Security & Phishing

Size: px
Start display at page:

Download "Security & Phishing"

Transcription

1 Security & Phishing Best Practices In Cybersecurity

2 Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2

3 What Is Phishing? How Serious is the Threat? Why are Phishing Attacks Popular? Agenda Characteristics of Phishing Anti-Phishing Strategies Phishing Samples 3

4 What is Phishing? A popular cyber attack method with malicious intents; conducted by masquerading as a trusted entity in an or other forms of electronic communication The impact of a successful Phishing attack varies from information theft to massive ransomware infection of the targeted organization 4

5 How Serious is the Threat? 3 rd Quarter 2018 Phishing Statistical Highlights from APWG: 53,546 unique phishing web sites detected 88,156 unique phishing campaigns reported from consumers 286 brands targeted by phishing campaigns 2016 study showed a successful spear-phishing attack average cost is $1.6M per organization 5

6 How Serious is the Threat? Example: BEC/EAC is one form of scam which employs the use of phishing Between October 2013 and May 2018 Domestic and international incidents: 78,617 All 50 states and 151 countries have reported about this scam Fraudulent wire transfers have been sent to 115 countries Between December 2016 and May % increase in global exposed dollar loss 6

7 How Serious is the Threat? Brief examination of one industry sector impacted by BEC/EAC: Real Estate BEC/EAC actors heavily targeted the real estate sector in recent years. Victims participating at all levels of a real estate transaction have reported such activity. This includes title companies, law firms, real estate agents, buyers and sellers. From calendar year 2015 to calendar year 2017, there was over an 1100% rise in the number of BEC/EAC victims reporting the real estate transaction angle and an almost 2200% rise in the reported monetary loss. 7

8 How Serious is the Threat? May 2018 reported the highest number of BEC/EAC real estate victims since

9 How Serious is the Threat? September 2017 reported the highest victim loss 9

10 Phishing Objectives Sensitive information Credential and passwords Malware infection and ransomware Compromise 10

11 Why is Phishing a Preferred Attack Method? Easy Low cost Difficult to prevent Flexible It pays 11

12 Top Phishing Lures Business compromise Service updates Account lockouts Invoices or bills Promotional offers Order or delivery notifications Voic Cloud file sharing Whaling/CEO fraud Text messages 12

13 Why are Phishing Attacks Successful? is the top business communication tool Many organizations lack sufficient phishing awareness training Phishing schemes are growing more sophisticated Popular attack method because s can bypass perimeter network security Phishing prey on psychology and behavior 13

14 Stages of a Phishing Attack Recon Social Engineering Attack Phase 14

15 Stage 1 Recon The dark Web Gather info from social media Build profile using company websites 15

16 Stage 2 Finding Victims Accounting Executives HR Legal Privileged users 16

17 Stage 3 Attack Phase Hijack existing websites Fake (look-alike) websites Spoofing Look-alike URLs Malicious attachments 17

18 Characteristics of Phishing Contains blurry images, poor spelling and grammar The offer seems too good to be true appears to be from trusted source and/or trusted person but demands urgent and/or uncommon actions Uses deceptive domain name Some are as simple as luring user to respond, which may lead to second stage attacks Appears to be from government agency Threatening and scare tactics Message contains urgency 18

19 Anti-Phishing Strategies Internet SPAM Filter Block SPAM Security Technology Signature based malware detection Advanced Threat Protection Transport Rules Detects zero-day threats and malicious URLs Block known malicious domain/addresses, high risk file types, known file names, known text strings, CEO spoofing DMARC Detects Domain Spoofing Inbox Encourage user to report phishing s Advanced Endpoint Protection Anti-Malware, Anti-Ransomware, Anti-Exploit, Web Reputation, Web Proxy Network Monitoring Monitor network traffic on endpoint 19

20 The reason attackers are able to successfully exploit the security gap is that they are targeting people, not computer systems. Kevin Mandia, COO, FireEye (founder & CEO, Mandiant) 20

