Under Cyberattack: UH Researchers Look at How to Catch a ‘Phisher’

by Sara Tubbs, University of Houston News

As cybersecurity experts scramble to stop another wave of ransomware and malware scams that have infected computers around the world, computer science experts at the University of Houston are “phishing” for reasons why these types of attacks are so successful.

Researchers at the University of Houston are studying why phishing attacks in an attempt to develop the next generation of email filters to better identify and defend against this type of cyberattack.

Computer science professors Rakesh Verma, Arjun Mukherjee, Omprakash Gnawali and doctoral student Shahryar Baki used publicly available emails from Hillary Clinton and Sarah Palin as they looked for characteristics of phishing emails and traits of the email users to determine what factors contribute to successful attacks. They also employed natural-language generation to create fake phishing emails from real emails, a tactic often used by hackers to execute “masquerade attacks,” in which they pretend to be authorized users of a system by replicating the writing styles of the compromised account.

The study found only 52 percent of volunteer email users accurately detected the real emails.

“Our study offers ideas on how to improve IT training,” Verma said. “You can also generate these emails and then subject the phishing detectors to those kind of emails as a way to improve the detectors’ ability to identify new attacks.”

In the case of the recent Google Docs attack, Verma says people fell for the scam because they trust Google. When users opened the given URL, they were sent to a permissions page and hackers got control of their emails, contacts and potentially their personal information. Google stopped the scam, removed the fake pages and disabled offending accounts. Verma said a real Google Docs application will generally not ask for permission to access your contacts or read your emails.

The “WannaCry” ransomware attack that has hit banks, hospitals and government agencies around the globe is also spread through email phishing and can be spread through the Google Doc-type “worm” as well.

The researchers presented their findings last month at the ACM Asia Conference on Computer and Communications Security (ASIACCS 2017) in the United Arab Emirates.  Read the report.