Techniques for predicting and protecting spearphishing targets

US 10,069,862 B2
Filed: 03/15/2013
Issued: 09/04/2018
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A system for predicting and protecting spearphishing targets comprising:

one or more hardware computer processors communicatively coupled to a network,wherein the one or more processors are configured to;

perform at least one first automated internet search for public information associated with an organization;

perform at least one second automated internet search for individuals associated with the organization, wherein the public information associated with the organization is different from the individuals associated with the organization;

generate a list of individuals associated with the organization based on the at least one second automated internet search;

predict one or more individuals that are potential spearphishing targets, wherein the predicting the one or more individuals that are potential spearfishing targets comprises performing at least one third automated internet search based on a result of the at least one first automated search, the list of individuals associated with the organization from the at least one second automated internet search, and using predetermined confidential information associated with the organization;

perform at least one fourth automated internet search for additional information associated with the one or more individuals that are potential spearphishing targets and the organization from publicly available sources, wherein the publicly available sources comprises professional and social networking sites associated with the one or more individuals that are potential spearphishing targets;

prior to initiation of a spearphishing attack targeting the one or more individuals, take one or more actions to preempt a spearphishing attack before it occurs, whereby the one or more processors are configured to;

determine a threat level of a potential spearphishing attack on the one or more individuals that are potential spearphishing targets based on a level of publicly available information and the additional information; and

generate a report of the one or more individuals that are potential spearphishing targets and the threat level associated with the one or more individuals that are potential spearphishing targets; and

implement at least one security measure to protect against a spearphishing attack, wherein implementing the at least one security measure comprises removing information from one or more websites, such that an attacker does not identify the one or more individuals as a potential target.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for predicting and protecting spearphishing targets are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for predicting and protecting spearphishing targets. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify one or more potential spearphishing targets based on information from an organization, receive additional information associated with the one or more potential spearphishing targets and the organization from publicly available sources, determine a threat level of a spearphishing attack on the one or more potential spearphishing targets based on the information from the organization and the additional information, and generate a report of the one or more potential spearphishing targets and the threat level associated with the one or more potential spearphishing targets.

15 Citations

14 Claims

1. A system for predicting and protecting spearphishing targets comprising:
- one or more hardware computer processors communicatively coupled to a network,wherein the one or more processors are configured to;
  
  perform at least one first automated internet search for public information associated with an organization;
  
  perform at least one second automated internet search for individuals associated with the organization, wherein the public information associated with the organization is different from the individuals associated with the organization;
  
  generate a list of individuals associated with the organization based on the at least one second automated internet search;
  
  predict one or more individuals that are potential spearphishing targets, wherein the predicting the one or more individuals that are potential spearfishing targets comprises performing at least one third automated internet search based on a result of the at least one first automated search, the list of individuals associated with the organization from the at least one second automated internet search, and using predetermined confidential information associated with the organization;
  
  perform at least one fourth automated internet search for additional information associated with the one or more individuals that are potential spearphishing targets and the organization from publicly available sources, wherein the publicly available sources comprises professional and social networking sites associated with the one or more individuals that are potential spearphishing targets;
  
  prior to initiation of a spearphishing attack targeting the one or more individuals, take one or more actions to preempt a spearphishing attack before it occurs, whereby the one or more processors are configured to;
  
  determine a threat level of a potential spearphishing attack on the one or more individuals that are potential spearphishing targets based on a level of publicly available information and the additional information; and
  
  generate a report of the one or more individuals that are potential spearphishing targets and the threat level associated with the one or more individuals that are potential spearphishing targets; and
  
  implement at least one security measure to protect against a spearphishing attack, wherein implementing the at least one security measure comprises removing information from one or more websites, such that an attacker does not identify the one or more individuals as a potential target.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the list of individuals comprises a list of employees, contractors, and consultants associated with the organization.
  - 3. The system of claim 1, wherein the additional information comprises at least one of profile information associated with the one or more individuals that are potential targets, information from a website associated with the organization, and information from the professional and social networking sites.
  - 4. The system of claim 1, wherein the threat level of the spearphishing attack is ranked according to organizational security interests and preferences.
  - 5. The system of claim 1, wherein implementing the at least one security measure comprises enhancing a security posture of the one or more individuals that are potential spearphishing targets, wherein enhancing a security posture comprises at least one of requiring additional authentication factors, providing security monitoring, and limiting functionality of devices or machines associated with the one or more individuals that are potential spearphishing targets.

