Anatomy of a Large Scale Email Attack Bob Adams - Cybersecurity Strategist

91% of all incidents start with a phish Wired

Countdown to a breach 100 Seconds median time-to-first-click* Verizon 2016 Data Breach Investigations Report (DBIR)

Targeted attacks are well researched Confidential |

Malware – Wreaking Havoc

Steals or encrypts data Deletes sensitive data Alters or hijacks core computing functions Unknowingly monitors users' activity

Ransomware – Holding Data Hostage

Malware Ransomware ‘as a business’ Ransomware = $1B “Business” in 2016 Malware Ransomware ‘as a business’

Source: F-Secure

“It takes an attacker longer to organize your data than it takes them to get it” -Bob Adams, Mimecast

Email Hunter Hacker’s Toolbox

Your Company Website & Email Hunter Your Executive Team Will Be Found Your Company Website & Email Hunter

Email Hunter Rapportive Rapportive

Email Hunter Rapportive FreeERISA Hacker’s Toolbox

What about other countries?

Real life examples with email

Vector: Phishing attack Threat: Password grab Target: Random mass-mailing

Vector: Phishing attack Threat: Password grab Target: Random mass-mailing

Vector: Phishing attack Threat: Password grab Target: Random mass-mailing

Vector: Phishing email with attachment Threat: Document with malicious code Target: Targeted mailing

Vector: Phishing email with attachment Threat: Document with malicious code Target: Targeted mailing

Vector: Phishing email with attachment Threat: Document with malicious code Target: Targeted mailing

Who Says Attacks Need to Involve Malware? Business Email Compromise Whaling Wire transfer or W-2/P60 Fraud

“…are also charging ransoms based on the number of hosts infected…suggested ransom amounts that vary depending on the geographic location of the victim.”

Vector: Spear phishing attack Threat: Impersonating senior staff Target: An employee with authority

Let’s examine this attack closer and how it could have been prevented by fixing the Human Firewall

Perform User Name Checks – Attackers Know Your Leadership Team And Will Impersonate Them! Remember: Everyone Is A Potential Target!!!

Check For Common Keywords Used By Attackers – e. g Check For Common Keywords Used By Attackers – e.g.: Wire Transfer, Wire Payment, W2, P60, etc

Check For Similar Domains – Not Your Spoofed Domain, But A Slight Variation

Examine the Domain Age – How often do you work with new domains?

Are Users part of the solution or part of the problem? Compromised Accounts Stolen User Credentials Utilize Corp Web mail to spread attack internally or externally to partners/customers Mimecast - First to Market delivering: Internal Email Protect Careless Users Sending sensitive data internally such as projects and PII “Oops, sent it to the wrong Michael…” Malicious Insiders Purposely distributing malware or malicious URLs

Can you confidently say you have done everything possible to protect your organization from cyberattacks? Do you have a Cyber Resilience Strategy in place?

Cyber Resilience Strategy Confidential | Protect You need the technology that provides the best possible multi-layered protection Continue You need to continue to work while the issue is resolved Remediate You need to get back to the last known good state Cyber Resilience Strategy

Our Next Steps Together Security Archiving Continuity Another Presentation: Who needs to hear this? Higher authority? Demo: Getting the technical teams together for a demo on how we help? Conversation Challenges Business drivers – internal and external

Email Security Risk Assessment

But if you just want the deck? Just lonely? Drop me a line at: badams@mimecast.com @IAmTheBobAdams