Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
41 tokens/sec
GPT-4o
59 tokens/sec
Gemini 2.5 Pro Pro
41 tokens/sec
o3 Pro
7 tokens/sec
GPT-4.1 Pro
50 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Large Language Model Lateral Spear Phishing: A Comparative Study in Large-Scale Organizational Settings (2401.09727v1)

Published 18 Jan 2024 in cs.CR and cs.CL

Abstract: The critical threat of phishing emails has been further exacerbated by the potential of LLMs to generate highly targeted, personalized, and automated spear phishing attacks. Two critical problems concerning LLM-facilitated phishing require further investigation: 1) Existing studies on lateral phishing lack specific examination of LLM integration for large-scale attacks targeting the entire organization, and 2) Current anti-phishing infrastructure, despite its extensive development, lacks the capability to prevent LLM-generated attacks, potentially impacting both employees and IT security incident management. However, the execution of such investigative studies necessitates a real-world environment, one that functions during regular business operations and mirrors the complexity of a large organizational infrastructure. This setting must also offer the flexibility required to facilitate a diverse array of experimental conditions, particularly the incorporation of phishing emails crafted by LLMs. This study is a pioneering exploration into the use of LLMs for the creation of targeted lateral phishing emails, targeting a large tier 1 university's operation and workforce of approximately 9,000 individuals over an 11-month period. It also evaluates the capability of email filtering infrastructure to detect such LLM-generated phishing attempts, providing insights into their effectiveness and identifying potential areas for improvement. Based on our findings, we propose machine learning-based detection techniques for such emails to detect LLM-generated phishing emails that were missed by the existing infrastructure, with an F1-score of 98.96.

PDF HTML Abstract
Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize File Document Download Save Streamline Icon: https://streamlinehq.com PDF File Document Download Save Streamline Icon: https://streamlinehq.com Markdown Bookmark Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat (Pro)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (58)
  1. S. Gupta, A. Singhal, and A. Kapoor, “A literature survey on social engineering attacks: Phishing attack,” in 2016 international conference on computing, communication and automation (ICCCA).   IEEE, 2016, pp. 537–540.
  2. H. Aldawood and G. Skinner, “An academic review of current industrial and commercial cyber security social engineering solutions,” in Proceedings of the 3rd International Conference on Cryptography, Security and Privacy, 2019, pp. 110–115.
  3. H. Aldawood and G. Skinner, “Educating and raising awareness on cyber security social engineering: A literature review,” in 2018 IEEE international conference on teaching, assessment, and learning for engineering (TALE).   IEEE, 2018, pp. 62–68.
  4. A. Das, S. Baki, A. El Aassal, R. Verma, and A. Dunbar, “Sok: a comprehensive reexamination of phishing research from the security perspective,” IEEE Communications Surveys & Tutorials, vol. 22, no. 1, pp. 671–708, 2019.
  5. Z. ThreatLabz, “Zscaler threatlabz 2023 phishing report,” 2023.
  6. A. Bhadane and S. B. Mane, “Detecting lateral spear phishing attacks in organisations,” IET Information Security, vol. 13, no. 2, pp. 133–140, 2019.
  7. H. Touvron, L. Martin, K. Stone, P. Albert, A. Almahairi, Y. Babaei, N. Bashlykov, S. Batra, P. Bhargava, S. Bhosale et al., “Llama 2: Open foundation and fine-tuned chat models,” arXiv preprint arXiv:2307.09288, 2023.
  8. Z. Zhao, S. Song, B. Duah, J. Macbeth, S. Carter, M. P. Van, N. S. Bravo, M. Klenk, K. Sick, and A. L. Filipowicz, “More human than human: Llm-generated narratives outperform human-llm interleaved narratives,” in Proceedings of the 15th Conference on Creativity and Cognition, 2023, pp. 368–370.