6. A method for predicting and protecting spearphishing targets comprising:
- performing at least one first automated internet search for public information associated with an organization;
  
  performing at least one second automated internet search for individuals associated with the organization, wherein the public information associated with the organization is different from the individuals associated with the organization;
  
  generating a list of individuals associated with the organization based on the at least one second automated internet search;
  
  predicting, using at least one hardware computer processor, one or more individuals that are potential spearphishing targets, wherein the predicting the one or more individuals that are potential spearfishing targets comprises performing at least one third automated internet search based on a result of the at least one first automated search, the list of individuals associated with the organization from the at least one second automated internet search, and using predetermined confidential information associated with the organization;
  
  performing at least one fourth automated internet search for additional information associated with the one or more individuals that are potential spearphishing targets and the organization from publicly available sources, wherein the publicly available sources comprises professional and social networking sites associated with the one or more individuals that are potential spearphishing targets;
  
  prior to initiation of a spearphishing attack targeting the one or more individuals take one or more actions to preempt a spearphishing attack before it occurs, said one or more actions comprising;
  
  determining a threat level of a potential spearphishing attack on the one or more individuals that are potential spearphishing targets based on a level of publicly available information and the additional information; and
  
  generating a report of the one or more individuals that are potential spearphishing targets and the threat level associated with the one or more individuals that are potential spearphishing targets andimplementing at least one security measure to protect against a spearphishing attack, wherein implementing the at least one security measure comprises removing information from one or more websites, such that an attacker does not identify the one or more individuals as a potential target.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method of claim 6, wherein the list of individuals comprises a list of employees, contractors, and consultants associated with the organization.
  - 8. The method of claim 6, wherein the additional information comprises at least one of profile information associated with the one or more individuals that are potential targets, information from a website associated with the organization, and information from the professional and social networking sites.
  - 9. The method of claim 6, wherein the threat level of the spearphishing attack is ranked according to organizational security interests and preferences.
  - 10. The method of claim 6, wherein implementing the at least one security measure comprises enhancing a security posture of the one or more individuals that are potential spearphishing targets, wherein enhancing a security posture comprises at least one of requiring additional authentication factors, providing security monitoring, and limiting functionality of devices or machines associated with the one or more individuals that are potential spearphishing targets.
  - 11. A non-transitory computer-readable storage medium storing a computer program of instructions configured to be readable by at least one computer processor for instructing the at least one computer processor to execute a computer process for performing the method of claim 6.

12. A system for predicting and protecting spearphishing targets comprising:
- one or more hardware computer processors communicatively coupled to a network, wherein the one or more processors are configured to;
  
  perform at least one first automated internet search for public information associated with an organization;
  
  perform at least one second automated internet search for individuals associated with the organization, wherein the public information associated with the organization is different from the individuals associated with the organization;
  
  generate a list of individuals associated with the organization based on the at least one second automated internet search;
  
  identify new information of interest associated with the organization based on one or more automated third internet searches based on a result of the at least one first automated search, the list of individuals associated with the organization from the at least one second automated internet search, and using confidential predetermined information associated with the organization;
  
  predict one or more potential individuals that are spearphishing targets associated with the organization based on the new information of interest;
  
  perform at least one fourth automated internet search for additional information associated with the one or more individuals that are potential spearphishing targets and the organization from publicly available sources, wherein the publicly available sources comprises professional and social networking sites associated with the one or more individuals that are potential spearphishing targets;
  
  prior to initiation of a spearphishing attack targeting the one or more individuals, take one or more actions to preempt a spearphishing attack before it occurs, whereby the one or more processors are configured to;
  
  determine a threat level of a potential spearphishing attack on the one or more individuals that are potential spearphishing targets based on a level of publicly available information and the additional information; and
  
  generate a report of the one or more individuals that are potential spearphishing targets to protect against spearphishing attacks; and
  
  implement at least one security measure to protect against a spearphishing attack, wherein implementing the at least one security measure comprises removing information from one or more websites, such that an attacker does not identify the one or more individuals as a potential target.
- View Dependent Claims (13, 14)
- - 13. The system of claim 12, wherein the new information of interest associated with an organization comprises at least one of a product line information, a press release, organization sector information, current world news, information associated with recent domestic or international security breaches, merger information, organization rumors, and organizational announcements.
  - 14. The system of claim 12, wherein the additional information comprises profile information received from at least one of the professional and social networking sites, an organization'"'"'s web site, or a third party data source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Sawhney, Sanjay, Roundy, Kevin Alejandro
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
Farooqui, Quazi

Application Number

US13/840,920
Publication Number

US 20140283035A1
Time in Patent Office

1,999 Days
Field of Search

726 1, 726 22- 25, 713168-176, 713182-186, 713202
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

Techniques for predicting and protecting spearphishing targets

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for predicting and protecting spearphishing targets

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links