akateemisista tutkimuspapereista, ammatillisesta lähdekirjallisuudesta sekä uhkatietoraporteista. Tämän pro gradu -tutkielman tavoitteena oli systemaattisesti perehtyä kerättyyn lähdemateriaalin sekä saavuttaa ymmärrys miten nykyaikaiset uhkatoimijat toimivat toteuttaessaan kohdennettuja tietomurtoja, jossa pääasiallinen hyökkäystapa on kalastelukampanja. Tässä pro gradu -tutkielmassa analysoidaan yleisimpiä tekniikoita liittyen siihen, kuinka uhkatoimijat rakentavat ja toteuttavat kalastelukampanjoita. Tämän lisäksi analysoidaan muutamia tunnettuja tekniikoita, joiden avulla on mahdollista ohittaa olemassa olevia tietoturvakontrolleja. Lopuksi otetaan huomioon se, kuinka organisaatiot voisivat puolustautua tyypillisimpiä hyökkäystekniikoita, esimerkiksi impersonointia vastaan. Tämän pro gradu -tutkielman perusteella on havaittavissa, että uhkatoimijat luottavat pääasiassa Microsoft Office -dokumenttien väärinkäyttöön osana hyökkäyksiään. Organisaatot voivat hyödyntää tämän pro gradu -tutkielman tuloksia rakentaakseen ymmärrystä moderneista hyökkäystekniikoista ja uhkista, joita he kohtaavat. Social engineering-based attacks, such as phishing and more targeted, spear phishing attacks remains to be one of the most common attack vectors used by threat actors. These attacks are most commonly used to obtain initial access into the target’s internal network, for example through compromised endpoint. The access is then further leveraged to move laterally within the network to obtain access to sensitive information. The public release of offensive security tooling and tactics, techniques and procedures (TTPs), such as disclosure of vulnerabilities with working proof-of-concept exploit code is also actively leveraged by several threat actors in their campaigns. More often advanced persistent threats (APTs) and other sophisticated threat actors are abusing existing functionality or exploiting already known vulnerabilities that have not been patched instead of concentrating time and resources into researching previously unknown vulnerabilities, also known as 0-days. The research material in this master’s thesis is based primarily on secondary sources that has been collected from academic research papers, professional literature and threat intelligence reports. Objective of this master’s thesis was to perform a systematic literature review and analysis of observed tactics, techniques and procedures to obtain an understanding of what are the modern techniques that attackers are using to compromise organisations where the primary attack vector is phishing. This master’s thesis analyses some of the common techniques, such as how attackers and phishers are deploying their phishing campaigns. Furthermore, what are some of the most prominent evasion techniques being used as well as how email authentication could help organisations to mitigate some of the most basic impersonation attacks that attackers have been using successfully. The results of this master’s thesis show that attackers are still relying on abusing old functionalities through Microsoft Office documents and one of the most successful attack vectors to compromise an endpoint remains to be delivered through a Microsoft Office document that has malware inside of a Macro. The results of this master’s thesis can be used by organisations to develop an understanding of some of the current threats and abilities attackers have and develop mitigations to protect their employees and assets.
