Phishing Why an attack created in 1987 still works today



Similar documents
Information Security Engineering

Course Descriptions November 2014

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

GIAC Program Overview 2015 Q4 Version

GIAC Certification. Enterprise Solution

Trends in Advanced Threat Protection

Spear Phishing Attacks Why They are Successful and How to Stop Them

Advanced Persistent Threats

Threat Landscape. Threat Landscape. Israel 2013

Understanding the Advanced Threat Landscape an MSPs Guide. IT Security: Enabled

Social Engineering Toolkit

MASTER S DEGREES & GRADUATE CERTIFICATES REGIONAL ACCREDITATION FUNDING OPTIONS

When less is more (Spear-Phishing and Other Methods to Steal Data) Alexander Raczyński

How We're Getting Creamed

Advanced & Persistent Threat Analysis - I

Be Prepared for Java Zero-day Attacks

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

How to Make Browsers Safer Using Virtualization

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012

Zero day attacks anatomy & countermeasures. By Cade Zvavanjanja Cybersecurity Strategist

Software that provides secure access to technology, everywhere.

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Protecting against cyber threats and security breaches

The Next Generation IPS

RSA Security Anatomy of an Attack Lessons learned

Combating Spear-phishing:

Security Awareness For Website Administrators. State of Illinois Central Management Services Security and Compliance Solutions

APT Advanced Persistent Threat Time to rethink?

The Federal CISO Dilemma. You have to do FISMA. You must defend against cyber threats.

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

PREVENTING ZERO-DAY ATTACKS IN MOBILE DEVICES

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

Anti-exploit tools: The next wave of enterprise security

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

MODERN CYBER THREATS AND GOVERNMENT AGENCIES

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats

PENETRATION TEST & SECURITY STANDARDS

Using big data analytics to identify malicious content: a case study on spam s

Security and Privacy

SPEAR PHISHING AN ENTRY POINT FOR APTS

SECURITY 2.0 LUNCHEON

CISO Guide to Next Generation Threats

Trends in Targeted Attacks By Nart Villeneuve

Trends in Targeted Attacks By Nart Villeneuve

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark

N J C C I C NJ CYBERSECURITY AND COMMUNICATIONS INTEGRATION CELL

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Malware & Botnets. Botnets

THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY

How To Prevent Hacker Attacks With Network Behavior Analysis

Agenda , Palo Alto Networks. Confidential and Proprietary.

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Best Practices for Avoiding Getting Speared Like a Phish

The Mile High Denver Chapter of ARMA welcomes you to our virtual meeting!

Defending Against Cyber Attacks with SessionLevel Network Security

10 Smart Ideas for. Keeping Data Safe. From Hackers

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

Breaking the Cyber Attack Lifecycle

Advanced Persistent Threats

Unknown threats in Sweden. Study publication August 27, 2014

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures

Malware. Stopping cyberattacks. Sponsored by

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains

Valery Milman CYBERARK PRIVILEGED ACCOUNT SECURITY

Understanding Security Threats in the Cyber World. Beth Chancellor, Chief Information Security Officer

Advanced Persistent Threats

Phishing Scams Security Update Best Practices for General User

UNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)

Information Security for Modern Enterprises

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Professional Services Overview

Cloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages

SPEAR PHISHING UNDERSTANDING THE THREAT

Combating Advanced Persistent Threats

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

Fighting Advanced Threats

Becoming the APT. Thwarting Advanced Persistent Threats in Your Environment

Stop advanced targeted attacks, identify high risk users and control Insider Threats

We ve been hacked! We did it! Rick Grandy Lockheed Martin Hanford Site

ADVANCED PERSISTENT THREATS AND OTHER ADVANCED ATTACKS:

Ty Miller. Director, Threat Intelligence Pty Ltd

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Creating a remote command shell using default windows command line tools

IBM Security re-defines enterprise endpoint protection against advanced malware

New York State Energy Planning Board. Cyber Security and the Energy Infrastructure

TRENDS IN THE THREAT LANDSCAPE

Is security awareness a waste of time?

