Biblio

While advances in cyber-security defensive mechanisms have substantially prevented malware from penetrating into organizational Information Systems (IS) networks, organizational users have found themselves vulnerable to threats emanating from Advanced Persistent Threat (APT) vectors, mostly in the form of spear phishing. In this respect, the question of how an organizational user can differentiate between a genuine communication and a similar looking fraudulent communication in an email/APT threat vector remains a dilemma. Therefore, identifying and evaluating the APT vector attributes and assigning relative weights to them can assist the user to make a correct decision when confronted with a scenario that may be genuine or a malicious APT vector. In this respect, we propose an APT Decision Matrix model which can be used as a lens to build multiple APT threat vector scenarios to identify threat attributes and their weights, which can lead to systems compromise.

Phishing is one of the most dangerous information security threats present in the world today, with losses toping 5.9 billion dollars in 2013. Evolving from the original concept of phishing, spear phishing also attempts to scam individuals online, however it uses personalized mail to yield a far higher success rate. This paper suggests an increased threat of spear phishing success due to the presence of social media. Assessing this new threat is important not only to the individuals, but also to companies whose employees may specifically be targeted through their social media accounts. The paper presents the design and implementation of an architecture to determine phishing susceptibility of a user through their social media accounts, and methods to reduce the threat. Preliminary testing shows that social media provides a publicly accessible resource to assess targeted individuals for phishing attacks through their accounts.