#infosec #cybercrime #phishing #soc #threatIntel #fedi22| Academic site | https://lallodi.github.io/ |
| Employer | https://www.TUe.nl |
| https://www.linkedin.com/in/lallodi/ | |
| Publications | https://scholar.google.com/citations?user=aHbp3AQAAAAJ&hl=en&oi=ao |
| https://twitter.com/securescientist |
A proper #introduction. Will reboost periodically with new updates or new incoming waves from the birdsite.
I am faculty at TU Eindhoven in the Netherlands 🇳🇱 (group's website: http://security1.win.tue.nl/). I am interested in studying emergent #cyberthreats and attack innovation (from #malware to #socialEngineering), and how to integrate this into our defenses. I am the scientific director of the ESH-Security Operation Center (our own commercial #SOC, https://www.eindhovensecurityhub.nl; one day I'll make a thread about that).
Below and in the thumbnails some highlights from our recent work, to give you an idea of what we do. For more details/published work see my website: https://lallodi.github.io, or reach out to me here.
#cybercrime: our key questions in this area aim at understanding *which crime communities are capable of delivering innovative attack technology/business models* (i.e. how to distinguish communities producing #CTI signals from those producing CTI noise, see 🔗 https://michelecampobasso.github.io/whitepapers/2021-03-01-proliferation-primer for a good summary of the problem space). We infiltrate prominent markets to understand social dynamics and economic incentives supporting fair trade (without which you only get scammers scamming wanna-be-scammers). Doing so we identify emergent, scalable, innovative threats. IMPersonation-as-a-Service (IMPaaS) is a good recent example of a criminal service solving long-standing attacker problems with credentials monetization, re-use of stolen resources, and technological implementation. Details + link to paper 🔗 https://michelecampobasso.github.io/publication/2020-11-10-impaas; another example is work on vulnerability & exploit economics 🔗 https://dl.acm.org/doi/abs/10.1145/3133956.3133960. 🔥 More coming soon 🔥
#phishing: we are interested in targeted phishing attacks. Tech filters aren't working, and attacks are too fast for blacklisting to work. Our take is that we need to focus on organizations' internal processes and instrument users with heuristic-based tooling to make informed decisions. Examples? With @pavlo we built a cognition model to characterise advanced attacks (🔗 https://ieeexplore.ieee.org/document/9583678, and "incidentally" unveiled the *huge* gap that exists in the scientific literature on our understanding of SE attacks 🔗https://lallodi.github.io/publications/Cognitive_SLR.pdf), ran experiments to test tailoring effects on attack success (🔗 https://dl.acm.org/doi/10.1145/3407023.3409178), and evaluated the effects of human characteristics on intention to report (to appear). We also have fun building tools both for attack simulations and for defense. More recent work on this on @pavlo's website: https://pburda.win.tue.nl. Another honourable mention for the work of Amber van der Heijden, a former student of mine, who used notions from cognitive psychology to figure out which phishing attacks should be first responded to (🔗 https://www.usenix.org/system/files/sec19-van_der_heijden.pdf). 🔥 More coming soon 🔥
#soc: I'll dive into this more in detail the future, for the moment I want to mention SAIBERSOC, a tool we developed to inject attacks in monitored networks with the goal of testing the performance of a SOC. The tool uses so-called "attack traces", representing different phases of an attack, to generate attacks to inject. The tool is freely available. Paper here 🔗 https://dl.acm.org/doi/abs/10.1145/3427228.3427233. 🔥 (Much) more coming soon 🔥
