|
Rapid advances in technology now enable simultaneous access to both telephony and Internet services from smart phone devices that people carry with them at all times. Although this convergence of telephony with the Internet offers many benefits, it also provides cyber criminals the ability to develop increasingly sophisticated attacks that combine resources from both the telephony and Internet channels. For instance, text messages containing Internet links can direct unsuspecting users to malicious websites, inexpensive or free voice services can be used to carry out phone fraud campaigns, and caller-ID spoofing and autodialing services can be used to make calls to launch large-scale attacks that are difficult to detect and trace. Such attacks often remain undetected for long periods of time, thus undermining the higher level of trust that has traditionally been associated with the telephony channel.
This project explores a ground-truth driven approach to study and understand cross-channel attacks that make use of both the Internet and telephony channels. A key goal is to expose any overlap in tactics and infrastructure used in cross-channel attacks with the extensively observed and studied Internet-only threats. Several data sources of cross-channel abuse are used in this study, including crowd-sourced intelligence and telephone-honeypot data. Much of the currently available telephony abuse information is unstructured and its accuracy or completeness is not known. The researchers are mining multiple sources of abuse information and introduce new methods to better understand, detect, and track attacks that are carried out across the telephony and Internet channels. The effectiveness of correlating threat intelligence available from each of these channels to improve defenses for both is also investigated. By studying the properties of the malicious infrastructure that facilitates cross-channel attacks, this project will enable both researchers and operational communities to gain increased situational awareness and develop techniques for mitigating and defending against this new class of threats.
|
TWC: Medium: Collaborative: Exposing and Mitigating Cross-Channel Attacks that Exploit the Convergence of Telephony and the Internet