Phishing. Exciting horror stories and the very boring antidote

Transcription

1 Phishing Exciting horror stories and the very boring antidote

2 EXPECTATIONS WHAT YOU LL KNOW, AND NOT KNOW, AFTER I M DONE WITH YOU WHAT YOU WILL KNOW How the phishing attack is carried out Some really embarrassing examples.. ( and some less embarrassing ones) How you can prevent phishing and why you probably won t succeed WHAT YOU WONT KNOW How someone can be stupid enough the wire $46.7 million to an offshore account without making sure the mail asking you to do so is legit. Anything revolutionizing

3 BIO OR WHO AM I TO TELL YOU WHAT TO DO HANNA LIDZELL SEC-T Collector of stories and images WORK? Works with MSS Services IDS and SIEM solutions Background in operations.... SO WHAT DOES THIS MEAN?.... meetings

4 CASE STUDIES HORROR STORIES FROM THE REAL WORLD CLARA THE CLASSMATE & the Facebook scam FREDERICK THE FRIEND & the Netflix account AN AUNT & the targeted attack UBIQUITY & the really stupid wire transfer

5 THE FACEBOOK SCAM CLARA THE CLASSMATE CLICKS AN UNFORTUNATE LINK CLARA hellu CLARA What s thought I d check if you re up for helping me out real quickly CLARA Thanks! CLARA I really need to pay a bill but my bank acount thingie has stopped working, do you have yours close by? Or, what s your bank? CLARA Great. I have HSB too HANNA Hi! HANNA Sure thing. I d love to help out if I can be of assistance. HANNA sooo.. What do you need? HANNA Handelsbanken.

6 THE FACEBOOK SCAM CAUSE AND RESOLUTION WHAT CLARA DID WRONG Clicked a clickbait link Filled in her account information WHAT CLARA DID RIGHT Told her friends Logged out from all devices Changed her Facebook password Didn t change the password everywhere

7 THE NETFLIX ACCOUNT FREDERICK THE FRIEND HAS A CASE OF BAD LUCK FREDERICK THE FRIEND 28 y/o Tech-savvy Slightly hung over Bank troubles New client Already logged in to Netflix

8

9 MY AUNT MY AUNT IS TARGETED IN A MORE SOPHISTICATED WAY MY AUNT Works at large Swedish corporation Indian tech support scam

10 UBIQUITY UBIQUITY & THE STUPIDLY LARGE MONEY TRANSFER "employee impersonation and fraudulent requests from an outside entity targeting the Company's finance department. "The investigation uncovered no evidence that our systems were penetrated or that any corporate information, including our financial and account information, was accessed. The investigation found no evidence of employee criminal involvement in the fraud," $46,7 MILLION

11 BUSINESS COMPROMISE HOW IT MIGHT HAVE HAPPENED SPOOFED A spoofed impersonating a CEO/CIO requesting/approving the transfer. Continual follow up. TARGETED (SPEAR) PHISHING Phishing targeting a CEO/CIO, resulting in access to company and the ability to request/approve the transfer from a legitimate account. Once the credentials to the trusted account has been uncovered the attacker can contact users within the organization without triggering any alerts.

12 MASS-ATTACKS Wide spectrum attacks targeting a large audience Hit or miss, active for short period of time. Low success rate (0,2% 5%) Low profit per success Collecting and selling data Often detected by IDS, threat intelligence-, or host protection-tools SPEAR PHISHING Targeted attacks Well researched Small attack surfaces Attack tailored to target Specific goal Difficult to detect

13 WHY PHISHING WORKS LACK OF KNOWLEDGE of computer systems of security indicators VISUAL DECEPTION deceptive text deceptive images deceptive windows look & feel BOUNDED ATTENTION lack of attention to security indicators lacking attention to absence of security indicators Credit: Dhamija, R., Tygar, J.D., & Hearst, Marti. 2006

14 So how do we fix it? You can t

15 RISK MITIGATION Awareness training Good support systems Be serious about your security policy Help your users understand your security policy Lead by example Be a good person

16 Ridiculous URL Old copy right stamp (2011) Sloppy graphics Doesn t adapt to screen LEADING BY EXAMPLE mse&language=sv&country=se Doesn t adapt to screen Looks like my make your own webpage -project from fifth grade Crazy long URL Again, fifth grade project Inaccurate description of SSL/TLS padlock No copy right date

17 LEADING BY EXAMPLE

18 BE A GOOD PERSON

19 POP QUIZ! WHERE WILL WE END UP? domaine.com.name/test/test2/destination

20