21 Awareness and Training Sometimes people are the last line of defense against phishing attacks Provide company-wide phishing awareness training Conduct regular phishing simulation training Keep people informed of emerging threats 21

22 22

23 23

24 24

25 25

26 Key Takeaways 26

27 Key Takeaways User training is still the best prevention against phishing attacks Perimeter defense is not enough Invest in a good security tool Other compensating security controls Protect SaaS and other cloud services 27

28 Questions? 28

with Advanced Protection

with Advanced  Protection with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations

More information

Cyber Insurance: What is your bank doing to manage risk? presented by

Cyber Insurance: What is your bank doing to manage risk? presented by Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an

More information

June 2 nd, 2016 Security Awareness

June 2 nd, 2016 Security Awareness June 2 nd, 2016 Security Awareness Security is the degree of resistance to, or protection from, harm. if security breaks down, technology breaks down Protecting People, Property and Business Assets Goal

More information

Evolution of Spear Phishing. White Paper

Evolution of Spear Phishing. White Paper Evolution of Spear Phishing White Paper Executive Summary Phishing is a well-known security threat, but few people understand the difference between phishing and spear phishing. Spear phishing is the latest

More information

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them

More information

Personal Cybersecurity

Personal Cybersecurity Personal Cybersecurity The Basic Principles Jeremiah School, CEO How big is the issue? 9 8 7 6 5 4 3 2 1 Estimated global damages in 2018 0 2016 2018 2020 2022 2024 2026 2028 2030 Internet Users Billions

More information

Phishing in the Age of SaaS

Phishing in the Age of SaaS Phishing in the Age of SaaS AN ESSENTIAL GUIDE FOR BUSINESSES AND USERS The Cloud Security Platform Q3 2017 intro Phishing attacks have become the primary hacking method used against organizations. In

More information

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive

More information

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City 1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the

More information

PEOPLE CENTRIC SECURITY THE NEW

PEOPLE CENTRIC SECURITY THE NEW PEOPLE CENTRIC SECURITY THE NEW PARADIGM IN CYBERSECURITY David Karlsson SE Nordics March 2018 1 2018 Proofpoint, Inc. Proofpoint at a Glance LEADING CUSTOMERS DEEP SECURITY DNA UNIQUE VISIBILITY PARTNERS

More information

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS 10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND

More information

Phishing Activity Trends Report October, 2004

Phishing Activity Trends Report October, 2004 Phishing Activity Trends Report October, 2004 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent websites which attempt to trick them into divulging

More information

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It The Credential Phishing Handbook Why It Still Works and 4 Steps to Prevent It Introduction Phishing is more than 20 years old, but still represents more than 90% of targeted attacks. The reason is simple:

More information

Phishing Activity Trends

Phishing Activity Trends Phishing Activity Trends Report for the Month of September, 2007 Summarization of September Report Findings The total number of unique phishing reports submitted to APWG in September 2007 was 38,514, an

More information

Phishing Activity Trends Report August, 2006

Phishing Activity Trends Report August, 2006 Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account

More information

WHITEPAPER. Protecting Against Account Takeover Based Attacks

WHITEPAPER. Protecting Against Account Takeover Based  Attacks WHITEPAPER Protecting Against Account Takeover Based Email Attacks Executive Summary The onslaught of targeted email attacks such as business email compromise, spear phishing, and ransomware continues

More information

Phishing Activity Trends

Phishing Activity Trends Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received rose to 24,853 in, an increase of over 1, from February but still more than

More information

Trustwave SEG Cloud BEC Fraud Detection Basics

Trustwave SEG Cloud BEC Fraud Detection Basics .trust Trustwave SEG Cloud BEC Fraud Detection Basics Table of Contents About This Document 1 1 Background 2 2 Configuring Trustwave SEG Cloud for BEC Fraud Detection 5 2.1 Enable the Block Business Email

