Presentation is loading. Please wait.

Presentation is loading. Please wait.

There Will be Attacks – Improve Your Defenses

Published byLeonard Dorsey Modified over 6 years ago

Similar presentations

Presentation on theme: "There Will be Attacks – Improve Your Defenses"— Presentation transcript:

1 There Will be Attacks – Improve Your Email Defenses
Achmad Chadran Product Specialist Pleased to be a sponsor for this Data Connectors event Title means -borne cybercrime is a matter of “when,” not “if”; we know this from our grid Why ?

2 91% of all incidents start with a phish
is mission-critical. It’s everywhere. Some 225 billion s – both business and personal – are sent each day worldwide A successful attack can deliver the keys to the kingdom And a successful attack doesn’t need to be technically sophisticated…just smart Wired 2015

3 Think Your Employees are Alert Enough to Stop Them?
That’s why it’s imperative that we – all of us – get reminded regularly about the risks of suspicious s User awareness is something we at Mimecast call the Human Firewall We’re a lot like these cute meerkats with our herd mentality It’s up to CIOs, compliance officers, ALL execs, to leverage this fact Pop quiz: anyone know how long it takes on average for a recipient of a phishing exploit to click on the link? Confidential |

4 a phish: median time-to-first-click
1 minute 22 seconds a phish: median time-to-first-click 1M 22 SECONDS THE MEDIAN TIME FOR SOMEONE TO CLICK on a phishing link That’s the Median, imagine what the lower outliers are. Verizon 2015 Data Breach Investigations Report (DBIR)

5 How Do The Attackers Do It?
Again, it may involve malware – ransomware is rampant and growing. But without the social engineering component, even ransomware would be ineffective!

6 Do You Have a Page Like This On Your Website?
How do Attackers get their information? An easy way to find out about a company is visit their website. Most companies have information about their executive teams. What better way to entice a user to open an than having it look like it’s from the CEO, the CFO or some other senior leader? Remember that it only takes one employee to “click before they think” to compromise an entire organization.

7 And if a cybercriminal should need any remedial education, no worries!
All fairness, titles like these are intended to help the white hats among us. But the bad guys know we’re learning, so their attacks and exploits are evolving with amazing speed. It’s an arms race on amphetamines. New ways to get in. New ways to fool well-meaning people. is the prime gateway.

8 You are susceptible to email-borne attacks if….
You have certain letters in your domain name You accept resumes on your website You have a team of people in finance You have a profile Your life is deemed interesting enough to be on You are susceptible to -borne attacks if…. Thanks to this innovation, all of these are risk factors Cybercriminals have access to a wealth of information they can use to disguise themselves and incite panicked responses Is there any wonder why we’re living in both a Cybercrime Era and a Social Media Era?

9 Bitcoin! Another huge breakthrough for our cybercriminal friends!
The digital currency phenomenon is fascinating. I personally believe it’s ultimately going to make our lives better, especially as we embrace blockchain technologies But did ransomware take off when Bitcoin came of age? No breadcrumbs, no track and trace.

10 There are other ways to gather information cybercriminals can leverage
You can use a program that harvests addresses. These are cheap and easy to use. Just type in a domain and you’ll get a list of addresses for that organization. Are we in the wrong line of business, folks?

11 You don’t even need to know how to code
I ask in jest, but look at this. Attackers don’t have to know how to code, they don’t even have to be tech-savvy. They can download TOX, a ransomware construction tool that provides an easy to use graphical interface that allows attackers to track how many folks have been infected and track the ransom paid Introducing the cybercriminal industrial complex: developers, agents, strategic tie-ups Source: Forbes.com - "Ransomware As A Service Being Offered For $39 On The Dark Net" 7/15/16

12 FUD (Fully Undetectable) Crypting Services to avoid AV detection
Another example: you may be an attacker who can code but don’t know how to evade sandbox detection That’s not a problem there’s an online service that can help FUD- fully undetectable crypting services uses obfuscation, encryption and code manipulation.

13 Real life examples Here are some examples of convincing attacks we’ve collected in the recent past. Maybe you’ve seen some of these too.

