Facebook Awards $100K for Spear Phishing Security Research

Winning research paper details a new method for how to detect credential spear phishing in an enterprise environment.

Internet Defense Prize

Facebook awarded the fourth Internet Defense Prize at the USENIX Security Conference in Vancouver, Canada on Aug. 17, providing the winning research team with a $100,000 award.

The Internet Defense Prize got started in 2014 as an effort to help encourage and reward security researchers for investigating and developing new methods that can help improve internet security. For the 2017 prize, a team of security researchers from The University of California, Berkeley detailed a new approach to detecting credential spear phishing attacks. Spear phishing attacks, also sometimes referred to as 'whaling' involve a targeted fraudulent email that is sent to a specific individual with the goal of tricking the user into clicking on a link or opening an attachment.

"Our method uses features derived from an analysis of fundamental characteristics of spear phishing attacks, combined with a new non-parametric anomaly scoring technique for ranking alerts," the research abstract states. "We evaluate our technique on a multi-year dataset of over 370 million emails from a large enterprise with thousands of employees."

The method described by the researchers was able to detect two spear phishing attacks in the dataset that had been previously unknown, as well as six spear phishing attacks that were previously known. In a blog post, Facebook security researcher, Nektarios Leontiadis  stated that the winning research is important because spear phishing attacks have led to many information leaks in recent years. He noted that the winning research holds the potential to help reduce the volume of spear phishing compromises in the future.

"Secondly, the authors acknowledge and account for the cost of false positives in their detection methodology," Leontiadis wrote. "This is significant because it factors into the overhead cost and response time for incident response teams."

Though Facebook has funded the Internet Defense Prize, it's not entirely clear how or when the social networking giant will integrate the method from the winning 2017 spear phishing research into its operations.

"Facebook is always examining new security measures and practices, assessing how to best protect people," a Facebook spokesperson told eWEEK in an email.

Facebook has however successfully benefitted from past Internet Defense Prize research, which is one of the many reasons why the social networking site continues to fund the effort. During a keynote at the Black Hat USA security conference on July 26, Alex Stamos, Chief Security Officer (CSO) at Facebook announced $1 million in new funding to help encourage original research with the Internet Defense Prize. Stamos also provided insight into how past winning research has helped to positively influence Facebook's security.

The 2014 Internet Defense Prize winning research was for a paper on the detection of second order vulnerabilities of web apps using stack analysis that has had an impact on Facebook's security operations.

"This influenced how we built our internal static analysis tools that run on our code before it is pushed to production," Stamos said during his Black Hat USA keynote. Another paper proposed a post-quantum cryptosystem, which is the  type of research that needs to be done now, so when quantum computers become practical, people's information can still be kept secure, Stamos said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.