  9. S. Herbold, A. Hautli-Janisz, U. Heuer, Z. Kikteva, and A. Trautsch, “A large-scale comparison of human-written versus chatgpt-generated essays,” Scientific Reports, vol. 13, no. 1, p. 18617, 2023.
  10. B. Bloomberg, “Cisco sees ai software making phishing attacks harder to resist,” https://www.bnnbloomberg.ca/cisco-sees-ai-software-making-phishing-attacks-harder-to-resist-1.1911618, 2023, accessed: December 4, 2023.
  11. Darktrace, “A ciso’s guide to email security,” accessed: December 4, 2023.
  12. J. Wang, T. Herath, R. Chen, A. Vishwanath, and H. R. Rao, “Research article phishing susceptibility: An investigation into the processing of a targeted spear phishing email,” IEEE transactions on professional communication, vol. 55, no. 4, pp. 345–362, 2012.
  13. G. Ho, A. Cidon, L. Gavish, M. Schweighauser, V. Paxson, S. Savage, G. M. Voelker, and D. Wagner, “Detecting and characterizing lateral phishing at scale,” in 28th USENIX Security Symposium (USENIX Security 19), 2019, pp. 1273–1290.
  14. D. Lain, K. Kostiainen, and S. Čapkun, “Phishing in organizations: Findings from a large-scale and long-term study,” in 2022 IEEE Symposium on Security and Privacy (SP).   IEEE, 2022, pp. 842–859.
  15. A. Oest, P. Zhang, B. Wardman, E. Nunes, J. Burgis, A. Zand, K. Thomas, A. Doupé, and G.-J. Ahn, “Sunrise to sunset: Analyzing the end-to-end life cycle and effectiveness of phishing attacks at scale,” in 29th {normal-{\{{USENIX}normal-}\}} Security Symposium ({normal-{\{{USENIX}normal-}\}} Security 20), 2020.
  16. A. Almomani, B. B. Gupta, S. Atawneh, A. Meulenberg, and E. Almomani, “A survey of phishing email filtering techniques,” IEEE communications surveys & tutorials, vol. 15, no. 4, pp. 2070–2090, 2013.
  17. R. Alabdan, “Phishing attacks survey: Types, vectors, and technical approaches,” Future internet, vol. 12, no. 10, p. 168, 2020.
  18. R. M. Mohammad, F. Thabtah, and L. McCluskey, “Intelligent rule-based phishing websites classification,” IET Information Security, vol. 8, no. 3, pp. 153–160, 2014.
  19. S. Purkait, “Phishing counter measures and their effectiveness–literature review,” Information Management & Computer Security, vol. 20, no. 5, pp. 382–420, 2012.
  20. N. Ayoobi, S. Shahriar, and A. Mukherjee, “The looming threat of fake and llm-generated linkedin profiles: Challenges and opportunities for detection and prevention,” in Proceedings of the 34th ACM Conference on Hypertext and Social Media, 2023, pp. 1–10.
  21. K. Thomas, F. Li, A. Zand, J. Barrett, J. Ranieri, L. Invernizzi, Y. Markov, O. Comanescu, V. Eranti, A. Moscicki et al., “Data breaches, phishing, or malware? understanding the risks of stolen credentials,” in Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, 2017, pp. 1421–1434.
  22. M. Bossetta, “The weaponization of social media: Spear phishing and cyberattacks on democracy,” Journal of international affairs, vol. 71, no. 1.5, pp. 97–106, 2018.
  23. M. Silic and A. Back, “The dark side of social networking sites: Understanding phishing risks,” Computers in Human Behavior, vol. 60, pp. 35–43, 2016.
  24. D. Hillman, Y. Harel, and E. Toch, “Evaluating organizational phishing awareness training on an enterprise scale,” Computers & Security, p. 103364, 2023.
  25. E. Derner, K. Batistič, J. Zahálka, and R. Babuška, “A security risk taxonomy for large language models,” arXiv preprint arXiv:2311.11415, 2023.
