#1 - Introduction. Agenda

Size: px

Start display at page:

Download "#1 - Introduction. Agenda"

Claud Holmes
5 years ago
Views:

1 #1 - Introduction Ivgeni Broitman CTO Co-Founder DCOYA Agenda 09:00 10:30 - Introducing the Phishing Threat 10:45 12:30 Phishing Playground Training 13:30 15:00 Prevention Technology 15:15 16:30 Awareness and Education 1

2 Introducing the Phishing Threat - Agenda What is Phishing The reasons behind Ransom Statistics & Famous stories Phishing samples Social, , SMS Phishing Techniques What is Phishing? Phishing is the act of attempting to acquire information such as username, password and credit card details as a trustworthy entity in an electronic communication. PHishing = Password Harvesting בעברית "דיוג" 2

3 Social Phishing Common Phishing Types Communication that pretends to come from Popular social web sites Auction sites Online payment process IT administrators Anything that looks legit think what type of s do you usually get? Latest trend co-worker , coming from CEO, CTO 3

4 Phishing Purposes Ransom Encrypt the PC and ask for money (usually Bitcon) Data Theft Advertising (=SPAM) Collecting Clicks 4

$Phishing Methods Inject Malicious Payload The link itself \ Infected target website Key loggers, screen and media$

5 Phishing Methods Inject Malicious Payload The link itself \ Infected target website Key loggers, screen and media capture (microphone) itself Link Attachment (document \ executable) Social SMS Phone Call Phishing Methods 5

6 Phishing Not Showing Any Signs of Slowing 6

$Phishing Target Audience Employees \ Private People Can be used to attack companies Fraud Identity$

7 Anyone! Phishing Target Audience Employees \ Private People Can be used to attack companies Fraud Identity theft Financial loss to the original institutions Ransom Most-Targeted Industry Sectors

8 Evasion and Prevention Link Manipulation Switching letters + another domain Text filter bypass Language typo Use images Browser Manipulation Falsify the URL Evasion and Prevention Phone Call Using some known details Fake caller id SMS Fake name Mixture (Phone Call + SMS + ) 8

Phishing Samples The Marker, 03.03.2016 Phishing Samples The Marker, 03.03.2016: - "בוקר בהיר אחד ניסיתי להגיע לאיזה קובץ במחשב, ולא הצלחתי למצוא אותו.

9 Phishing Samples The Marker, Phishing Samples The Marker, : - "בוקר בהיר אחד ניסיתי להגיע לאיזה קובץ במחשב, ולא הצלחתי למצוא אותו. זה היה נראה מוזר, כי רק אתמול קיבלתי את הקובץ במייל", מספר ירון, בעל עסק קטן מאזור המרכז. "ואז, תוך כדי שאני מנווט בקבצים, אני רואה שכל הקבצים שלי שינו את שמם ועכשיו הם רצפים של אותיות ומספרים. בנוסף, ראיתי בכל תיקייה קובץ, JPEGקובץ תמונה, שכשאני פותח אותה - אני מקבל הנחיות, להגיע לכתובת אינטרנט מסוימת כדי לפתוח את הקבצים שלי. אני מפעיל חברת לואו-טק, עוסק בסחר במוצרים פיזיים - וכמובן שאני עובד עם מחשב וקבצים. לכן בהתחלה לא נלחצתי, לקחתי את הזמן. התקשרתי לחבר ודרכו הגעתי למומחה בתחום אבטחת המידע. בסוף הוא אמר לי: 'או שתשלם את הכופר, או שתיפרד מהקבצים'". - כאן המקום לציין שעבור שחרור הקבצים, תוכנת הכופר דרשה מירון סכום שווה ערך ל- 500 דולר, שישולם במטבע ביטקוין - מטבע מבוזר שמקשה מאוד על יכולתם של גורמי האכיפה להתחקות אחר מקבל הכסף. - רון לא מיהר לשלם: "הלכתי למשטרה. זה היה יום שישי, אז אמרו לי 'תבוא ביום ראשון'. ביום ראשון נסעתי כבר לסניף המשטרה בתלפיות, שם יושבת המחלקה לפשעי מחשב. שם פחות או יותר אמרו לי: 'למה באת בכלל', והודיעו לי שזאת כמובן החלטה שלי אם לשלם או לא, אבל התלונה שהגשתי הולכת למגירה". 9

