CHAPTER 2: CASE STUDY SPEAR-PHISHING CAMPAIGN GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
|
|
- Osborn Dickerson
- 8 years ago
- Views:
Transcription
1 : CASE STUDY SPEAR-PHISHING CAMPAIGN 1
2 SPEAR-PHISHING CAMPAIGN CASE STUDY MORAL Attacks do not have to be technically advanced to succeed. OVERVIEW In August of 2014, Aerobanet (named changed to protect client identity) contacted NTT Group for assistance with a potential spear-phishing attack. NTT Group determined that Aerobanet had been targeted by a skillfully crafted social-engineering/spear-phishing campaign. The campaign used detailed knowledge of Aerobanet s internal wire transfer request and approval processes to deceive staff into completing bogus wire transfers. NTT Group security consultants assisted with rapid investigation and response to the attack. 2
3 TIMELINE OF EVENTS The table below shows the chronology of events. TIMELINE OF EVENTS - SPEAR PHISHING DATE DAY 1 EVENT Initial phishing s received which contained instructions on wire transfers DAY 2 Aerobanet transferred funds per the first set of instructions DAY 5 Second request for wire transfers was received DAY 6 Third request for wire transfers received DAY 9 DAY 9-11 DAY 15 While processing wire transfers Aerobanet became suspicious and contacted NTT Group to initiate an investigation into the fraudulent phishing s NTT Group reviewed fraudulent s, investigated the fake server and initiated additional internal review NTT Group determined the absense of malware, and isolated the attack as social engineering/spear-phishing attack Timeline of events: Spear phishing. DESCRIPTION OF EVENT In August 2014, after successfully processing several wire transfers, Aerobanet identified potentially suspicious s requesting wire transfers of funds. Their suspicions were aroused when staff detected an unusually high number of wire transfers in a short period of time. Aerobanet contacted NTT Group to verify their suspicions and to assist in investigation of the attack. Initial investigations confirmed the attack was executed via phishing s. The s were well crafted, and included several indications that the attacker had detailed knowledge of Aerobanet internal processes and employee roles: 3
4 The attacker knew which users to target internally in order to initiate wire transfers. The attacker had inside knowledge of users who could authorize wire transfers. The s included fake thread histories to make the wire transfers appear sanctioned. The s included PDF attachments designed to help make the s appear official. The s used a properly registered and fully active domain to help make the s appear official. This domain was registered via a third-party cloud-based provisioning site. The s were constructed to include information and instructions which were key to the wire-transfer process. The fake thread histories appeared to run for several days, and included s in which authorized employees allegedly requested and approved the transfers. The level of detail used to construct the s suggested the attackers had internal knowledge of Aerobanet processes and procedures. NTT Group security analysts were unable to determine whether the attacker s knowledge of Aerobanet resulted from social engineering attacks or from other sources. NTT Group had been following an increase in similar spear-phishing attacks. This helped the onsite analysts to determine the nature of the attack against Aerobanet and verify this was a phishing attack. The security consultants observed that the domain on the phishing s was slightly different from Aerobanet s legitimate domain. This attacker used a free trial domain service to create and register valid domains used in the attack. NTT Group has seen an increase in attacker use of cloud-provisioned domains, because these sites are cheap (or free), easy to set up, and can be rapidly provisioned. In this case, the cloud-provisioned domain served as a fraudulent domain. 4
5 For Aerobanet, the attacker provisioned the domain Aerobannet which was very similar to the actual target of the attack. The phishing recipients did not identify the extra n in the fake domain name. This allowed the attacker to be included in an dialog discussing each wire transfer. The attackers created an account on their fake Aerobannet site, using the name of the real Aerobanet official responsible for approving wire transfers (johndoe@ aerobanet.com vs. johndoe@aerobannet.com). While employees believed they were responding to from an internal user, they were actually responding to the attacker s fake external account. The s also included PDF attachments which identified mailing addresses and account numbers for the wire transfers. These attachments added credibility to the wire transfer requests. Analysis of the PDFs uncovered no malware. The addresses in the PDFs were residential street addresses. Based on analysis by NTT Group, there was no evidence to suggest the attackers had breached the Aerobanet infrastructure. Analysts identified no malware and no internal access to the environment. Attacks which are constrained to social-engineering and spear-phishing techniques are relatively rare, but can be extremely successful, especially when they are as expertly crafted as this attack. NTT Group has seen several attack scenarios like this in the past year, and these types of attackers appear to be increasing their level of precision. 5