More information

Employee Privacy in the Electronic Workplace

Employee Privacy in the Electronic Workplace Employee Privacy in the Electronic Workplace Jane Shea and Michael Severini Today s Speakers Jane Hils Shea, Esq. Member & Chair of Data Privacy and Information Security Practice Group Frost Brown Todd

More information

Who We Are! Natalie Timpone

Who We Are! Natalie Timpone Who We Are! Natalie Timpone Manager of Security Business Management Office Enterprise Security Awareness Manager Carmelo Walsh Security, Risk, and Compliance Security Awareness Subject Matter Expert Who

More information

Recognizing & Protecting Against Fraud

Recognizing & Protecting Against Fraud Fraud Mitigation and Cyber Strategies for Public Entities April 209 Recognizing & Protecting Against Fraud 2 Why is it Important to Remain Vigilant? Fraud does not discriminate it occurs everywhere, and

More information

Proofpoint, Inc.

Proofpoint, Inc. 1 2018 Proofpoint, Inc. Juan Carlos Cabrera Country Manager Caribbean & Central America AMENAZAS EN EL 2018 SABES QUIEN ESTA UTILIZANDO TU DOMINIO? 2 2017 Proofpoint, Inc. Juan Carlos Cabrera Country Manager

More information

IT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)

IT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO) IT Security Protecting Ourselves From Phishing Attempts Ray Copeland Chief Information Officer (CIO) Phishing Defined The fraudulent practice of sending emails claiming to be from reputable people or companies

More information

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table

More information

Webomania Solutions Pvt. Ltd. 2017

Webomania Solutions Pvt. Ltd. 2017 The other name for link manipulation is Phishing or you can say link manipulation is type of phishing attack done generally to mislead the user to a replica website or a looka-like of some well-known site.

More information

How to recognize phishing s

How to recognize phishing  s Phishing email messages, websites, and phone calls are designed to steal money, steal data and/or destroy information. Cybercriminals can do this by installing malicious software on your computer or stealing

More information

THE CLOUD SECURITY CHALLENGE:

THE CLOUD  SECURITY CHALLENGE: THE CLOUD EMAIL SECURITY CHALLENGE: CLOSING THE CYBERSECURITY SKILLS GAP THROUGH AUTOMATION THE EMAIL SECURITY CHALLENGE Email remains at the heart of the business communications landscape. While nobody

More information

TABLE OF CONTENTS Introduction: IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN DEFENSES...

TABLE OF CONTENTS Introduction:  IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN  DEFENSES... The Guide TABLE OF CONTENTS Introduction: EMAIL IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN EMAIL DEFENSES... 4 Today s Top Email Fraud Tactics...5 Advanced Malware...8 Outbound

More information

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

EBOOK. Stopping  Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats. EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have

More information

Office 365 Buyers Guide: Best Practices for Securing Office 365

Office 365 Buyers Guide: Best Practices for Securing Office 365 Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.

More information

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Getting over Ransomware - Plan your Strategy for more Advanced Threats Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd. BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago

More information

Service Provider View of Cyber Security. July 2017

Service Provider View of Cyber Security. July 2017 Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through

More information

CE Advanced Network Security Phishing I

CE Advanced Network Security Phishing I CE 817 - Advanced Network Security Phishing I Lecture 15 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained

More information

State of the Phish 2016

State of the Phish 2016 State of the Phish 2016 1 Introduction & Overview In October 2015, Wombat Security acquired ThreatSim, bringing together two of the leading simulated phishing attack tools. ThreatSim has historically prepared

More information

CYBER SECURITY RESOURCE GUIDE. Cyber Fraud Overview. Best Practices and Resources. Quick Reference Guide for Employees. Cyber Security Checklist