NATIONAL CYBER SECURITY AWARENESS MONTH

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

Advanced Persistent Threats

Transcription:

Phishing Why an attack created in 1987 still works today TJ OConnor GIAC (GSE, GSEC, GCFW, GCIA, GCIH, GCFA, GREM, GPEN, GWAPT, GCFE) SANS Technology Institute - Candidate for Master of Science Degree 1 1

Phishing Phishing emails typically contain misspellings, are addressed to a generic audience, ask for personal information or include the need to act immediately. West Point IT105 Curriculum The above statement is no longer true. In fact, the following more accurately describes today s phishing: Spear phishing and whaling towards targeted individuals Combined with information from social networking sites Contain highly-personalized information Appears to come from a legit authority Phishing drop sites look identical to legit sites Combined with zero-days to avoid IDS & Virus Scans The majority of people fail to understand how phishing can be combined to pivot towards the internal network SANS Technology Institute - Candidate for Master of Science Degree 2

How phishing leads to a much greater threat One skilled phishing attack can lead to total devastation in a company. Social-Engineer.org RSA Breach A targeted email with an exploit embedded in an Excel spreadsheet Combined with information found on social networking sites Exploit installed remote access toolkit (RAT) RAT used to steal source code for RSA Secure IDs May 2011, stolen IDs used to attack three defense contractors Operation Aurora Attacked over 34 high-tech and defense companies A targeted email that included an IE-6 Zero Day Attack pivoted towards Source Code Repositories July 2011, we see several successful attacks against Gmail SANS Technology Institute - Candidate for Master of Science Degree 3

Phishing s role in the overall attack anatomy Individuals are targeted based on information found in company directory on web or on social networking sites Targeted individuals are emailed either a link or an Adobe pdf, or MS Office document Link or embedded document exploits vulnerability that makes a reverse callback to remote attacker Attacker installs remote access toolkit; uses toolkit to search machine, its privileges and pivot towards internal network PR department dubs it an advanced persistent threat (APT) in order due to concern about financial liability to customers SANS Technology Institute - Candidate for Master of Science Degree 4

Why it is only getting worse Continued false education Phishing seen as an attempt to solicit users Thought of as only malformed URLs Client-side attacks not discussed routinely Integration with social networking Our lives today are routinely divulged on the internet Information can be harvested to create personal phishing emails Social Engineering Toolkit GUI to create spear-phishing campaigns Can deliver client-side-exploits, install a remote access kit Lack of accountability and understanding Does the average end user understand that three separate defense contractors were compromised because one RSA employee opened an Excel Spreadsheet from an email? SANS Technology Institute - Candidate for Master of Science Degree 5

References Banks, David. Spear Phishing Tests Educate People About Online Scams. The Wall Street Journal, August 17 th, 2005. Binde, Beth et al. Assessing Outbound Traffic to Uncover Advanced Persistent Threat. Retrieved from the Sans Institute Web Site: http://www.sans.edu/student-files/projects/jwp-binde-mcree-oconnor.pdf. Last accessed 08 June 2011. EECS. IT105 Intro to Information Technology. Retrieved from Internal US Military Academy D/EECS Web Site: http://www-internal.eecs.usma.edu/courses/it105/. Last accessed 08 June 2011. Kang, Cecilla. Hundreds of Gmail accounts hacked, including some senior US government officials. Retrieved from Washing Post Web Site: http://www.washingtonpost.com/blogs/post-tech/post/google-hundreds-of-gmail-accounts-hacked-including-somesenior-us-government-officials/2011/06/01/aggasggh_blog.html. Last accessed 08 June 2011. Kennedy, David, The Social Engineering Toolkit. Retrieved from SecManiac Web Site: www.secmaniac.com. Last accessed 08 June 2011. Ragan, Steve. Three Military Contractors Linked to Post RSA Attacks Retrieved from the Tech Herald Web Site: http://www.thetechherald.com/article.php/201122/7225/three-military-contractors-linked-to-post-rsa-attacks. Last accessed 08 June 2011. Social Engineer.Org, www.social-engineer.org. Last Accessed 08 June 2011. Zeltser, Lenny Phishing Messages May Include High Personalized Information. Retrieved from the Internet Storm Center Web Site: http://isc.sans.org/diary.html?storyid=1194. Last accessed 08 June 2011. SANS Technology Institute - Candidate for Master of Science Degree 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information