A Look at Targeted Attacks Through the Lense of an {NGO}

Stevens Le Blond; Adina Uritesc; Cédric Gilbert; Zheng Leong Chua; Prateek Saxena; Engin Kirda

A Look at Targeted Attacks Through the Lense of an NGO

Website Maintenance Alert

Due to scheduled maintenance, the USENIX website will not be available on Tuesday, December 17, from 10:00 am to 2:00 pm Pacific Daylight Time (UTC -7). We apologize for the inconvenience.

If you are trying to register for Enigma 2020, please complete your registration before or after this time period.

Friday, August 1, 2014 - 10:15am

Authors:

Stevens Le Blond, Adina Uritesc, and Cédric Gilbert, Max Planck Institute for Software Systems (MPI-SWS); Zheng Leong Chua and Prateek Saxena, National University of Singapore; Engin Kirda, Northeastern University

Abstract:

We present an empirical analysis of targeted attacks against a human-rights Non-Governmental Organization (NGO) representing a minority living in China. In par- ticular, we analyze the social engineering techniques, at- tack vectors, and malware employed in malicious emails received by two members of the NGO over a four-year period. We find that both the language and topic of the emails were highly tailored to the victims, and that sender impersonation was commonly used to lure them into opening malicious attachments. We also show that the majority of attacks employed malicious documents with recent but disclosed vulnerabilities that tend to evade common defenses. Finally, we find that the NGO received malware from different families and that over a quarter of the malware can be linked to entities that have been reported to engage in targeted attacks against polit- ical and industrial organizations, and Tibetan NGOs.

Stevens Le Blond, Max Planck Institute for Software Systems (MPI-SWS)

Adina Uritesc, Max Planck Institute for Software Systems (MPI-SWS)

Cédric Gilbert, Max Planck Institute for Software Systems (MPI-SWS)

Zheng Leong Chua, National University of Singapore

Prateek Saxena, National University of Singapore

Engin Kirda, Northeastern University

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX

@inproceedings {184407,
author = {Stevens Le Blond and Adina Uritesc and C{\'e}dric Gilbert and Zheng Leong Chua and Prateek Saxena and Engin Kirda},
title = {A Look at Targeted Attacks Through the Lense of an {NGO}},
booktitle = {23rd {USENIX} Security Symposium ({USENIX} Security 14)},
year = {2014},
isbn = {978-1-931971-15-7},
address = {San Diego, CA},
pages = {543--558},
url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/le-blond},
publisher = {{USENIX} Association},
month = aug,
}

Download

Le Blond PDF