10 Phishing Samples Ashley Madison Breach 10

11 Phishing Samples Phishing Samples 11

12 Phishing Samples Phishing Samples 12

13 Phishing Samples Phishing Samples 13

14 SMS Phishing SMS Phishing 14

15 SMS Phishing Highly Targeted Campaigns Symantec 2015 INTERNET SECURITY THREAT REPORT 15

REPORT Distribution of Spear-Phishing Attacks by

16 Top 10 Industries Targeted in Spear-Phishing Attacks Symantec 2015 INTERNET SECURITY THREAT REPORT Distribution of Spear-Phishing Attacks by Organization Size Symantec 2015 INTERNET SECURITY THREAT REPORT 16

REPORT Spear-Phishing Emails Used in Targeted

17 Top 5 Risk Ratio of Spear-Phishing Attacks by Job Role Symantec 2015 INTERNET SECURITY THREAT REPORT Spear-Phishing s Used in Targeted Attacks Symantec 2015 INTERNET SECURITY THREAT REPORT 17

18 Advanced Phishing Techniques Link Manipulation Create a Look Alike Link Evasion Techniques use images instead of text DNS Based DNS hijack Hosts file manipulation Proxy compromise Man in the Middle Advanced Phishing Techniques Target Server Compromise Compromising a web server XSS \ SQL Injection 18

19 Causes Misleading s No check of source address, target address Vulnerability in browsers, clients Not using SSL \ Strong Authentication Limited use of digital signatures Lack of user awareness Threat Landscape Human error is involved in more than 95 % of the security incidents investigated in 2014, The most prevalent form involves clicking on a malicious link found in a phishing message. IBM Security Services 2014 Cyber Security Intelligence Index 19

20 Google: Threat Landscape Phishing scams work 45% of the times Break 20

21 #2 Phishing Playground Training Ivgeni Broitman CTO Co-Founder DCOYA Phishing Training Crafting a legit phishing 9iC9I 21

22 Phishing Training Crafting a phishing Create a Gmail account Compose Phishing Phish Each Other Tools Training Ideas 22

23 Break 23

24 #3 Prevention Technology Ivgeni Broitman CTO Co-Founder DCOYA Prevention Technology - Agenda Why Phishing Works? Existing Approaches Companies and Products 24

25 Why Phishing Works? Why Phishing Works? 25

26 Anti Phishing Existing Approaches Non Content Based Inspection URL & Host Information Blacklisting and Whitelisting URL Lexical Properties (length, amount of dots, special chars, ) Host Information and DNS properties (TTL, geo location) Anti Phishing Existing Approaches Content Based Inspection Password fields Spelling errors Resources source location (Images, CSS) HTML Elements Voice of the 26

27 Anti Phishing Existing Approaches Visual Inspection Image processing Character Inspection Diff in A HREF and Text Using IP addresses vs. DNS names Anti Phishing Existing Approaches Browsers alerting users of fraudulent websites Crowd Wisdom Monitoring, Takedown (ISP) and Legal approaches 27

28 Anti Phishing ISP - Gartner Security 28

29 Anti Phishing Providers Detecting a Phishing Attack Preventing an Attack Before it Begins Preventing the Delivery of Phishing Messages Preventing Deception in Phishing Messages and sites Selecting a Vendor Take in Mind On Premise \ SaaS Server Side \ Client Side Management and Organizational Fit False Positive \ False Negative Rate Signatures and Crowd 29

30 Prevention Security Providers All the biggest: Google, Verisign, Microsoft, Cisco (IronPort), Detection & Analysis Cyveillance, Verisign, RSA, Netcraft Takedown FraudWatch International, Internet Identity Security Providers Forensic Tools DomainTools, Websense Application Gateways Juniper, Microsoft, Citrix Toolbars Netcraft Authentication GlobalSign, GoDaddy, Symantec 30

31 Security Providers Filtering Barracuda Networks, McAfee Web Filtering Kaspersky Lab, Netcraft Conclusion No single technology will completely stop phishing A combination is required Good Organization and Practice Proper application of current technologies Drastically reduce the prevalence of phishing and the losses suffered from it 31

32 Break 32

33 #4 Awareness and Education Ivgeni Broitman CTO Co-Founder DCOYA Awareness and Education - Agenda The Challenge The Approach The Improvement 33

34 The Challenge The Approach Security awareness solution that improves organizational compliance, expands security knowledge changes Employees Security Behaviors Craft an Ethical Phishing attack Introduce the phishing threat Raise Awareness among the employees 34

35 Poor Security Behaviour AIiI Service 35

36 Offering Demo 36

37 Organizational Improvement Numbers Before and After The Short Memory Effect New Employees & Role Switch Summary Introducing Phishing Hands-on Training Existing Prevention Technologies The Role of Awareness and Education 37

38 38

Security & Phishing

Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?