CYBER SECURITY RESOURCE GUIDE. Cyber Fraud Overview. Best Practices and Resources. Quick Reference Guide for Employees. Cyber Security Checklist CORPORATE & INSTITUTIONAL BANKING CYBER SECURITY RESOURCE GUIDE Cyber Fraud Overview Best Practices and Resources Quick Reference Guide for Employees Cyber Security Checklist 2 5 7 9 AWARENESS OF CYBER

More information

One Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious

One Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious One Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious Email - Ron Weiss, Incident Response Team lead Disclaimer: The information in this presentation is based on lessons

More information

Webroot Phishing Threat Trends

Webroot Phishing Threat Trends December 2016 Webroot Phishing Threat Trends An update to the 2016 Threat Brief Introduction Who would ever fall for that? That s what many people think when they see a phishing attempt, since less advanced

More information

U.S. State of Cybercrime

U.S. State of Cybercrime EXCLUSIVE RESEARCH FROM EXECUTIVE SUMMARY 2017 U.S. State of Cybercrime IDG Communications, Inc. 2017 U.S. State of Cybercrime TODAY S CYBERCRIMES ARE BECOMING MORE TARGETED AND BUILT FOR MAXIMUM IMPACT,

More information

New Zealand National Cyber Security Centre Incident Summary

New Zealand National Cyber Security Centre Incident Summary New Zealand National Cyber Security Centre 2013 Incident Summary National Cyber Security Centre 2013 Incident Summary Foreword The incidents summarised in this report reinforce that cyber security is truly

More information

Governance Ideas Exchange

Governance Ideas Exchange www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights

More information

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response AUTHENTICATION Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response Who we are Eric Scales Mandiant Director IR, Red Team, Strategic Services Scott Koller

More information

Cyber-Threats and Countermeasures in Financial Sector

Cyber-Threats and Countermeasures in Financial Sector Michael Mavroforakis, PhD Group CISO & CDO SEV: Workshop on Digital Enablers (Cloud & Cybersecurity) 27th March 2018 Agenda: CYBERSECURITY Potential Targets Attack Examples Insider vs Outsider Threats

More information

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved. FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who

More information

Phishing Activity Trends Report January, 2005

Phishing Activity Trends Report January, 2005 Phishing Activity Trends Report January, 2005 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent web sites which attempt to trick them into divulging

More information

Security and Compliance for Office 365

Security and Compliance for Office 365 Security and Compliance for Office 365 [Proofpoint has] given us our time back to focus on the really evil stuff. CISO, Global 500 Manufacturer Like millions of businesses around the world, you may be

More information

Automated Context and Incident Response

Automated Context and Incident Response Technical Brief Automated Context and Incident Response www.proofpoint.com Incident response requires situational awareness of the target, his or her environment, and the attacker. However, security alerts

More information

Cyber Security Updates and Trends Affecting the Real Estate Industry

Cyber Security Updates and Trends Affecting the Real Estate Industry Cyber Security Updates and Trends Affecting the Real Estate Industry What, Why, and How? Agenda Cyber Security Today Changes to Security Standards and Trends Protecting Yourself and Your Organization Takeways

More information

Cybersecurity The Evolving Landscape

Cybersecurity The Evolving Landscape Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG

More information

FAQ. Usually appear to be sent from official address

FAQ. Usually appear to be sent from official  address FAQ 1. What is Phishing Email? A form of fraud by which an attacker masquerades as a reputable entity in order to obtain your personal information. Usually appear to be sent from official email address

More information

Phishing Activity Trends Report March, 2005

Phishing Activity Trends Report March, 2005 Phishing Activity Trends Report March, 2005 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent websites which attempt to trick them into divulging

More information

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1 Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com

More information

Phishing: When is the Enemy

Phishing: When  is the Enemy Phishing: When E-mail is the Enemy Phishing, once only a consumer worry, is creating headaches for e-mail administrators as businesses become the next target. CONTENTS Understanding the Enemy 2 Three Things