first_indexed 2020-11-11T21:02:24Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Siponen, Mikko", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "S\u00e4r\u00f6kaari, Niklas", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2020-11-11T06:12:46Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2020-11-11T06:12:46Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2020", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/72569", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Sosiaalinen hakkerointi, esimerkiksi kalastelu sek\u00e4 erityisesti kohdennetut kalasteluhy\u00f6kk\u00e4ykset ovat edelleen yksi uhkatoimijoiden k\u00e4ytetyimmist\u00e4 hy\u00f6kk\u00e4ystekniikoista. Kohdennetuilla kalasteluhy\u00f6kk\u00e4yksill\u00e4 hy\u00f6kk\u00e4\u00e4j\u00e4 pyrkii saavuttamaan ensimm\u00e4isen jalansijan hy\u00f6k\u00e4tt\u00e4v\u00e4n kohteen tietoverkkoon esimerkiksi saastuneen ty\u00f6ntekij\u00e4n ty\u00f6aseman kautta. T\u00e4t\u00e4 p\u00e4\u00e4sy\u00e4 hy\u00f6kk\u00e4\u00e4j\u00e4 k\u00e4ytt\u00e4\u00e4 liikkuakseen tietoverkoissa muun muassa saavuttaakseen kampanjansa tavoitteet, joka voi olla valtuuttamattoman p\u00e4\u00e4syn saaminen arkaluontoiseen tietoon. \nOffensiivisten ty\u00f6kalujen sek\u00e4 taktiikoiden, tekniikoiden ja menetelmien kuten haavoittuvuuksien ja niiden v\u00e4\u00e4rink\u00e4ytt\u00e4miseen tarkoitetun ohjelmakoodin julkaiseminen on my\u00f6s raportoidusti edesauttanut uhkatoimijoita murtautumaan tietoverkkoihin. Nyky\u00e4\u00e4n uhkatoimijoille on tyypillisemp\u00e4\u00e4 v\u00e4\u00e4rink\u00e4ytt\u00e4\u00e4 olemassa olevaa toiminnallisuutta tai avoimesti julkaistuja offensiivisia ty\u00f6kaluja ja haavoittuvuuksia sen sijaan, ett\u00e4 uhkatoimijat k\u00e4ytt\u00e4isiv\u00e4t rajoitettuja resurssejaan ennest\u00e4\u00e4n tuntemattomien haavoittuvuuksien etsint\u00e4\u00e4n.\nL\u00e4hdemateriaali on p\u00e4\u00e4asiallisesti ker\u00e4tty toissijaista l\u00e4hteist\u00e4, kuten akateemisista tutkimuspapereista, ammatillisesta l\u00e4hdekirjallisuudesta sek\u00e4 uhkatietoraporteista. T\u00e4m\u00e4n pro gradu -tutkielman tavoitteena oli systemaattisesti perehty\u00e4 ker\u00e4ttyyn l\u00e4hdemateriaalin sek\u00e4 saavuttaa ymm\u00e4rrys miten nykyaikaiset uhkatoimijat toimivat toteuttaessaan kohdennettuja tietomurtoja, jossa p\u00e4\u00e4asiallinen hy\u00f6kk\u00e4ystapa on kalastelukampanja.\nT\u00e4ss\u00e4 pro gradu -tutkielmassa analysoidaan yleisimpi\u00e4 tekniikoita liittyen siihen, kuinka uhkatoimijat rakentavat ja toteuttavat kalastelukampanjoita. T\u00e4m\u00e4n lis\u00e4ksi analysoidaan muutamia tunnettuja tekniikoita, joiden avulla on mahdollista ohittaa olemassa olevia tietoturvakontrolleja. Lopuksi otetaan huomioon se, kuinka organisaatiot voisivat puolustautua tyypillisimpi\u00e4 hy\u00f6kk\u00e4ystekniikoita, esimerkiksi impersonointia vastaan.\nT\u00e4m\u00e4n pro gradu -tutkielman perusteella on havaittavissa, ett\u00e4 uhkatoimijat luottavat p\u00e4\u00e4asiassa Microsoft Office -dokumenttien v\u00e4\u00e4rink\u00e4ytt\u00f6\u00f6n osana hy\u00f6kk\u00e4yksi\u00e4\u00e4n. Organisaatot voivat hy\u00f6dynt\u00e4\u00e4 t\u00e4m\u00e4n pro gradu -tutkielman tuloksia rakentaakseen ymm\u00e4rryst\u00e4 moderneista hy\u00f6kk\u00e4ystekniikoista ja uhkista, joita he kohtaavat.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Social engineering-based attacks, such as phishing and more targeted, spear phishing attacks remains to be one of the most common attack vectors used by threat actors. These attacks are most commonly used to obtain initial access into the target\u2019s internal network, for example through compromised endpoint. The access is then further leveraged to move laterally within the network to obtain access to sensitive information.\n\tThe public release of offensive security tooling and tactics, techniques and procedures (TTPs), such as disclosure of vulnerabilities with working proof-of-concept exploit code is also actively leveraged by several threat actors in their campaigns. More often advanced persistent threats (APTs) and other sophisticated threat actors are abusing existing functionality or exploiting already known vulnerabilities that have not been patched instead of concentrating time and resources into researching previously unknown vulnerabilities, also known as 0-days.