Explaining Bitcoins will be the easy part: Email Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing
91% of all incidents start with a phish WHATS WORSE, WE KNOW… 95% For the purposes of this talk, we’ll use the phrase phish To mean spear-phishing, whaling and phishing But in a business context Wired 2015
Think Your Employees are Alert Enough to Stop Them? The second layer of defense is employee awareness and vigilance. The aim here is to a create herd alertness in your organization. The intention is not to make everyone suspicious of everything, or make everyone a security pro, but make them alert enough to linger over a link or attachment. The Mimecast security awareness tools help in this mission to compliment the other tactics you should use like training and perhaps simulated exercises. Confidential |
a phish: median time-to-first-click 1 minute 22 seconds a phish: median time-to-first-click 1M 22 SECONDS THE MEDIAN TIME FOR SOMEONE TO CLICK on a phishing link That’s the Median, imagine what the lower outliers are. And.. 50% of those people who do click the link will do it within the first hour. Verizon 2015 Data Breach Investigations Report (DBIR)
How Do The Attackers Do It?
Do You Have a Page Like This On Your Website? How do Attackers get their information? An easy way to find out about a company is visit their website. Most companies have information about their executive teams. What better way to entice a user to open an email than having it look like it’s from the CEO, the CFO or some other senior leader? Remember that it only takes one employee to “click before they think” to compromise an entire organization.
SOC. ENG. THE NEW MALWARE-LESS DANGER. Lifetime study, useful outside of work too. Train tickets. BUT Attackers know we have the technology. They know, we know their tactics So they try to stay ahead of us and our scanners. They’re increasingly turning to social engineering to exploit users. MAKING THEIR ATTACKS MALWARE-LESS AND HARDER TO DETECT Test your own staff. Social engineering toolkit by Dave kennedy.
You are susceptible to email-borne attacks if…. You have certain letters in your domain name You accept resumes on your website You have a team of people in finance You have a profile Your life is deemed interesting enough to be on You are susceptible to email-borne attacks if….
Another way to gather information is to use a program that will harvest email addresses. These are cheap and easy to use. Just type in a domain and you’ll get a list of email addresses for that organization.
You don’t even need to know how to code Attackers don’t have to know how to code, they don’t even have to be smart. They can download TOX, a ransomware construction tool that provides an easy to use graphical interface that allows attackers to track how many folks have been infected and track the ransom paid Source: Forbes.com - "Ransomware As A Service Being Offered For $39 On The Dark Net" 7/15/16
FUD (Fully Undetectable) Crypting Services to avoid AV detection If you’re an attacker and can code but don’t know how to evade sandbox detection, that’s not a problem there’s an online service that can help. FUD- fully undetectable crypting services uses obfuscation, encryption and code manipulation.
Real life examples
Vector: Phishing attack with malicious URL Threat: Entering credentials Target: Random mass-mailing
Vector: Phishing email with attachment Threat: Opening the document and activating malicious code Target: Targeted mailing
Business Email Compromise Whaling Wire transfer W-2 Fraud Who Says Attacks Need to Involve Malware? Business Email Compromise Whaling Wire transfer W-2 Fraud These attacks are often called Business Email Compromise, wire transfer fraud, W-2 fraud or whaling What’s sets these attacks apart is that they don’t use malware to achieve their goal They rely purely on the power of social engineering and the inherent trust in email Impersonation attacks are a huge threat because Traditional security systems like AV cannot detect this type of attack. Even solutions that scan URLs and detonates attachments in a sandbox are powerless in preventing these attacks Defending against these attacks requires specialised tools that monitor multiple indicators of potential compromise.
Vector: Spear phishing attack Threat: Impersonating senior staff Target: An employee with authority
Vector: Spear phishing attack Threat: Impersonating senior staff Target: An employee with authority
Herd alertness helps, but… The second layer of defense is employee awareness and vigilance. The aim here is to a create herd alertness in your organization. The intention is not to make everyone suspicious of everything, or make everyone a security pro, but make them alert enough to linger over a link or attachment. The Mimecast security awareness tools help in this mission to compliment the other tactics you should use like training and perhaps simulated exercises. Confidential |
Are Users Part of the Solution or Part of the Problem? The Compromised Insider The Careless Insider The Malicious Insider
Can we do more with technology? - YES! Layer one is of course the technology Can we do more with technology? - YES! Confidential |
Mimecast Cloud Service Inspects >650M Inbound, Outbound, & Internal Emails/Day for Both Opportunistic & Targeted Attacks
Confidential | Protect You need the technology that provides the best possible multi-layered protection Continue You need to continue to work while the issue is resolved Remediate You need to get back to the last known good state Cyber Resilience