Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing

ZeroFOX

Historically, machine learning for information security has prioritized defense: think intrusion detection systems, malware classification and botnet traffic identification. Offense can benefit from data just as well. Social networks, especially Twitter with its access to extensive personal data, bot-friendly API, colloquial syntax and prevalence of shortened links, are the perfect venues for spreading machine-generated malicious content.We present a recurrent neural network that learns to tweet phishing posts targeting specific users. The model is trained using spear phishing pen-testing data, and in order to make a click-through more likely, it is dynamically seeded with topics extracted from timeline posts of both the target and the users they retweet or follow. We augment the model with clustering to identify high value targets based on their level of social engagement such as their number of followers and retweets, and measure success using click-rates of IP-tracked links. Taken together, these techniques enable the world's first automated end-to-end spear phishing campaign generator for Twitter.
Watch Now

Spotlight

A penetration test is often a key requirement for compliance with key regulations. But while many organizations know they need penetration testing, it can be hard to know how to fit them in to a larger security program, or even how to get started. Our whitepaper, "What is Penetration Testing? An Introduction for IT Managers," is a clear and succinct introduction to the core principles and best practices of penetration testing.


OTHER ON-DEMAND WEBINARS

The Future of Phishing: It’s all about your customers

SEGASEC

While current anti-phishing solutions usually cover basic entry-level phishing scams using reactive inside-the-firewall defenses, a billion of potential variations of sophisticated phishing scams are already being planned and executed everywhere on the internet, entirely undisturbed, evading most current detection tools. Todays phishing attacks are no longer performed by scruffy hoodie covered villains, but by sophisticated, risk-calculating, online marketing experts who take social engineering to new heights. By constantly using A/B testing to improve their technology with each attack, they know how to tell a convincing story that would trick even the savviest users, causing irreversible reputational and financial damages to brands worldwide.
Watch Now

"Protecting Critical Value Data From the Inside"

"More than one-third of all cybercrime incidents and security breaches are caused by insiders. Insiders have many motivations, including financial, political or emotional. But no matter the reason, insiders inappropriately access an organisation’s critical value data. Join Keith Lowry, Senior Vice President of the Business Threat Intelligence and Analysis Team at Nuix and Stan Gallo, Director and National Leader of Forensic Technology at KPMG, as they cover: - The definition of an insider threat - What organisations are doing wrong in their approach to managing insider threats - How to design and implement an insider threat program."
Watch Now

Building a Culture of Reliability, Security and Privacy

With cybersecurity making headline news more frequently, it is clear to see how any disruption has broad impact both for the affected businesses and their customers. Understanding that it’s no longer a matter of “if” your company will be compromised but “when” and “how”, Bret will examine how as security leaders we need to be arming our companies to detect, protect and respond more aggressively and with more sophistication than ever before.
Watch Now

6 Steps to Secure Your Organization from Cybersecurity Threats

PECB

This webinar will deliver exclusive information on the international best practices in securing the integrity of organizations from cyber-attacks. Get to know in details on how to apply proper security measures and secure your organization from cybersecurity threats.
Watch Now

Spotlight

A penetration test is often a key requirement for compliance with key regulations. But while many organizations know they need penetration testing, it can be hard to know how to fit them in to a larger security program, or even how to get started. Our whitepaper, "What is Penetration Testing? An Introduction for IT Managers," is a clear and succinct introduction to the core principles and best practices of penetration testing.

resources