More information

Protecting from Attack in Office 365

Protecting  from Attack in Office 365 A hacker only needs one person to click on their fraudulent link to access credit card, debit card and Social Security numbers, names, addresses, proprietary information and other sensitive data. Protecting

More information

2017 Annual Meeting of Members and Board of Directors Meeting

2017 Annual Meeting of Members and Board of Directors Meeting 2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,

More information

Kaspersky Security Network

Kaspersky Security Network The Kaspersky Security Network (KSN) is a complex distributed infrastructure dedicated to intelligently processing cybersecurity-related data streams from millions of voluntary participants around the

More information

Automating Security Response based on Internet Reputation

Automating Security Response based on Internet Reputation Add Your Logo here Do not use master Automating Security Response based on Internet Reputation IP and DNS Reputation for the IPS Platform Anthony Supinski Senior Systems Engineer www.h3cnetworks.com www.3com.com

More information

Phishing Read Behind The Lines

Phishing Read Behind The Lines Phishing Read Behind The Lines Veljko Pejović veljko@cs.ucsb.edu What is Phishing? "Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and

More information

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.

More information

Hello! we are here to share some stories

Hello! we are here to share some stories SHARING SESSION Hello! Paulus Tamba CISSP, former PCI-QSA Was with Verizon-CyberTrust, BT Global Services, and FireEye Specialize in Threat and Vulnerability Management, Security Operation, and Managed

More information

Cybersecurity for Service Providers

Cybersecurity for Service Providers Cybersecurity for Service Providers Alexandro Fernandez, CISSP, CISA, CISM, CEH, ECSA, ISO 27001LA, ISO 27001 LI, ITILv3, COBIT5 Security Advanced Services February 2018 There are two types of companies:

More information

Are we breached? Deloitte's Cyber Threat Hunting

Are we breached? Deloitte's Cyber Threat Hunting Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the

More information

Phishing Activity Trends

Phishing Activity Trends Phishing Activity Trends Report for the Month of June, 2007 Summarization of June Report Findings In the June 2007 report the APWG introduces a brand-domain pairs measurement (page 4) which combines the

More information

Legal Foundation and Enforcement: Promoting Cybersecurity

Legal Foundation and Enforcement: Promoting Cybersecurity Legal Foundation and Enforcement: Promoting Cybersecurity Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection February 19, 2008 Mark L. Krotoski Computer

More information

But it Was Such a Little Phish February 2016 Webinar

But it Was Such a Little Phish February 2016 Webinar But it Was Such a Little Phish February 2016 Webinar Firestorm Insights February 2016 1000 Holcomb Woods Parkway Suite 130 Roswell, GA 30076 770-643-1114 Fax: 1-800-418-9088 www.firestorm.com Page Intentionally

More information

Phishing Activity Trends Report August, 2005

Phishing Activity Trends Report August, 2005 Phishing Activity Trends Report August, 25 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial

More information

BUILDING AN EFFECTIVE PROGRAM TO PROTECT AGAINST FRAUD

BUILDING AN EFFECTIVE PROGRAM TO PROTECT AGAINST  FRAUD BUILDING AN EFFECTIVE PROGRAM TO PROTECT AGAINST EMAIL FRAUD Navindra Ramnauth CISSP Principal Sales Engineer 1 2017 Proofpoint, Inc. Proofpoint at a Glance LEADING CUSTOMERS DEEP SECURITY DNA UNIQUE VISIBILITY

More information

Bringing the Fight to Them: Exploring Aggressive Countermeasures to Phishing and other Social Engineering Scams

Bringing the Fight to Them: Exploring Aggressive Countermeasures to Phishing and other Social Engineering Scams Bringing the Fight to Them: Exploring Aggressive Countermeasures to Phishing and other Social Engineering Scams Allen Zhou Comp116 Final Presentation What is Phishing? Social Engineering Steal credentials,