6 NTT Group security consultants demonstrated how the free trial domain had facilitated the attack, and provided documentation which helped show the wire transfers were fraudulent. Aerobanet provided this documentation to its bank and obtained refunds of nearly all the funds which had been fraudulently transferred. Aerobanet subsequently changed its approval process to require all wire transfers to be manually verified in person or by phone prior to completion. ROOT CAUSE This attack was successful because the highly accurate and targeted content of the chain helped convince Aerobanet staff that the wire transfer requests were genuine. The fraudulent domain used in the attack added credibility to the chain, resulting in the success of the spear-phishing attacks. COST OF INCIDENT Aerobanet provided the actual cost of this event. COST OF EVENTS - SPEAR PHISHING ITEM The actual cost of investigation, remediation and professional incident support as described COST $15,400 Actual cost of legal and public relations support $8,775 Potential loss due to wire transfers $127,530 Wire transfers recovered -$126,630 Total actual cost directly related to the event $25,075 Cost of event: Spear phishing. 6
7 CASE STUDY SUMMARY Spear-phishing attacks are usually the first phase of a more sophisticated attack, and rarely function as an attack on their own. In this case, the highly targeted spear-phishing thread was crafted to convince staff to initiate fraudulent wire transfers. Since the s included appropriate requesters and reasonable responses, and appeared to be sent from an internal domain, the internal staff was not immediately suspicious of the requests. As a result, the staff initiated several wire transfers before suspicion was raised. THREAT MITIGATION, SPEAR PHISHING Organizations should consider a variety of security controls to help protect against spear-phishing attacks. Perform targeted security awareness and training: The attacker conducted a successful spear-phishing attack. If Aerobanet had previously provided security awareness training, including guidance on actively looking for social engineering and phishing attacks, the attack may have been recognized earlier. Such awareness training must consider the context of the organization receiving the training. It should be customized to the processes and procedures of the company, and should use examples of attacks to which employees can relate. Perform social-engineering testing: Personnel who administer critical tasks should be tested beyond formal training. They should be tested with professional social-engineering engagements to challenge their skills at identifying an attack in progress. Many major breaches begin with a social engineering attack. Ensuring that critical personnel are adequately prepared to detect an attack is just as important as hardening technical systems to withstand attacks. 7
8 Implement dual controls for critical transactions: The attacker included enough information in the thread that it appeared the wire transfer had been authorized. Using an active confirmation of a second approval, outside of the same communication path, could have helped raise a red flag over attempts to initiate the transfers. Active confirmation (via phone, fax, or paper copy) would have initiated an additional dialog to help verify the transfer was truly authorized. Configure DNS verification: In order for a spear-phishing attack to be successful it must fool multiple layers of infrastructure, which is why it is important to configure Sender ID Framework in the server to help ensure the sender is using an appropriate IP address. Using this technology, when a sender transmits an to the receiver, the receiver s server makes a call to the Sender ID Framework. The Sender ID Framework asks the DNS server to verify that the source IP address matches the domain from which the was sent. If the IP address is NOT a match, the will be blocked/dropped. If the does match, it is forwarded to the receiver. This is effective in a case where addresses are being spoofed in the mail headers, as is done in many such phishing attacks. However, if an attacker establishes a domain similar to that of the target and manages DNS records for the similar fake domain (as the attacker did with Aerobanet/Aerobannet) then DNS verification will not be effective. Configure Phishing Confidence Level: Phishing Confidence Level (PCL) is a tool which is available via the Microsoft Exchange environment. This tool creates a value scale of 1 through 8, which reflects the likelihood an is part of a potential phishing attack. When PCL is configured, the site s administrator can choose how to treat each according to its rating on the PCL value scale. Configuring PCL could assist in identifying further threats or stopping an attack altogether. 8
