Part 2 of How to Keep Employees Safe From Phishing Campaigns
Getting smarter about phishing is crucial to preventing attacks like the one the ECB just faced. But the other major issue is web malware. In ECB’s case, I was curious: how did the malware lurk on ECB’s BIRD website for so long while evading detection?
For insight, I looked at the Analyzing and Defending Against Web-based Malware report by the University of Pennsylvania’s Jian Chang, Krishna Venkatasubramanian, Andrew West, and Insup Lee. They identified areas of research to pursue to improve our ability to detect and prevent web malware. They include:
Building benchmark platforms:
“Almost all the approaches suffer from either false positives or false negatives; however, there is no commonly accepted data set or testing framework to comparatively evaluate their effectiveness. Therefore, a well-designed benchmark framework is clearly needed to scientifically study and compare different proposed approaches.”
Securing code mashups:
“The client-side code of web applications can be reused and dynamically loaded from external sources. This code mashup requires a different security model than any traditional programming paradigms. Given the prevalence of client-side code mashups, it is imperative to design a sound approach to enhance the flexibility of the current mashup programming practice with guaranteed security.”
Studying social engineering techniques:
“Current detection approaches mainly focus on the web-based malware delivered through drive-by download attacks. The studies on malware delivered through social engineering tricks is very limited. However, as the technologies for mitigating drive-by download attacks become more mature and more broadly deployed, it is reasonable to assume that the attackers will focus more on using social engineering tricks to improve their chance of success.”
Studying the epidemiology of web malware:
“Existing detection mechanisms can be used to build the topology of the malware distribution infrastructure. However, there is no study on the liveness property of this topology: understanding how the connections between landing sites and distribution sites evolve over time. An accurate epidemic model is useful to evaluate how fast and prevalent a defense mechanism needs to be deployed to effectively fight against a web-based malware outbreak.”
Download our Blackberry 2021 Threat Report