Annual Computer Security Applications Conference (ACSAC) 2021

Full Program »

Detecting and Characterizing SMS Spearphising Attacks

Although spearphishing is a well-known security issue and has been widely researched, it is still an evolving threat with emerging forms. In recent years, Short Message Service (SMS) has been revealed as a new distribution channel for spearphishing messages, which already has caused a serious impact in the real world, but has not yet attracted enough attention from the academic community. In this paper, we report the first systemic study to spotlight this emerging threat, SMS spearphishing attack. Through cooperating with a leading security vendor, we obtain 31M real-world spam messages that span three months. We design and implement a novel NLP-based detection algorithm, and uncover 90,801 spearphishing messages on the entire dataset. And then, a large-scale measurement was performed on the detected messages to reveal and understand the characteristics of SMS spearphishing attack. Our findings are multi-fold. We discover that SMS spearphishing has a significant negative impact on the real-world, and a large number of victims have been affected. And the distribution of active illicit types between spearphishing message and common spam is quite inconsistent. At the micro-level, to evade detection and increase the probability of success, adversary campaigns have evolved a set of sophisticated strategies. Our research highlights the impact of SMS spearphishing attack is prominent. We call on different community to work together to mitigate this emerging security threat.

Mingxuan Liu
Tsinghua University

Yiming Zhang
Tsinghua University

Baojun Liu
Tsinghua University

Zhou Li
University of California, Irvine

Haixin Duan
Tsinghua University; QI-ANXIN Technology Research Institute; Beijing National Research Center for Information Science and Technology; Peng Cheng Labor

Donghong Sun
Tsinghua University

Paper (ACM DL)

Slides

Video

 



Powered by OpenConf®
Copyright©2002-2021 Zakon Group LLC