9 Implement anomaly/fraud detection: This particular attack was identified when a single staff member recognized that the wire-transfer pattern was anomalous. He observed a significant increase in the number of wire transfer requests, and verified the latest request because it fell outside of expected boundaries. The ability to identify such anomalous behavior is invaluable, especially in a large organization which may process a high volume of transactions. For an incident such as this, organizations should implement manual and, to the extent possible, automated checks to help identify when the frequency or size of sensitive transactions exceeds an expected range. Some financial institutions will also help organizations set and conform to transaction boundaries. 9
SPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationOuachita Baptist University. Identity Theft Policy and Program
Ouachita Baptist University Identity Theft Policy and Program Under the Federal Trade Commission s Red Flags Rule, Ouachita Baptist University is required to establish an Identity Theft Prevention Program
More informationHow To Integrate Hosted Email Security With Office 365 And Microsoft Mail Flow Security With Microsoft Email Security (Hes)
A Trend Micro Integration Guide I August 2015 Hosted Email Security Integration with Microsoft Office 365» This document highlights the benefits of Hosted Email Security (HES) for Microsoft Office 365
More informationOverview An Evolution. Improving Trust, Confidence & Safety working together to fight the e-mail beast. Microsoft's online safety strategy
Overview An Evolution Improving Trust, Confidence & Safety working together to fight the e-mail beast Holistic strategy Prescriptive guidance and user education, collaboration & technology Evolution of
More informationPresented by: Mike Morris and Jim Rumph
Presented by: Mike Morris and Jim Rumph Introduction MICHAEL MORRIS, CISA Systems Partner JIM RUMPH, CISA Systems Manager Objectives To understand how layered security assists in securing your network
More informationBusiness Email Compromise Scam
Business Email Compromise Scam The FBI has issued a warning about a significant spike in victims and dollar losses stemming from an increasingly common scam in which crooks spoof communications from executives
More informationSPEAR PHISHING TESTING METHODOLOGY
SPEAR PHISHING TESTING METHODOLOGY From An article on our Spear Phishing Testing which can be used in social engineering exercise to determine organization wide susceptibility to an APT style attack. Document
More informationCHAPTER 4 : CASE STUDY WEB APPLICATION DDOS ATTACK GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: CASE STUDY WEB APPLICATION DDOS ATTACK 1 WEB APPLICATION DDOS ATTACK CASE STUDY MORAL Ensuring you have DoS/DDoS protection in place, before you are attacked, can pay off. OVERVIEW XYZ Corp (name changed
More informationFFIEC BUSINESS ACCOUNT GUIDANCE
FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit unions and business account holders to make online banking safer and more secure from account hijacking and unauthorized funds
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationWhen Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper
When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling White Paper As spam continues to evolve, Barracuda Networks remains committed to providing the highest level of protection
More informationWhen Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling
When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling As spam continues to evolve, Barracuda Networks remains committed to providing the highest level of protection
More informationCybersecurity Governance Update on New FFIEC Requirements
Cybersecurity Governance Update on New FFIEC Requirements cliftonlarsonallen.com Our perspective CliftonLarsonAllen Started in 1953 with a goal of total client service Today, Professional Services Firm
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationACH AND WIRE FRAUD LOSSES
ACH AND WIRE FRAUD LOSSES Financial Institution Technology Funnel Matthew G. Brenner Date: September 26, 2013 Orlando, Florida www.lowndes-law.com What We Will Cover Why is this important? Who does this
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationDISTRIBUTED DENIAL OF SERVICE OBSERVATIONS
: DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s
More informationTargeted Phishing SECURITY TRENDS
Security Trends Overview Targeted Phishing SECURITY TRENDS Overview Email is the communication medium most organizations have come to rely on. Unfortunately, most incoming email is unwanted or even malicious.