  26. B. Reinheimer, L. Aldag, P. Mayer, M. Mossano, R. Duezguen, B. Lofthouse, T. Von Landesberger, and M. Volkamer, “An investigation of phishing awareness and education over time: When and how to best remind users,” in Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020), 2020, pp. 259–284.
  27. M. Steves, K. Greene, and M. Theofanos, “Categorizing human phishing difficulty: a phish scale,” Journal of Cybersecurity, vol. 6, no. 1, p. tyaa009, 2020.
  28. B. Sabir, F. Ullah, M. A. Babar, and R. Gaire, “Machine learning for detecting data exfiltration: A review,” ACM Computing Surveys (CSUR), vol. 54, no. 3, pp. 1–47, 2021.
  29. F. Ullah, M. Edwards, R. Ramdhany, R. Chitchyan, M. A. Babar, and A. Rashid, “Data exfiltration: A review of external attack vectors and countermeasures,” Journal of Network and Computer Applications, vol. 101, pp. 18–54, 2018.
  30. B. Tejaswi, N. Samarasinghe, S. Pourali, M. Mannan, and A. Youssef, “Leaky kits: The increased risk of data exposure from phishing kits,” in 2022 APWG Symposium on Electronic Crime Research (eCrime).   IEEE, 2022, pp. 1–13.
  31. S. Chakraborty, “Phishing email detection,” 2023. [Online]. Available: https://www.kaggle.com/dsv/6090437
  32. “Vicuña 13b v1.5-16k,” Hugging Face Model Hub, 2023, available from: https://huggingface.co/lmsys/vicuna-13b-v1.5-16k [Accessed: 1st December 2023].
  33. L. Zheng, W.-L. Chiang, Y. Sheng, S. Zhuang, Z. Wu, Y. Zhuang, Z. Lin, Z. Li, D. Li, E. Xing et al., “Judging llm-as-a-judge with mt-bench and chatbot arena,” arXiv preprint arXiv:2306.05685, 2023.
  34. S. Zhang, L. Dong, X. Li, S. Zhang, X. Sun, S. Wang, J. Li, R. Hu, T. Zhang, F. Wu et al., “Instruction tuning for large language models: A survey,” arXiv preprint arXiv:2308.10792, 2023.
  35. J. Pu, Z. Sarwar, S. M. Abdullah, A. Rehman, Y. Kim, P. Bhattacharya, M. Javed, and B. Viswanath, “Deepfake text detection: Limitations and opportunities,” in 2023 IEEE Symposium on Security and Privacy (SP).   IEEE, 2023, pp. 1613–1630.
  36. A. Gokaslan and V. Cohen, “Openwebtext corpus,” http://Skylion007.github.io/OpenWebTextCorpus, 2019.
  37. R. Zellers, A. Holtzman, H. Rashkin, Y. Bisk, A. Farhadi, F. Roesner, and Y. Choi, “Defending against neural fake news,” Advances in neural information processing systems, vol. 32, 2019.
  38. “google/flan-t5-xl,” https://huggingface.co/google/flan-t5-xl, 2023.
  39. S. Yadav, B. Bohra et al., “A review on recent phishing attacks in internet,” in 2015 International Conference on Green Computing and Internet of Things (ICGCIoT).   IEEE, 2015, pp. 1312–1315.
  40. D. Pienta, J. B. Thatcher, and A. Johnston, “Protecting a whale in a sea of phish,” Journal of information technology, vol. 35, no. 3, pp. 214–231, 2020.
  41. A. Gusev, “Domestic private banking solutions can be quite successful as an effective protection against whaling-style cyber attacks which are used as a basis for more complex targeted phishing,” Procedia Computer Science, vol. 213, pp. 391–399, 2022.
  42. B. Bowman, C. Laprade, Y. Ji, and H. H. Huang, “Detecting lateral movement in enterprise computer networks with unsupervised graph {{\{{AI}}\}},” in 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), 2020, pp. 257–268.
