Characterizing and Mitigating Phishing Attacks at ccTLD Scale - DRAKKAR
Communication Dans Un Congrès Année : 2024

Characterizing and Mitigating Phishing Attacks at ccTLD Scale

Résumé

Phishing on the web is a model of social engineering and an attack vector for getting access to sensitive and financial data of individuals and corporations. Phishing has been identified as one of the prime cyber threats in recent years. With the goal to effectively identify and mitigate phishing as early as possible, we present in this paper a longitudinal analysis of phishing attacks from the vantage point of three country-code top-level domain (ccTLD) registries that manage more than 8 million active domains -namely the Netherlands' .nl, Ireland's .ie, and Belgium's .be. We perform a longitudinal analysis on phishing attacks spanning up to 10 years, based on more than 28 thousand phishing domains. Our results show two major attack strategies: national companies and organizations are far more often impersonated using malicious registered domains under their country's own ccTLD, which enables better mimicry of the impersonated company. In stark contrast, international companies are impersonated using any domains that can be compromised, reducing overall mimicry but bearing no registration and financial costs. Although most research works focus on detecting new domain names, we show that 80% of phishing attacks in the studied ccTLDs employ compromised domain names. We find banks, financial institutions, and high-tech giant companies at the top of the most impersonated targets. We also show the impact of ccTLDs' registration and abuse handling policies on preventing and mitigating phishing attacks, and that mitigation is complex and performed at both web and DNS level at different intermediaries. Last, our results provide a unique opportunity for ccTLDs to compare and revisit their policies and impacts, with the goal of improving mitigation procedures.
Fichier principal
Vignette du fichier
CCS2024.pdf (1.05 Mo) Télécharger le fichier
Origine Fichiers éditeurs autorisés sur une archive ouverte

Dates et versions

hal-04788617 , version 1 (18-11-2024)

Licence

Identifiants

  • HAL Id : hal-04788617 , version 1

Citer

Giovane Moura, Thomas Daniels, Maarten Bosteels, Sebastian Castro, Moritz Mueller, et al.. Characterizing and Mitigating Phishing Attacks at ccTLD Scale. ACM Conference on Computer and Communications Security (CCS), ACM, Oct 2024, Salt Lake City, United States. ⟨hal-04788617⟩
0 Consultations
0 Téléchargements

Partager

More