More informationAdvanced Security Methods for efraud and Messaging
Advanced Security Methods for efraud and Messaging Company Overview Offices: New York, Singapore, London, Tokyo & Sydney Specialization: Leader in the Messaging Intelligence space Market focus: Enterprise,
More informationWhite paper. How to choose a Certificate Authority for safer web security
White paper How to choose a Certificate Authority for safer web security Executive summary Trust is the cornerstone of the web. Without it, no website or online service can succeed in the competitive online
More informationSPEAR PHISHING AN ENTRY POINT FOR APTS
SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing
More informationInformation Security Field Guide to Identifying Phishing and Scams
Information Security Field Guide to Identifying Phishing and Scams 010001010100101010001010011010101010101010101 01000101010011010010100101001010 1 Contents Introduction Phishing Spear Phishing Scams Reporting
More informationProtect your brand from phishing emails by implementing DMARC 1
Protect your brand from phishing emails by implementing DMARC 1 Message from the Certified Senders Alliance supported by AOL, Microsoft and Google In the following article we want to clarify why marketers
More informationTargeted attacks: Tools and techniques
Targeted attacks: Tools and techniques Performing «red-team» penetration tests Lessons learned Presented on 17/03/2014 For JSSI OSSIR 2014 By Renaud Feil Agenda Objective: Present tools techniques that
More informationWhite paper. Phishing, Vishing and Smishing: Old Threats Present New Risks
White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have
More informationDissecting Wire Fraud: How it Happens, and How to Prevent It WHITE PAPER
Dissecting Wire Fraud: How it Happens, and How to Prevent It WHITE PAPER 2013 Guardian Analytics. Inc. All rights reserved. Introduction Preventing wire fraud starts with understanding how it is perpetrated
More informationHere are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.
Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit
More informationEvaluating DMARC Effectiveness for the Financial Services Industry
Evaluating DMARC Effectiveness for the Financial Services Industry by Robert Holmes General Manager, Email Fraud Protection Return Path Executive Summary Email spoofing steadily increases annually. DMARC
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationWhite Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management
White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationCyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group
Cyber Security Breakout Session Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group December 2014 Disclaimer: The material in this presentation
More informationCentre for the Protection of National Infrastructure Effective Log Management
Centre for the Protection of National Infrastructure Effective Log Management Tom Goldsmith, 2nd April 2014 response@contextis.com Effective Log Management / Contents Contents 1 Executive Summary 5 2 About
More informationDON T BE FOOLED BY EMAIL SPAM FREE GUIDE. Provided by: Don t Be Fooled by Spam E-Mail FREE GUIDE. December 2014 Oliver James Enterprise
Provided by: December 2014 Oliver James Enterprise DON T BE FOOLED BY EMAIL SPAM FREE GUIDE 1 This guide will teach you: How to spot fraudulent and spam e-mails How spammers obtain your email address How
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationNorth Carolina Office of the Governor North Carolina Office of Information Technology Services North Carolina Department of Cultural Resources
North Carolina Office of the Governor North Carolina Office of Information Technology Services North Carolina Department of Cultural Resources Best Practices for State Agency Social Media Usage in North
More informationSpear phishing campaign targeting staff to perform wire transfers
Spear phishing campaign targeting staff to perform wire transfers Updated 3 February 2015. This is an update to the advisory originally released on 9 October 2014. The update includes additional recommendations