More information

An Ounce of Prevention

An Ounce of Prevention REPORT An Ounce of Prevention A 12-month analysis of ransomware, email fraud and other healthcare threats and how you can stop them proofpoint.com 2 Table of Contents INTRODUCTION...3 Why this report is

More information

CloudSOC and Security.cloud for Microsoft Office 365

CloudSOC and  Security.cloud for Microsoft Office 365 Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed

More information

(U) Cyber Threats to the Homeland

(U) Cyber Threats to the Homeland UNCLASSIFIED (U) Cyber Threats to the Homeland October 2016 The overall classification of this briefing is: (U) Warning: This product may contain US person information that has been deemed necessary for

More information

Fraud Update: Why Fraudsters Love Wires and How to Stop Them. Luis Rojas, Director, Product Management WesPay 2014

Fraud Update: Why Fraudsters Love Wires and How to Stop Them. Luis Rojas, Director, Product Management WesPay 2014 Fraud Update: Why Fraudsters Love Wires and How to Stop Them Luis Rojas, Director, Product Management WesPay 2014 Competitive Pressures Drive Fraud and Operational Risk Availability Of Information Creates

More information

Legal Aspects of Cybersecurity

Legal Aspects of Cybersecurity Legal Aspects of Cybersecurity John W. Mashni Taylor A. Gast (517) 371-8257 (517) 371-8238 jmashni@fosterswift.com tgast@fosterswift.com Alexander A. Ayar (248) 538-6326 AAyar@FosterSwift.com Risks Data

More information

STAYING SAFE FROM SOCIAL ENGINEERING SCHEMES

STAYING SAFE FROM SOCIAL ENGINEERING SCHEMES STAYING SAFE FROM SOCIAL ENGINEERING SCHEMES Dr. Catherine J. Ullman Senior Information Security Analyst Information Security Office cende@buffalo.edu 1 Who Am I? 2 But seriously Senior Information Security

More information

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong How Enterprise Tackles Phishing Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong Hackers turning to easy marks - Social engineering Phishing was the #1 threat vector (> 50%) for Office

More information

Business continuity management and cyber resiliency

Business continuity management and cyber resiliency Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,

More information

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco Increasing Digital Traffic Creates a Greater Attack Surface Global IP Traffic

More information

Incident Play Book: Phishing

Incident Play Book: Phishing Incident Play Book: Phishing Issue: 1.0 Issue Date: September 12, 2017 Copyright 2017 Independent Electricity System Operator. Some Rights Reserved. The following work is licensed under the Creative Commons

More information

ybersecurity for the Modern Era Three Steps to Stopping malware, Credential Phishing, Fraud and More

ybersecurity for the Modern Era Three Steps to Stopping malware, Credential Phishing,  Fraud and More ybersecurity for the Modern Era Three Steps to Stopping malware, Credential Phishing, Email Fraud and More www.proofpoint.com EBOOK Cybersecurity in the modern era 2 ONLY AMATEURS ATTACK MACHINES. PROFESSIONALS

More information

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey CyberMaryland Conference 2017 Bob Andersen, Sr. Manager Federal Sales Engineering robert.andersen@solarwinds.com

More information

Building Resilience in a Digital Enterprise

Building Resilience in a Digital Enterprise Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.

More information

41% Opens. 73% Clicks. 35% Submits Sent

41% Opens. 73% Clicks. 35% Submits Sent Phishing Awareness Attackers engage with you through your email inbox, and unless you pay close attention, you can become a victim to their masquerade. What tactic are these attackers using? It is called

More information

Chain 365 Cyber Threat Intelligence Enterprise & Cyber Security. August 2017

Chain 365 Cyber Threat Intelligence Enterprise & Cyber Security. August 2017 Chain 365 Cyber Threat Intelligence Enterprise & Cyber Security August 2017 Fujitsu Cyber Threat Intelligence Office 365 Supply Chain Compromise Global Impact Executive Summary... 2 Chain 365... 3 Potential