  43. L. Nelson, R. Nairn, E. H. Chi, and G. Convertino, “Mail2tag: Augmenting email for sharing with implicit tag-based categorization,” in 2011 International Conference on Collaboration Technologies and Systems (CTS).   IEEE, 2011, pp. 23–30.
  44. Y. Koren, E. Liberty, Y. Maarek, and R. Sandler, “Automatically tagging email by leveraging other users’ folders,” in Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining, 2011, pp. 913–921.
  45. H. Shahbaznezhad, F. Kolini, and M. Rashidirad, “Employees’ behavior in phishing attacks: what individual, organizational, and technological factors matter?” Journal of Computer Information Systems, vol. 61, no. 6, pp. 539–550, 2021.
  46. M. Khonji, Y. Iraqi, and A. Jones, “Phishing detection: a literature survey,” IEEE Communications Surveys & Tutorials, vol. 15, no. 4, pp. 2091–2121, 2013.
  47. Z. Alkhalil, C. Hewage, L. Nawaf, and I. Khan, “Phishing attacks: A recent comprehensive study and a new anatomy,” Frontiers in Computer Science, vol. 3, p. 563060, 2021.
  48. R. Fatima, A. Yasin, L. Liu, and J. Wang, “How persuasive is a phishing email? a phishing game for phishing awareness,” Journal of Computer Security, vol. 27, no. 6, pp. 581–612, 2019.
  49. M. Pattinson, C. Jerram, K. Parsons, A. McCormac, and M. Butavicius, “Why do some people manage phishing e-mails better than others?” Information Management & Computer Security, vol. 20, no. 1, pp. 18–28, 2012.
  50. P. Rajivan and C. Gonzalez, “Creative persuasion: a study on adversarial behaviors and strategies in phishing attacks,” Frontiers in psychology, vol. 9, p. 135, 2018.
  51. B. Parmar, “Protecting against spear-phishing,” Computer Fraud & Security, vol. 2012, no. 1, pp. 8–11, 2012.
  52. Check Point Software Technologies Ltd., “Brand phishing report q3 2023,” https://www.checkpoint.com/press-releases/scammers-most-likely-to-impersonate-dhl-warns-new-brand-phishing-report/, September 2023.
  53. V. Secure, “Vade secure q3 2023 phishing and malware report,” https://www.vadesecure.com/en/blog/q3-2023-phishing-malware-report, September 26 2023.
  54. Barracuda Networks, Inc., “Spear phishing: Top threats and trends report 2022,” https://www.prnewswire.com/news-releases/new-spear-phishing-report-by-barracuda-shows-that-50-of-organizations-studied-were-victims-of-spear-phishing-in-2022-301832870.html, March 23 2022.
  55. K. Parsons, A. McCormac, M. Pattinson, M. Butavicius, and C. Jerram, “The design of phishing studies: Challenges for researchers,” Computers & Security, vol. 52, pp. 194–206, 2015.
  56. Google Cloud, “Google cloud cybersecurity forecast 2024,” Online, 2024. [Online]. Available: https://services.google.com/fh/files/misc/google-cloud-cybersecurity-forecast-2024.pdf
  57. J. Hazell, “Large language models can be used to effectively scale spear phishing campaigns,” arXiv preprint arXiv:2305.06972, 2023.
  58. M. Sharma, K. Singh, P. Aggarwal, and V. Dutt, “How well does gpt phish people? an investigation involving cognitive biases and feedback,” in 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).   IEEE, 2023, pp. 451–457.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (6)
  1. Mazal Bethany (8 papers)
  2. Athanasios Galiopoulos (1 paper)
  3. Emet Bethany (4 papers)
  4. Mohammad Bahrami Karkevandi (4 papers)
  5. Nishant Vishwamitra (13 papers)
  6. Peyman Najafirad (33 papers)
Citations (14)
View on Semantic Scholar