Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phishing, Spear Phishing, and what to do about it.

Published byWinfred Russell Modified over 6 years ago

Similar presentations

Presentation on theme: "Phishing, Spear Phishing, and what to do about it."— Presentation transcript:

1 Phishing, Spear Phishing, and what to do about it.
Mark Berman | Angelo Santabarbara March 13, 2013 What Are We DOING About it? Technical Solutions, Timely Notifications, & Awareness Training Abstract There has been a dramatic increase in phishing and other hacker attacks this year. Many in our communities have fallen prey to identity theft attacks, have had their accounts compromised, or have been tricked into downloading malware onto their machines, which has spurred a great deal of discussion among security professionals trying to figure out how to handle the problem. Siena College has taken a multipronged strategy, educational as well as technical. This session will present Siena's approach, detail how successful we have been, and survey approaches used by other institutions. Traditional Phishing Response/Prevention Not proactive Collected phishing samples, analyzed, blocked at firewall by blocking domain/site (such as Google form) Monitored queues for suspicious activities to identify compromised accounts to disable Notify user and informally educate user on prevention RESULT: Number of compromised accounts continued to grow and hit an all time high in September Sophisticated spear phishing attacks were harder for users to identify as malicious content and increasing in number. Evolving Phishing Response/Prevention Main Objectives Formal notifications and preliminary education Proactive technical prevention Participation in phishing identification systems to bring known phishing attacks to light in the security community Education during detected/intercepted activity Formal education requirement for re-enabling compromised accounts Proactive Technical Prevention Update DNS forwarders on Active Directory DNS servers to OpenDNS Blocks known phishing hosts, botnets, and typosquatters at no cost based on constantly updated security community definitions as well as community driven PhishTank service. Faster DNS response than most ISP DNS servers Customizable intercept pages Reporting on DNS requests, phishing requests, and botnet requests OpenDNS is the largest and most reliable recursive DNS service available providing a better Internet experience to more than 50 million Internet users around the world. Utilize new methodologies to eradicate malware, botnets and phishing through DNS, and use the system to intelligently route our users around it. OpenDNS uses PhishTank to identify phishing sites. Participation in Phishing Identification Process in place for help desk and system admins to report phishing/spear phishing attacks to PhishTank and Google’s Report Phishing PhishTank is community driven and used by many of the biggest security providers as well as OpenDNS Having multiple reports and verification of phishing sites aids in getting phishing sites blocked and taken offline Reporting to Google will increase timely marking of delivered phishing s to be labeled as such in Gmail.

2 Phishing, Spear Phishing, and what to do about it.
Mark Berman | Angelo Santabarbara March 13, 2013 Education During Phishing Activity In the event the user falls for a phishing scam and that phishing site is blocked by OpenDNS: Utilize custom page to also educate about what was blocked Provide ITS help desk contact information for concerned user assistance/clarification Provide some type of self test such as the OpenDNS Phishing Quiz or SonicWALL Phishing IQ Test If a user DOES get compromised User’s Account is immediately DISABLED! In order to have a compromised account re-enabled, require formal completion of phishing training Acquired SANS Securing the Human training that provides quick security training modules that are tracked by our training management system On site completion of training module required to re-enable account New Phishing Prevention/Education Model Results 9/12-10/12 from CIO educating community Started New Hire Orientation Malware/Phishing training 11/12 Implemented OpenDNS 12/12 Began using PhishTank submissions All Users required to change passwords for Google Apps migration (Population expecting change more apt to fall for phishing attacks) Started intercepting BotNet pages w/internal warning and education page 1/13 Migrated students to Google Very well crafted asking for user to follow link displayed as actual Siena login to prepare for migration to Google (as we were) Page setup on Google forms to look exactly like our OWA login page Only indication of phishing was page was hosted on Google Form. It Doesn’t End Here… Unfortunately this is a cat and mouse game Users forget, make mistakes, and continue to get tricked by very realistic looking spear phishing attempts customized to include actual Siena elements so continuous education is required. Look at the very well created spear phishing attack we received in December that fooled many in our population. Participate in anti-phishing efforts and information sharing to foster a community that helps security vendors block and take down these criminal operations

Download ppt "Phishing, Spear Phishing, and what to do about it."

Similar presentations

Web Content Control Application Providing Secure & Reliable Internet Access December 2010.

Web Content Control Application Providing Secure & Reliable Internet Access December 2010.
Account HIGHJACKING & IDENTITY THEFT GPCE Credit Union has prepared a slide show presentation to examine the most prevalent financial crimes at work today.

Account HIGHJACKING & IDENTITY THEFT GPCE Credit Union has prepared a slide show presentation to examine the most prevalent financial crimes at work today.
K-State IT Security Training Ken Stafford CIO and Vice Provost for IT Services Harvard Townsend Chief Information Security Officer

K-State IT Security Training Ken Stafford CIO and Vice Provost for IT Services Harvard Townsend Chief Information Security Officer
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing emails are designed.

Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.

Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Fòmasyon Itilizatè Ayiti Office 365 Fòmasyon. Why the Change? Partners in Health's new hosted Microsoft Office 365 solution allows users to access their.

Fòmasyon Itilizatè Ayiti Office 365 Fòmasyon. Why the Change? Partners in Health's new hosted Microsoft Office 365 solution allows users to access their.
Network security policy: best practices

Network security policy: best practices
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Phishing Rising to the challenge Amy Marasco Microsoft.

Phishing Rising to the challenge Amy Marasco Microsoft.
Web Spoofing John D. Cook Andrew Linn. Web huh? Spoof: A hoax, trick, or deception Spoof: A hoax, trick, or deception Discussed among academics in the.

Web Spoofing John D. Cook Andrew Linn. Web huh? Spoof: A hoax, trick, or deception Spoof: A hoax, trick, or deception Discussed among academics in the.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Project Management Methodology Project Closing. Project closing stage Must be performed for all projects, successfully completed or shut off by management.

Project Management Methodology Project Closing. Project closing stage Must be performed for all projects, successfully completed or shut off by management.
Phone: +44 7972 111149 Mega AS Consulting Ltd © 2007  CAT – the problem & the solution  Using the CAT - Administrator  Mega.

Phone: Mega AS Consulting Ltd © 2007  CAT – the problem & the solution  Using the CAT - Administrator  Mega.

Similar presentations

Ads by Google