More informationOIG Fraud Alert Phishing
U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION Washington, D.C. 20507 Office of Inspector General Aletha L. Brown Inspector General July 22, 2005 OIG Fraud Alert Phishing What is Phishing? Phishing is a
More informationTargeted Phishing. Trends and Solutions. The Growth and Payoff of Targeted Phishing
White Paper Targeted Phishing Email is the medium most organizations have come to rely on for communication. Unfortunately, most incoming email is unwanted or even malicious. Today s modern spam-blocking
More informationSPAM, VIRUSES AND PHISHING, OH MY! Michael Starks, CISSP, CISA ISSA Fellow 10/08/2015
SPAM, VIRUSES AND PHISHING, OH MY! Michael Starks, CISSP, CISA ISSA Fellow 10/08/2015 The Usual Players Indebtedness for driving on toll road Transaction receipts Notice to appear Major and Emerging Trends
More informationMIDDLE EAST POST BOX. - Opt-In Direct Marketing -
Best Practice is a management idea which asserts that there is a technique, method, process, activity, incentive or reward that is more effective at delivering a particular outcome than any other. The
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationDEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000
DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 CHIEF INFORMATION OFFICER October 1, 2015 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF
More informationITL BULLETIN FOR JULY 2012. Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance
ITL BULLETIN FOR JULY 2012 Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance Paul Turner, Venafi William Polk, Computer Security Division, Information
More informationFiltering E-mail for Spam: PC
Filtering E-mail for Spam: PC Last Revised: April 2003 Table of Contents Introduction... 1 Objectives... 1 Filtering E-mail for Spam... 2 What Is Spam?... 2 What Is UT Doing About Spam?... 2 What Can You
More informationICS-CERT Incident Response Summary Report
ICS-CERT Incident Response Summary Report 20092011 OVERVIEW The Department of Homeland Security (DHS) Control Systems Security Program manages and operates the Industrial Control Systems Cyber Emergency
More informationFiltering E-mail for Spam: Macintosh
Filtering E-mail for Spam: Macintosh Last Revised: April 2003 Table of Contents Introduction... 1 Objectives... 1 Filtering E-mail for Spam... 2 What Is Spam?... 2 What Is UT Doing About Spam?... 2 What
More informationA New Era. A New Edge. Phishing within your company
Phishing within your company Learning Objectives What is phishing and how to minimize its impact Obtain a basic understanding of how to use virtual machines Use BackTrack, a tool used by many security
More informationMalicious Email Mitigation Strategy Guide
CYBER SECURITY OPERATIONS CENTRE Malicious Email Mitigation Strategy Guide Introduction (UPDATED) SEPTEMBER 2012 1. Socially engineered emails containing malicious attachments and embedded links are commonly
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationNiara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined
Niara Security Intelligence Threat Discovery and Incident Investigation Reimagined Niara enables Compromised user discovery Malicious insider discovery Threat hunting Incident investigation Overview In
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationNiara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning
Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationEvaluation Report. Office of Inspector General
Evaluation Report OIG-08-035 INFORMATION TECHNOLOGY: Network Security at the Office of the Comptroller of the Currency Needs Improvement June 03, 2008 Office of Inspector General Department of the Treasury
More informationFFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager
FFIEC Supplemental Guidance to Authentication in an Robert Farmer Senior Technology Compliance Manager 1 888 250 4400 Effective Date The FFIEC Supplement to Authentication in an was issued on June 28,
More informationWith the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.
