CHAPTER ONE: THE SPIKE IN PHISHING AMID THE COVID-19 PANDEMIC
Key terms for this chapter
ā¢ Authentication: Verifying the identity of a user or process
ā¢ Authority: A sense of having or being in a position of control
ā¢ Chaos theory: An interdisciplinary theory stating that within the apparent randomness of chaotic complex systems, there are underlying patterns, interconnectedness, constant feedback loops, repetition, self-similarity, fractals, and self-organization
ā¢ Initial condition: A value of an evolving variable at some point in time designated as the initial time
ā¢ Mail headers: In an email, the body (content text) is always preceded by header lines that identify particular routing information of the message, including the sender, recipient, date, and subject
ā¢ PHI: Private health information
ā¢ Phishing: The fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, and credit card details, by disguising oneself as a trustworthy entity in an electronic communication. Examples include:
Ā° Email phishing ā Using email to extract personal information from a target
Ā° Spear phishing ā Attempting to extract personal information by targeting specific individuals
Ā° Whaling ā Attempting to extract personal information by targeting specific high-end individuals
Ā° Smishing ā Phishing via SMS/text message
Ā° Vishing ā Phishing via telephone
Ā° Angler phishing ā Phishing using social media
ā¢ Urgency: Importance requiring swift action
ā¢ Verification: The process of establishing the truth, accuracy, or validity of something
Phishing is of great concern in the public and private sectors all over the world. Recent examples include the COVID-19-related cyber attack that struck the United States Department of Health and Human Services; the email-detonated ransomware that prevented medical staff from accessing patient records,4 which in turn led to an increase in heart attack fatalities; and the 2020 Iranian CARROTBALL malware campaign that spread via spear phishing.5 Both the public and private sectors experienced a doubling of attempted phishing attacks in 2020. There needs to be an increasing emphasis on user security awareness training, examining the technical means of users in at-risk industries.6 As health care continues to represent the largest at-risk sector for cyber attacks in the US, government health agencies face a significant threat as holders of private health information. Malicious, foreign actors, as well as domestic attackers, desire access to this information to sell on the Internetās underbelly, known as the dark web.7 Whereas previous research on phishing has focused on attacker persuasion methods, such as fear and urgency, and user responses to said methods, this book will focus on expanding usersā knowledge of and tendency to verify email sender legitimacy in order to prevent successful phishing attacks.
This chapter will utilize chaos theoryās argument involving the order existent in apparent randomness to analyze how insufficient user technical awareness could contribute to successful phishing attacks. Although other research has assessed chaos theory applications to various phishing attack methods, this book adopts this general theory to distinguish whether attacker methods or user knowledge and wherewithal account for the majority of successful phishing attempts. Thus, this book expands upon existing phishing research by investigating the following two factors:
1. User awareness regarding email header verification techniques
2. User tendency to verify email headers for signs of spoof8
If user knowledge of email header verification techniques leads to a decreased risk of engaging with a malicious email, this bookās hypothesis holds, that users who are more knowledgeable about header verification will be less susceptible to emotionally persuasive phishing methods.
Chapter 2 explores the impact of federal health careās employee awareness regarding email sender verification looking at the following areas:
a) The risk of phishing to federal health care agencies
b) Machine learning tools for phishing prevention
c) Persuasive factors used in phishing attacks
d) User awareness of email legitimacy verification techniques
e) Applications of chaos theory in cyber threat mitigation, including phishing attacks
Chaos theory in cyber threat mitigation
Although renowned for its association with the infamous butterfly effect,9 as well as various applications within mathematics and theoretical physics, chaos theory initially emerged as a distinct branch of discrete mathematics that explores the multiple outcomes and effects a system can experience and produce as a sum of different inputs. First posited by French polymath Henri PoincarĆ©, chaos theory holds that, although a system may appear chaotic upon first glance, its functions and products actually result from a multitude of factors that can continue to predict the systemās output for a variable length of time.
In summary, a multitude of disciplines involve systems that, despite apparent randomness, adhere to an initial set of conditions. In addition to mathematics and astrophysics, chaos theory has been applied in psychology, economics, and even to the weather. Following the discovery of chaos theory, American mathematician Edward Lorenz postulated the concept of attractors, or a set of numerical values toward which a system evolves for a wide variety of starting conditions.
For instance, nonlinear phenomena, such as those present in dynamical systems across physics and engineering, typically find expression in quadratic equations with foundations originally established by Lorenz. Because of the dimensions of three or more, chaotic systems become increasingly more challenging to detect patterns. For this reason, scientists from multiple disciplines have sought to identify a method to the madness. Ultimately, the chaos begins to clear once a pattern is determined. Historically, such patterns ā called bifurcations ā have emerged in the form of the swing of a pendulum and the brushless DC motor system, among other systems.
More recently, chaos theory has found relevance in various sectors of computer science and information technology, such as cybersecurity. Given the unpredictability of phishing techniques and user response, the application of cybersecurity could benefit security researchers in identifying patterns to make sense of which persuasion methods work best.
Another application of chaos theory within information security involves detecting patterns in authentication and cryptographic processes. Because of the inherent similarity between chaotic systems and the randomness of cryptographic keys used to secure private communications online, chaos theory has been used to assess the effectiveness of phishing attack detection. These methods are utilized to analyze both the specifics of these attacks as well as the systems already in place to help prevent phishing. In that sense, we can tackle the challenge of phishing by considering patterns used by attackers as well as the effectiveness of security controls, such as data loss prevention applications for email, such as Proofpoint.10
This investigation begins by examining the process of a generic phishing attack, including:
1) A fraudulent website that resembles a real website
2) Attacker sends a link to the fraudulent website
3) Victim inputs personal information on a malicious landing page, such as a fake Office365 login page credential harvester
4) Attacker abducts victim credentials
The monitoring process noted above can help researchers study how a phishing attack takes place, particularly regarding how target users respond at certain stages of the attack.
The application of chaos theory to the assessment of phishing attacks
In the area of phishing, the āTools for Investigating the Phishing Attacks Dynamicsā study used the website PhishTank to pull data for analyzing the number of recorded phishing websites and historical attacks.11
Additionally, the number of attacks per given period of time were assessed, in particular the quantity of daily attacks within one month.
The study worked on the following assumptions:
āa) A system is steady if the observed deviations from a linear trajectory remain small
b) A system is unstable when a sharp change in behavior from the baseline trajectory occursā12
In this specific study, the rate of verified attacks proved highly similar to suspected attacks, thus indicating the effectiveness of phishing attack prediction.
Although the previous applications demonstrate the usefulness of chaotic systems across various facets of cybersecurity and even phishing detection specifically, existing research has yet to explore the role of user awareness versus the effectiveness of phishing attack methods through the lens of chaos theory. Therefore, we will explore this approach to investigate the role of persuasive attack methods versus levels of user technical knowledge of email sender verification tactics in terms of the impact of successful p...