Who is targeted by email-based phishing and malware?

Simoiu, Camelia; Zand, Ali; Thomas, Kurt; Bursztein, Elie

doi:10.1145/3419394.3423617

Cited by 12 publications

(12 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Not only is phishing used to facilitate the installation of ransomware, also ransomware is increasingly used to indirectly steal credentials, which sometimes lead to more phishing [50,51]. Another way ransomware leads to phishing is in which the content of the phishing email seems more credible by addressing a recent or on going ransomware attack.…”

Section: Coordinating Ddos Phishing and Ransomware Attacksmentioning

confidence: 99%

“…Their conclusion was that combining ransomware with data-stealing is in general more profitable than ransomware without stealing the data, and that selling the stolen data is always more profitable than threatening to leak the data. Leaked data is often used for semi-targeted and spear-phishing [51]. Therefore this new method of stealing data during a ransomware attack provides additional opportunities for (targeted) phishing.…”

Section: Coordinating Ddos Phishing and Ransomware Attacksmentioning

confidence: 99%

“…There are two ways phishing leads to an increased botnet. One way is to use credentials to automatically install malware [51]. Another is to send a email containing phishing and malware at the same time.…”

Section: Coordinating Ddos Phishing and Ransomware Attacksmentioning

confidence: 99%

See 2 more Smart Citations

Untitled

2022

JISIS

View full text Add to dashboard Cite

Recent leaks (such as Conti) have provided greater insights on the working of cybercriminal organisations. Just like any other business, these malicious actors strategically manage their processes in order to maximise their revenues. Coordinating different types of cybercrimes as part of a single attack campaign provides another opportunity to these criminal groups to improve the efficiency of their attacks. To investigate the promise of this "coordination" between cybercrimes in improving the financial gains realised by cybercriminals, we take a two-step approach. First, we perform a bibliometric analysis of past scientific literature discussing the concept of "coordination" w.r.t to cybercrime. Second, as a case study, analysing the attack chains of DDoS, phishing and ransomware attacks, we identify vantage points for potential coordination from an attacker's perspective. Based on our findings, we propose a model (COORDINATE) to identify the types of potential cybercrime "coordinations". COORDINATE considers three relevant types of coordination: direct collaborated coordination, indirect collaborated coordination, and opportunistic coordination. Given the advantages of coordinated attacks, our results suggest that one crime may provide opportunities for the next one. Coordinated attacks will become more prevalent, and that we may witness the development of a dynamic that leads to more online crime.

show abstract

Section: Coordinating Ddos Phishing and Ransomware Attacksmentioning

confidence: 99%

Section: Coordinating Ddos Phishing and Ransomware Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Untitled

2022

JISIS

View full text Add to dashboard Cite

show abstract

“…Simoiu et al [20] acreditam que apesar da literatura estudar apenas as causas dos ataques por phishing e malware, pode haver uma relação com a existência de um grupo mais propenso a cair em golpes e que são alvos mais frequentes. Foram analisados 1.2 bilhões de phishing e malware enviados pelo GMail durante cinco meses 83 entre abril e agosto de 2020), e que atingiram cerca de 17 milhões de usuários por semana (a maioria das campanhas dura em média apenas 1 dia).…”

Section: Phishing and Malwareunclassified

“…Os tipos de ataques mais comuns citados por alguns autores são: phishing mail e malware (para [3]); scam e phishig, malware e distributed denial-of-service -DDoS (para [4]); phishing, malware, scamming, e spamming (para [19]); entre outros. Para a grande maioria [15,[20][21][22], phishing e malware seguem como uma das maiores ameaça à segurança, e se tornaram tópico para nossa pesquisa. Conforme Duggal [8], o espaço virtual está tão cheio de informações e desinformações que as pessoas não sabem em qual fonte devem confiar.…”

Section: Introductionunclassified

Notícias Falsas, Dano Real: Levantamento, Análise e Discussão de Phishing, Malware e Fake News sobre COVID-19

Beppler

Yada

Bona

et al. 2021

Anais Do XII Computer on the Beach - COTB '21

View full text Add to dashboard Cite

Coronavirus pandemic (COVID-19) has been one of the most trendingtopics in 2020’s overall media. The virus’ first registers dateback to December 2019 in China, and its spread has affected morethan 50 million people around the world. Since social distance is themost advisable recommendation by health organizations, companiesmassively adopted remote work. The Internet became a hugeallied for several jobs maintenance, but it also increased social engineeringattacks based on the COVID-19 topic to steal sensitiveinformation and/or spread malicious code. In this paper, we reviewthe literature about phishing, malware and fake news that takeadvantage of COVID-19 to distress users and organizations in orderto accomplish cyber attacks, and discuss their implications.

show abstract