Using Big Data to Fight Phishing

How Data Mining Can Pinpoint the Spam in the Haystack

By , May 1, 2013.
Using Big Data to Fight Phishing
 

Listen Now

Read Transcript

Today's spear-phishing campaigns are localized, small and can slip through typical spam filters. As a result, detection practices have to evolve, says researcher Gary Warner of the University of Alabama at Birmingham.

"The important thing to realize is that the average attacker is going to keep coming back until that institution puts in an effective countermeasure," says Warner, director of research for computer forensics at the university. "So how do we learn from the past incidents? We have to log the data, analyze it and recognize the indicators."

Using so-called big data to develop phishing intelligence systems that can connect e-mail attacks to specific criminal activities and groups over time is a good way to thwart targeted schemes, Warner says during an interview with Information Security Media Group.

The university has created a database of 550,000 documented and confirmed phishing sites, Warner says. "If you understand how malware acts, with those command and control centers, that makes a difference in your ability to detect it and stop it."

Rather than relying on e-mail signatures to filter out spam, Warner says organizations should rely on the e-mail data and statistics they collect. "We need to do more proper analysis of the log data," he says.

Too many organizations, including financial institutions, have continued to rely on outmoded anti-phishing methods, such as end-user education, says Greg Coticchia, CEO of Malcovery Security, an anti-phishing technology company that was born out of Warner's research and spun off from the University of Alabama at Birmingham in December.

"People are really trying to rely on old ways of dealing with the problem," he says. "What we are really talking about here is the intersection of big data - collected data that we can take a look at ... to be able to find that needle in the haystack."

During this interview, Warner and Coticchia discuss:

  • Why standard countermeasures have proven ineffective at mitigating spear-phishing risks;
  • Why DMARC - the Domain-based Message Authentication, Reporting and Conformance initiative that aims to standardize how e-mail receivers perform e-mail authentication - will never be a silver-bullet; and
  • How disparate, siloed fraud-detection systems are preventing organizations from effectively sharing information

At UAB, Warner focuses on the problems faced by cybercrime investigators in law enforcement and elsewhere. He also serves as chief technologist at Malcovery. Earlier, Warner was IT director for a publicly traded energy company. For the past six years, he has been active in the FBI's InfraGard program; he has served as local chapter president, Southeast regional coordinator and on the national board. He also has served on the national board of the Energy ISAC and currently serves as a Microsoft Security MVP.

Coticchia has more than 25 years of experience in high-tech products and services. He previously served as CEO and co-founder of eBillingHub, now part of Thomson Reuters. He teaches business-to-business marketing and entrepreneurial leadership at the University Of Pittsburgh Katz School Of Business, and holds certificates in entrepreneurial management from Carnegie Mellon University and in professional coaching from Duquesne University.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Apple iOS Exploit Makes Apps Vulnerable

FireEye is warning Apple users about a flaw in which downloaded malicious apps can replace genuine...

Latest Tweets and Mentions

ARTICLE Apple iOS Exploit Makes Apps Vulnerable

FireEye is warning Apple users about a flaw in which downloaded malicious apps can replace genuine...

The ISMG Network