*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Tara La Bouff, tara.labouff@iisp.gatech.edu, 404.769.5408
Summary Sentence: Meet students, academic and industry leaders for intimate discussions about new cyber threats, trends and technologies.
Full Summary: Terry Nelms, director of research at Pindrop, presents a study of social-engineering attacks that he conducted with professors at Georgia Tech and Georgia State University.
Cybersecurity Lecture Series
IISP logo
Terry NelmsThe weekly Cybersecurity Lecture Series is a free, open-to-the-public lecture from a thought leader who is advancing the field of information security and privacy. Invited speakers include executives and researchers from private companies, government agencies, start-up incubators as well as Georgia Tech faculty and students presenting their research.
Held weekly each Friday at Noon through Dec. 2, lectures are open to all -- students, faculty, industry, government, or simply the curious. Students may register for credit under seminar course CS-8001-INF.
Complimentary lunch provided for registered guests. Please bring your own beverage.
Sign up to receive future lecture announcements.
Most modern malware infections happen through the browser, typically as the result of a drive-by or social engineering attack. While there have been numerous studies on measuring and defending against drive-by downloads, little attention has been dedicated to studying social engineering attacks. In this talk, we present the first systematic study of web-based social engineering (SE) attacks that successfully lured users into downloading malicious and unwanted software. To conduct this study, we collected and reconstructed more than 2,000 examples of in-the- wild SE download attacks from live network traffic. Via a detailed analysis of these attacks, we attained the following results: (i) a categorization system to identify and organize the tactics typically employed by attackers to gain the user’s attention and deceive or persuade them into downloading malicious and unwanted applications; (ii) reconstruction of the web path followed by the victims and observation that a large fraction of SE download attacks are delivered via online advertisement, typically served from “low tier” ad networks; (iii) measurement of the characteristics of the network infrastructure used to deliver such attacks and uncover a number of features that can be leveraged to distinguish between SE and benign (or non-SE) software downloads.
BIO
Terry Nelms is a Director of Research at Pindrop, where he leads a team of applied researchers solving challenging problems in fraud detection and authentication. Prior joining Pindrop, he spent over a decade inventing, designing and developing protection technologies at ISS, IBM and Damballa. His research has produced new security products, patents and publications in top industry and academic conferences. Nelms holds a B.S. and M.S. in Information Systems and a Ph.D. in Computer Science from the Georgia Institute of Technology.