With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful. Breach Overview Q: Media reports are stating that Target experienced a data breach. Can you provide more
More informationI N T E L L I G E N C E A S S E S S M E N T
I N T E L L I G E N C E A S S E S S M E N T (U//FOUO) Malicious Cyber Actors Target US Universities and Colleges 16 January 2015 Office of Intelligence and Analysis IA-0090-15 (U) Warning: This document
More informationComprehensive Email Filtering. Whitepaper
Comprehensive Email Filtering Whitepaper Email has undoubtedly become a valued communications tool among organizations worldwide. With frequent virus attacks and the alarming influx of spam, email loses
More informationReport. Phishing Deceives the Masses: Lessons Learned from a Global Assessment
Phishing Deceives the Masses: Lessons Learned from a Global Assessment Table of Contents Executive Summary...3 Phishing Preys on the Uninformed...4 Introducing the McAfee Phishing Quiz....5 Lessons Learned...5
More informationHow To Protect Your Email From Spam On A Barracuda Spam And Virus Firewall
Comprehensive Email Filtering: Barracuda Spam & Virus Firewall Safeguards Legitimate Email Email has undoubtedly become a valued communications tool among organizations worldwide. With frequent virus attacks
More informationHow to Identify Phishing E-Mails
How to Identify Phishing E-Mails How to recognize fraudulent emails and avoid being phished. Presented by : Miguel Fra, Falcon IT Services (miguel@falconitservices.com) http://www.falconitservices.com
More informationWHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware
WHITEPAPER How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware How a DNS Firewall Helps in the Battle against Advanced As more and more information becomes available
More information1. Initial contact email is BCC d to many people (you may see undisclosed recipients in the To: field).
From: Janice Ringrose Insurance Sent: Wednesday, March 04, 2015 12:02 PM To: Renee Whalen Subject: Cheque Fraud and Red Flags Dear Law Society Members: Below is an article from LawPro s February edition
More informationWhen Reputation is Not Enough. Barracuda Email Security Gateway s Predictive Sender Profiling. White Paper
When Reputation is Not Enough Barracuda Email Security Gateway s Predictive Sender Profiling White Paper As spam continues to evolve, Barracuda Networks remains committed to providing the highest level
More informationAnti-Phishing Best Practices for ISPs and Mailbox Providers
Anti-Phishing Best Practices for ISPs and Mailbox Providers Version 2.01, June 2015 A document jointly produced by the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG) and the Anti-Phishing
More informationShield Your Business - Combat Phishing Attacks. A Phishnix White Paper
A Phishnix White Paper Shield Your Business - Combat Phishing Attacks Aujas Information Risk Services 19925 Steven s Creek Blvd, Suite 100, Cupertino, CA 95014-2358 Phone: 1.855.PHISHNX Fax : +1 408 973
More informationT.38 fax transmission over Internet Security FAQ
August 17, 2011 T.38 fax transmission over Internet Security FAQ Give me a rundown on the basics of T.38 Fax over IP security. Real time faxing using T.38 SIP trunks is just as secure as sending faxes
More informationConducting an Email Phishing Campaign
Conducting an Email Phishing Campaign WMISACA/Lansing IIA Joint Seminar May 26, 2016 William J. Papanikolas, CISA, CFSA Sparrow Health System Estimated cost of cybercrime to the world economy in 2015 was
More informationHow To Create An Insight Analysis For Cyber Security
IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics
More informationSECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon
More informationIdentity Theft Prevention Program
Smyth County Policy Identity Theft Prevention Program Purpose The purpose of the program is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity theft in
More informationPENETRATION TESTING GUIDE. www.tbgsecurity.com 1
PENETRATION TESTING GUIDE www.tbgsecurity.com 1 Table of Contents What is a... 3 What is the difference between Ethical Hacking and other types of hackers and testing I ve heard about?... 3 How does a
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationPerforming Advanced Incident Response Interactive Exercise
Performing Advanced Incident Response Interactive Exercise Post-Conference Summary Merlin Namuth Robert Huber SCENARIO 1 - PHISHING EMAILS... 3... 3 Mitigations... 3 SCENARIO 2 - IDS ALERT FOR PSEXEC...
More informationONLINE RECONNAISSANCE
ONLINE RECONNAISSANCE HOW YOUR INTERNET PROFILE CAN BE USED AGAINST YOU May 2013 Most people and organisations put information about themselves on the web. Companies advertise their work and achievements
More informationNorth Carolina Office of the Governor North Carolina Office of Information Technology Services North Carolina Department of Cultural Resources
North Carolina Office of the Governor North Carolina Office of Information Technology Services North Carolina Department of Cultural Resources Best Practices for Social Media Usage in North Carolina December
More informationYou ll learn about our roadmap across the Symantec email and gateway security offerings.
