Security researchers conduct targeted phishing campaigns with neural network

Two researchers from the company ZeroFOX presented a way to conduct targeted phishing, or spear phishing, on Twitter at Black Hat. They use a tool based on a neural network.

The tool is called ‘snap_r’ and will be released by the researchers shortly. In their presentation they discussed the fact that phishing is currently largely automated, but that this is not the case for the targeted variant. However, criminals may soon be able to access machine learning, which is why they want to draw attention to this issue. Their tool targets ‘valuable’ Twitter users and sends a message based on previous tweets containing a malicious link.

The researchers chose Twitter because it has an API that can easily be used by a bot. In addition, the language is often short and a lot of use is made of link shorteners, so that malicious URLs can be hidden. Users on Twitter would also trust a message more quickly. The bot account must therefore itself have a credible profile and occasionally also send out tweets without links in it, so that Twitter does not impose a block.

The bot chooses its targets based on the number of posts and age of the account. It then searches the target’s profile information and tweets. Based on this data, the bot composes its own tweet based on a neural network, the content of which must match the interests or current topics of the target. In doing so, the tool takes into account the victim’s most active Twitter times in order to be as successful as possible. Training a neural network took about six days with more than 2 million tweets, according to the researchers.

You can also generate a message via Markov chains. This is much faster, but also results in lower quality content. Once a tweet has been created, it is provided with a shortened link to a malicious site, such as a fake login page or an exploit kit. In addition, the creators of the tool use the goo.gl service, because it also aims to shorten malicious links. In addition, it offers all kinds of analytics options.

During a test, the bot managed to reach 819 victims, of which 275 clicked on the provided link. They also had a human perform the same task, cutting and pasting messages. It reached 129 people in the same time, 49 of whom clicked on the link. However, the fact that Twitter was chosen for a proof of concept does not mean that the bot is only suitable for that. Any other social media site would be suitable for the tool.