Presentation is loading. Please wait.

Presentation is loading. Please wait.

Explaining Bitcoins will be the easy part: Email Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.

Similar presentations


Presentation on theme: "Explaining Bitcoins will be the easy part: Email Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer."— Presentation transcript:

1 Explaining Bitcoins will be the easy part: Email Borne Attacks and How You Can Defend Against Them
Karsten Chearis Sales Engineer

2 median time-to-open malicious email
1 minute 40 seconds median time-to-open malicious 1M 22 SECONDS THE MEDIAN TIME FOR SOMEONE TO CLICK on a phishing link That’s the Median, imagine what the lower outliers are. And.. 50% of those people who do click the link will do it within the first hour. Verizon 2016 Data Breach Investigations Report (DBIR)

3 91% of all incidents start with a phish
WHATS WORSE, WE KNOW… 95% For the purposes of this talk, we’ll use the phrase phish To mean spear-phishing, whaling and phishing But in a business context Wired 2015

4 Think Your Employees are Alert Enough to Stop Them?
The second layer of defense is employee awareness and vigilance. The aim here is to a create herd alertness in your organization. The intention is not to make everyone suspicious of everything, or make everyone a security pro, but make them alert enough to linger over a link or attachment. The Mimecast security awareness tools help in this mission to compliment the other tactics you should use like training and perhaps simulated exercises. Confidential |

5 You are susceptible to email-borne attacks if….
You use as a key business application You have certain letters in your domain name You accept resumes on your website You have a team of people in finance You have a profile Your life is deemed interesting enough to be on You run Windows…or any other OS You are susceptible to -borne attacks if….

6 How Do The Attackers Do It?

7 Do You Have a Page Like This On Your Website?
How do Attackers get their information? An easy way to find out about a company is visit their website. Most companies have information about their executive teams. What better way to entice a user to open an than having it look like it’s from the CEO, the CFO or some other senior leader? Remember that it only takes one employee to “click before they think” to compromise an entire organization.

8 SOC. ENG. THE NEW MALWARE-LESS DANGER.
Lifetime study, useful outside of work too. Train tickets. BUT Attackers know we have the technology. They know, we know their tactics So they try to stay ahead of us and our scanners. They’re increasingly turning to social engineering to exploit users. MAKING THEIR ATTACKS MALWARE-LESS AND HARDER TO DETECT Test your own staff. Social engineering toolkit by Dave kennedy.

9

10 Another way to gather information is to use a program that will harvest addresses. These are cheap and easy to use. Just type in a domain and you’ll get a list of addresses for that organization.

11 You don’t even need to know how to code… Crimeware as a Service - CaaS
Attackers don’t have to know how to code, they don’t even have to be smart. They can download TOX, a ransomware construction tool that provides an easy to use graphical interface that allows attackers to track how many folks have been infected and track the ransom paid

12 Cybercriminals Operate Like Any Other Business
If you’re an attacker and can code but don’t know how to evade sandbox detection, that’s not a problem there’s an online service that can help. FUD- fully undetectable crypting services uses obfuscation, encryption and code manipulation.

13 Occasionally the Attacks Hit the General Media
WannaCry? But usually they don’t If you’re an attacker and can code but don’t know how to evade sandbox detection, that’s not a problem there’s an online service that can help. FUD- fully undetectable crypting services uses obfuscation, encryption and code manipulation.

14 Real life examples with Email

15 Vector: Phishing attack with malicious URL Threat: Entering credentials Target: Random mass-mailing

16 Vector: Phishing with attachment Threat: Opening the document and activating malicious code Target: Targeted mailing

17 Business Email Compromise Whaling Wire transfer W-2 Fraud
Who Says Attacks Need to Involve Malware? Business Compromise Whaling Wire transfer W-2 Fraud These attacks are often called Business Compromise, wire transfer fraud, W-2 fraud or whaling What’s sets these attacks apart is that they don’t use malware to achieve their goal They rely purely on the power of social engineering and the inherent trust in Impersonation attacks are a huge threat because Traditional security systems like AV cannot detect this type of attack. Even solutions that scan URLs and detonates attachments in a sandbox are powerless in preventing these attacks Defending against these attacks requires specialised tools that monitor multiple indicators of potential compromise.

18 Vector: Spear phishing attack Threat: Impersonating senior staff Target: An employee with authority

19 Vector: Spear phishing attack Threat: Impersonating senior staff Target: An employee with authority

20 Vector: attack from the inside using a hacked account Threat: Impersonating employees Target: Spreading the attack internally

21 Are Users Part of the Solution or Part of the Problem?
The Compromised Insider The Careless Insider The Malicious Insider

22 Herd alertness helps, but…
The second layer of defense is employee awareness and vigilance. The aim here is to a create herd alertness in your organization. The intention is not to make everyone suspicious of everything, or make everyone a security pro, but make them alert enough to linger over a link or attachment. The Mimecast security awareness tools help in this mission to compliment the other tactics you should use like training and perhaps simulated exercises. Confidential |

23 Can we do more with technology? - YES!
Layer one is of course the technology Can we do more with technology? - YES! Confidential |

24 Mimecast Email Security Suite
Cyber Resiliency Mimecast Security Suite Secure Gateway - Anti-virus / malware - Anti-spam - Reputation analysis - Continuity - Independent Archive - Backup & Recovery Comprehensive protection, simply achieved in the cloud Targeted Threat Protection URL Attachment Impersonation Internal s

25 Confidential | Protect You need the technology that provides the best possible multi-layered protection Continue You need to continue to work while the issue is resolved Remediate You need to get back to the last known good state Cyber Resilience


Download ppt "Explaining Bitcoins will be the easy part: Email Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer."

Similar presentations


Ads by Google