#SymVisionEmea In this session you will hear how Symantec continues to focus our comprehensive security expertise, global intelligence and portfolio on giving organizations proactive, targeted attack protection
More informationDomainKeys Identified Mail DKIM authenticates senders, message content
DomainKeys Identified Mail DKIM authenticates senders, message content Alt-N Technologies, Ltd. 2201 East Lamar Blvd, Suite 270 Arlington, Texas 76006 Phone: (817) 525-2005 Fax: (817) 525-2019 http://www.altn.com/
More informationSocial Engineering & How to Counteract Advanced Attacks. Ralph Massaro, VP of Sales Wombat Security Technologies, Inc.
Social Engineering & How to Counteract Advanced Attacks Ralph Massaro, VP of Sales Wombat Security Technologies, Inc. Agenda Social Engineering DEFCON Competition Source of Problem Countermeasures Social
More informationLesson 13: DNS Security. Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division
Lesson 13: DNS Security Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division Introduction to DNS The DNS enables people to use and surf the Internet, allowing the translation
More informationPhishing Past, Present and Future
White Paper Phishing Past, Present and Future By Theodore Green, President, SpamStopsHere.com Abstract A particularly dangerous and now common type of spam known as "Phishing attempts to trick recipients
More informationYour Guide to Email Security
Your Guide to Email Security Protect your Information Email is a powerful way to connect with people. Unfortunately it also makes us vulnerable targets of scammers that can affect us from thousands of
More informationOCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875
OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,
More informationInformation Technology
Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level
More informationExtended Validation SSL Certificates
Extended Validation SSL Certificates A NEW STANDARD TO INSPIRE TRUST, improve confidence and increase sales... INDEX 1. Extended Validation (EV) SSL Certificates solving a trust problem 2. Traditional
More informationState of the Phish 2015
Introduction The threat is real Phishing continues to pose a growing threat to the security of industries of every kind from financial organizations to government contractors to healthcare firms. Though
More informationCloud Services. Email Anti-Spam. Admin Guide
Cloud Services Email Anti-Spam Admin Guide 10/23/2014 CONTENTS Introduction to Anti- Spam... 4 About Anti- Spam... 4 Locating the Anti- Spam Pages in the Portal... 5 Anti- Spam Best Practice Settings...
More informationAuthenticating and policing the internet for consumer confidence and security
Authenticating and policing the internet for consumer confidence and security Secure On-Line ID Introduction Unique zero intervention at a glance solution Built on positive site validation Allows policing
More informationSupplement to Authentication in an Internet Banking Environment
Federal Financial Institutions Examination Council 3501 Fairfax Drive Room B7081a Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 562-6446 http://www.ffiec.gov Purpose Supplement to Authentication in
More informationApril 23, 2015 ACME Company. Security Assessment Report
April 23, 2015 ACME Company Security Assessment Report 1 Contents Contents... 1 Executive Summary... 2 Project Scope... 3 Network Vulnerabilities... 4 Open Ports... 5 Web Application Vulnerabilities...
More informationMicrosoft Phishing Filter: A New Approach to Building Trust in E-Commerce Content
Microsoft Phishing Filter: A New Approach to Building Trust in E-Commerce Content The recent flurry of media coverage around identity theft and what is being called the new scam of phishing, in which online
More informationDST EMAIL. Product FAQs. Thank you for using our products. DST UK www.dstsystems.co.uk
EFFECTIVE PERSONALISED PRINT AND E-COMMUNICATION SOLUTIONS DESIGNED WITH YOU IN MIND DSTSYSTEMS.CO.UK DST EMAIL Product FAQs version 01 Thank you for using our products. DST UK www.dstsystems.co.uk DST
More information