Attribution of Spear Phishing Attacks: A Literature Survey.

摘要

Spear phishing involves the use of social engineering and contextual information to entice a targeted victim into the unwitting leakage of sensitive information for purposes of identity crime or espionage. The high success rate together with the potential scale of damage caused by spear phishing attacks has motivated cyber researchers and practitioners to investigate more effective and strategic defensive, deterrent, and offensive mechanisms against spear phishers. Obviously, the practicability of any such defence mechanism depends on the extent to which a defender has knowledge of the adversary behind a spear phishing attack. This necessitates the defending party to perform attribution to identify the spear phisher and/or his/her accomplices. In this survey, I broadly define attribution of spear phishing as any attempt to infer the identity or characteristics of the source of the attack, which may include a machine, a human individual, or an organization. Though highly desirable, this attribution mission is a very challenging task. This survey represents an initial step in this direction. Ultimately, the survey aims to sketch the landscape of attribution methods pertaining to spear phishing, as well as to provide constructive remarks and relevant recommendations for an organization wishing to perform this attribution mission.