\nThe research material in this master\u2019s thesis is based primarily on secondary sources that has been collected from academic research papers, professional literature and threat intelligence reports. Objective of this master\u2019s thesis was to perform a systematic literature review and analysis of observed tactics, techniques and procedures to obtain an understanding of what are the modern techniques that attackers are using to compromise organisations where the primary attack vector is phishing. \nThis master\u2019s thesis analyses some of the common techniques, such as how attackers and phishers are deploying their phishing campaigns. Furthermore, what are some of the most prominent evasion techniques being used as well as how email authentication could help organisations to mitigate some of the most basic impersonation attacks that attackers have been using successfully.\nThe results of this master\u2019s thesis show that attackers are still relying on abusing old functionalities through Microsoft Office documents and one of the most successful attack vectors to compromise an endpoint remains to be delivered through a Microsoft Office document that has malware inside of a Macro. The results of this master\u2019s thesis can be used by organisations to develop an understanding of some of the current threats and abilities attackers have and develop mitigations to protect their employees and assets.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2020-11-11T06:12:46Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2020-11-11T06:12:46Z (GMT). No. of bitstreams: 0\n Previous issue date: 2020", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "68", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "apt", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "email security", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "initial access", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "malicious attachment", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "social engineering", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "username", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Phishing attacks and mitigation tactics", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202011116604", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietojenk\u00e4sittelytiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Computer Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "salasanat", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkourkinta", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "s\u00e4hk\u00f6posti", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkohy\u00f6kk\u00e4ykset", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "passwords", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "phishing", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "e-mail", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber attacks", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_72569
language eng
last_indexed 2025-02-18T10:55:20Z
main_date 2020-01-01T00:00:00Z
main_date_str 2020
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/a35a7a89-fe88-425e-b3d0-41559e0da7eb\/download","text":"URN:NBN:fi:jyu-202011116604.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2020
record_format qdc
source_str_mv jyx
spellingShingle Särökaari, Niklas Phishing attacks and mitigation tactics apt email security initial access malicious attachment social engineering username Tietojenkäsittelytiede Computer Science 601 salasanat verkkourkinta sähköposti verkkohyökkäykset passwords phishing e-mail cyber attacks
title Phishing attacks and mitigation tactics
title_full Phishing attacks and mitigation tactics
title_fullStr Phishing attacks and mitigation tactics Phishing attacks and mitigation tactics
title_full_unstemmed Phishing attacks and mitigation tactics Phishing attacks and mitigation tactics
title_short Phishing attacks and mitigation tactics
title_sort phishing attacks and mitigation tactics
title_txtP Phishing attacks and mitigation tactics
topic apt email security initial access malicious attachment social engineering username Tietojenkäsittelytiede Computer Science 601 salasanat verkkourkinta sähköposti verkkohyökkäykset passwords phishing e-mail cyber attacks
topic_facet 601 Computer Science Tietojenkäsittelytiede apt cyber attacks e-mail email security initial access malicious attachment passwords phishing salasanat social engineering sähköposti username verkkohyökkäykset verkkourkinta
url https://jyx.jyu.fi/handle/123456789/72569 http://www.urn.fi/URN:NBN:fi:jyu-202011116604
work_keys_str_mv AT särökaariniklas phishingattacksandmitigationtactics

Similar Items