14 Phishing attack with malicious URL
Vector: Phishing attack with malicious URL Threat: Entering credentials Target: Random mass-mailing This is your classic phishing attack This one uses a malicious URL as the detonator When customers of Mimecast Targeted Threat Protection click, here’s what they get: a mini-tutorial on the dangers of taking action

15 Phishing email with attachment
Vector: Phishing with attachment Threat: Opening the document and activating malicious code Target: Targeted mailing Here’s another phishing exploit, this one which uses an attachment that’s been weaponized with a malware agent, maybe a macro This one was also intercepted at our gateway The threat was detected and neutralized. The attachment replaced with an inert PDF – no macros. And there are instructions attached that let recipients decide whether this was an attachment they needed in its original format, while reminding them of the risks. In the crush of the busy workday, it’s all too easy to want to crank through your s.

16 Business Email Compromise Whaling Wire transfer W-2 Fraud
Who Says Attacks Need to Involve Malware? Business Compromise Whaling Wire transfer W-2 Fraud These attacks are often called Business Compromise, wire transfer fraud, W-2 fraud or whaling What’s sets these attacks apart is that they don’t use malware to achieve their goal They rely purely on the power of social engineering and the inherent trust in Impersonation attacks are a huge threat because Traditional security systems like AV cannot detect this type of attack. Even solutions that scan URLs and detonates attachments in a sandbox are powerless in preventing these attacks Defending against these attacks requires specialised tools that monitor multiple indicators of potential compromise.

17 Threat: Impersonating senior staff
Vector: Spear phishing attack Threat: Impersonating senior staff Target: An employee with authority The difference between a phish and a spearphish is that spearphishing is more targeted This one was sent to a specific individual with a particular role in the company Anybody spot what’s wrong with this ?

18 Threat: Impersonating senior staff
Vector: Spear phishing attack Threat: Impersonating senior staff Target: An employee with authority Another spear-phishing (or whaling) exploit. Instead of our CEO, this one involves impersonating our CFO Can any of you spot the anomaly here?

19 Herd alertness helps, but…
While part of the aim here is to create herd alertness in your organization, there are clearly times when user action is warranted The intention is not to make everyone suspicious of everything, or make everyone a security pro, but make them alert enough to linger over a link or attachment. The Mimecast security awareness tools help in this mission to compliment the other tactics you should use like training and perhaps simulated exercises.

20 Are Users Part of the Solution or Part of the Problem?
The Compromised Insider The Careless Insider The Malicious Insider Anyone can fall victim to an exploit

21 Can we do more with technology? - YES!
Layer one is of course the technology Can we do more with technology? - YES! Confidential |

22 Mimecast Cloud Service Inspects >650M Inbound, Outbound, & Internal s/Day for Both Opportunistic & Targeted Attacks

23 Mimecast Email Security Suite
Cyber Resiliency Mimecast Security Suite Secure Gateway - Anti-virus / malware - Anti-spam - Reputation analysis - Zero-day protection - Continuity - Independent Archive - Backup & Recovery Comprehensive protection, simply achieved in the cloud Targeted Threat Protection URL Attachment Impersonation Internal s

24 Protect You need the technology that provides the best possible multi-layered protection
Continue You need to continue to work while the issue is resolved Remediate You need to get back to the last known good state Cyber Resilience

25 Thanks. Questions?

Download ppt "There Will be Attacks – Improve Your Defenses"

Similar presentations

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via email.

CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
INTERNET SAFETY FOR EVERYONE

INTERNET SAFETY FOR EVERYONE
Proactive Incident Response

Proactive Incident Response
Explaining Bitcoins will be the easy part: Email Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.
Advanced Endpoint Security Data Connectors-Charlotte January 2016

Advanced Endpoint Security Data Connectors-Charlotte January 2016
Exchange Online Advanced Threat Protection

Exchange Online Advanced Threat Protection
3 Do you monitor for unauthorized intrusion activity?

3 Do you monitor for unauthorized intrusion activity?
Sophos Intercept Next-Gen Endpoint Protection

Sophos Intercept Next-Gen Endpoint Protection
Threat Scan (ETS) for Office 365

Threat Scan (ETS) for Office 365
Threat Scan (ETS) for Office 365

Threat Scan (ETS) for Office 365
There Will be Attacks – Improve Your Defenses

There Will be Attacks – Improve Your Defenses
[Internal Use] for Check Point employees​

[Internal Use] for Check Point employees​
Comprehensive Security and Compliance at an Affordable Price.

Comprehensive Security and Compliance at an Affordable Price.
Explaining Bitcoins will be the easy part: Email Borne Attacks and How You Can Defend Against Them Michael Burke.

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Burke.

Similar presentations

Ads by Google