More information

DIGITAL FORENSICS. We Place Digital Evidence at Your Fingertips. Cyanre is South Africa's leading provider of computer and digital forensic services

DIGITAL FORENSICS. We Place Digital Evidence at Your Fingertips. Cyanre is South Africa's leading provider of computer and digital forensic services DIGITAL FORENSICS We Place Digital Evidence at Your Fingertips Cyanre is South Africa's leading provider of computer and digital forensic services Cyber Crime taking a Byte out of corporate SA Total Legal

More information

How Breaches Really Happen

How Breaches Really Happen How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability

More information

falanx Cyber Falanx Phishing: Measure your resilience

falanx Cyber Falanx  Phishing: Measure your resilience falanx Cyber Falanx Email Phishing: Measure your resilience Contents What is Email Phishing? 3 Why should I carry out an Email Phishing exercise? 4 PhishEd Managed regular phishing 5 Single assessments

More information

RSA FRAUDACTION ANTI-PHISHING SERVICE: BENEFITS OF A COMPREHENSIVE MITIGATION STRATEGY

RSA FRAUDACTION ANTI-PHISHING SERVICE: BENEFITS OF A COMPREHENSIVE MITIGATION STRATEGY RSA FRAUDACTION ANTI-PHISHING SERVICE: BENEFITS OF A COMPREHENSIVE MITIGATION STRATEGY RSA CYOTA PROJECT PROPOSAL RSA FRAUDACTION ANTI-PHISHING SERVICE V.1 2011 Overview This brief highlights the benefits

More information

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Cisco Cloud Security. How to Protect Business to Support Digital Transformation Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,

More information

Managed Endpoint Defense

Managed Endpoint Defense DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts

More information

REPORT. Year In Review. proofpoint.com

REPORT. Year In Review. proofpoint.com REPORT Year In Review proofpoint.com Email fraud, also known as business email compromise (BEC), is one of today s greatest cyber threats. These socially engineered attacks seek to exploit people rather

More information

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017 DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.

More information

Sectigo Security Solution

Sectigo  Security Solution Sectigo Email Security Solution 2018 Sectigo. All rights reserved. Email hacking is a commonly used malicious tactic in our increasingly connected world. Business email compromise (BEC), or email account

More information

THE ACCENTURE CYBER DEFENSE SOLUTION

THE ACCENTURE CYBER DEFENSE SOLUTION THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly

More information

Machine-Powered Learning for People-Centered Security

Machine-Powered Learning for People-Centered Security White paper Machine-Powered Learning for People-Centered Security Protecting Email with the Proofpoint Stateful Composite Scoring Service www.proofpoint.com INTRODUCTION: OUTGUNNED AND OVERWHELMED Today

More information

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering

More information

Target Breach Overview

Target Breach Overview Target Breach Overview Q: Media reports are stating that Target experienced a data breach. Can you provide more specifics? A: Yes, Target has confirmed that it experienced unauthorized access to its systems

More information

Security Protection

Security Protection Email Security Protection Loay Alayadhi Abstract: Email is the most important business communication tool. Security has been an issue in mail from ancient times. Therefore, email security protection has

More information

How Cyber-Criminals Steal and Profit from your Data

How Cyber-Criminals Steal and Profit from your Data How Cyber-Criminals Steal and Profit from your Data Presented by: Nick Podhradsky, SVP Operations SBS CyberSecurity www.sbscyber.com Consulting Network Security IT Audit Education 1 Agenda Why cybersecurity

More information

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017 COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime

More information

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL RAHUL GUPTA SENIOR DEPUTY DISTRICT ATTORNEY ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: 714-345-7722 EMAIL: rahul.gupta@da.ocgov.com DAVE WHITE INVESTIGATOR

More information

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

10 Cybersecurity Questions for Bank CEOs and the Board of Directors 4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors

More information