A Look at Targeted Attacks Through the Lense of an NGO
We present an empirical analysis of targeted attacks against a human-rights Non-Governmental Organization (NGO) representing a minority living in China. In par- ticular, we analyze the social engineering techniques, at- tack vectors, and malware employed in malicious emails received by two members of the NGO over a four-year period. We find that both the language and topic of the emails were highly tailored to the victims, and that sender impersonation was commonly used to lure them into opening malicious attachments. We also show that the majority of attacks employed malicious documents with recent but disclosed vulnerabilities that tend to evade common defenses. Finally, we find that the NGO received malware from different families and that over a quarter of the malware can be linked to entities that have been reported to engage in targeted attacks against polit- ical and industrial organizations, and Tibetan NGOs.
Friday, August 1, 2014 - 10:15am
Authors:
Stevens Le Blond, Adina Uritesc, and Cédric Gilbert, Max Planck Institute for Software Systems (MPI-SWS); Zheng Leong Chua and Prateek Saxena, National University of Singapore; Engin Kirda, Northeastern University
Open Access Content
Papers are restricted to registered attendees until the event begins. Once the event begins, the content becomes free and open to everyone. Journal articles are open to everyone upon publication. If available, video, audio, and/or slides of this presentation will be posted here after the event.
@inproceedings {184407,
author = {Stevens Le Blond and Adina Uritesc and C{\'e}dric Gilbert and Zheng Leong Chua and Prateek Saxena and Engin Kirda},
title = {A Look at Targeted Attacks Through the Lense of an NGO},
booktitle = {23rd USENIX Security Symposium (USENIX Security 14)},
year = {2014},
month = Aug,
isbn = {978-1-931971-15-7},
address = {San Diego, CA},
pages = {543--558},
url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/le-blond},
publisher = {USENIX Association},
}
<br><a href="/biblio/export/bibtex/184407">Download</a>
Abstract:
We present an empirical analysis of targeted attacks against a human-rights Non-Governmental Organization (NGO) representing a minority living in China. In par- ticular, we analyze the social engineering techniques, at- tack vectors, and malware employed in malicious emails received by two members of the NGO over a four-year period. We find that both the language and topic of the emails were highly tailored to the victims, and that sender impersonation was commonly used to lure them into opening malicious attachments. We also show that the majority of attacks employed malicious documents with recent but disclosed vulnerabilities that tend to evade common defenses. Finally, we find that the NGO received malware from different families and that over a quarter of the malware can be linked to entities that have been reported to engage in targeted attacks against polit- ical and industrial organizations, and Tibetan NGOs.
connect with us