SPEAR PHISHING AN ENTRY POINT FOR APTS



Similar documents
Network Security Report:

Unified Security, ATP and more

Fighting Advanced Threats

STOP Cybercriminals and. security attacks ControlNow TM Whitepaper

The Hillstone and Trend Micro Joint Solution

GFI White Paper. How Web Reputation increases your online protection

Symantec Advanced Threat Protection: Network

You ll learn about our roadmap across the Symantec and gateway security offerings.

GOING BEYOND BLOCKING AN ATTACK

Under the Hood of the IBM Threat Protection System

ENABLING FAST RESPONSES THREAT MONITORING

McAfee Phishing Quiz. Partner Enablement Guide

Stop advanced targeted attacks, identify high risk users and control Insider Threats

GFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall

WEBSENSE SECURITY SOLUTIONS OVERVIEW

SOLUTION CARD WHITE PAPER

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows InTune (October 2013 Release)

Streamlining Web and Security

Survey: Web filtering in Small and Medium-sized Enterprises (SMEs)

Integrating MSS, SEP and NGFW to catch targeted APTs

Cisco Advanced Malware Protection

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats

WEBSENSE TRITON SOLUTIONS

Cisco Advanced Malware Protection for Endpoints

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

How Do Threat Actors Move Deeper Into Your Network?

Cisco Advanced Malware Protection for Endpoints

Securing Cloud-Based

Cloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?

DYNAMIC DNS: DATA EXFILTRATION

IBM Security re-defines enterprise endpoint protection against advanced malware

WildFire. Preparing for Modern Network Attacks

White. Paper. Good Enough Security Is No Longer Good Enough. January 2013

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Protecting against cyber threats and security breaches

Users Beware: 10 Security Tips to Share with Your Users

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows Server Update Services 3.0 SP2

The webinar will begin shortly

Perspectives on Cybersecurity in Healthcare June 2015

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security

Spear Phishing Attacks Why They are Successful and How to Stop Them

Protect your business. with web security ControlNow TM Whitepaper

Analyzing HTTP/HTTPS Traffic Logs

Symantec Advanced Threat Protection: Network

Stop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats

When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher

INTRODUCING isheriff CLOUD SECURITY

Correlation and Phishing

Comprehensive real-time protection against Advanced Threats and data theft

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

KASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

SPEAR PHISHING UNDERSTANDING THE THREAT

IBM QRadar Security Intelligence April 2013

GFI White Paper. security: The performance, protection and choice SMBs deserve

TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT

Content Security: Protect Your Network with Five Must-Haves

GFI Product Manual. Administration and Configuration Manual

TRITON APX. Websense TRITON APX

Unified Security Management and Open Threat Exchange

Why Bayesian filtering is the most effective anti-spam technology

Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder

AntiVirus. Administrator Guide

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Better Together: Microsoft Office 365 & Symantec Office 365

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Society Protection Best Practices from Industry

GFI Product Comparison. GFI MailEssentials vs. Trend Micro ScanMail Suite for Microsoft Exchange

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

Defending Against. Phishing Attacks

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Advanced Threat Protection with Dell SecureWorks Security Services

Achieve Deeper Network Security

Security Intelligence

Webroot Security Intelligence. The World s Most Powerful Real-Time Network Security Services

Big Data Analytics in Network Security: Computational Automation of Security Professionals

End-user Security Analytics Strengthens Protection with ArcSight

How To Create An Insight Analysis For Cyber Security

Advanced Security Methods for efraud and Messaging

Find the needle in the security haystack

Netsweeper Whitepaper

SHARING THREAT INTELLIGENCE ANALYTICS FOR COLLABORATIVE ATTACK ANALYSIS

Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd

Introducing IBM s Advanced Threat Protection Platform

ENTERPRISE EPP COMPARATIVE ANALYSIS

Securing Office 365 with Symantec

1 Introduction Product Description Strengths and Challenges Copyright... 5

Practical Threat Intelligence. with Bromium LAVA

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

IBM Security Intelligence Strategy

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario

Zak Khan Director, Advanced Cyber Defence

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

Transcription:

SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide.

INTRODUCTION A number of industry and vendor studies support the fact that spear phishing is a primary means by which Advanced Persistent threat (APT) attackers infiltrate target networks. In fact, one such report found 91% of the attacks they analyzed involved spear-phishing emails. Being able to detect and block emails delivering malicious content though email file attachments and external web links is critical in the fight against targeted advanced attacks.

WHAT IS SPEAR PHISHING? Unlike broad phishing campaigns like the Nigerian 419 scams, spear phishing is a targeted email campaign to specific persons or roles within specific organizations. It is the attempt to acquire sensitive information for malicious intent by masquerading as a trustworthy entity. Phishing Ingredients: Phishing emails typically contain the following attack mechanisms: The Email Email is the number one threat vector for all organizations. In a spear-phishing attack, a targeted recipient is lured to either download a seemingly harmless file attachment or to click a link to a malware or an exploit-laden site. The File and/or Link In a typical APT attack the downloaded file (via the attachment or website) installs the malware and then accesses a malicious command-and-control (C&C) server to await further instructions from a remote user. It will also hide the malicious activity by opening a seemingly innocuous file when the malware runs. Social Engineering Spear Phishing attacks use familiarity as their first weapon in the attack. They know something about you your email address, your name and use it to gain your confidence and to induce you (the target) to use the two above mechanisms. They may also try to gather additional important confidential information for further malicious activity by inducing you to reply to the email. 94% of targeted emails use malicious file attachments 3

HOW DOES THREATSECURE EMAIL ADDRESS SPEAR PHISHING? The ThreatSecure Email solution was specifically designed to address the types of attacks such as spear phishing that use email as their primary delivery mechanism. It has strong analysis capabilities to detect suspicious email through both static and behavioral analysis as well as a highly trained machine-learning engine. The product addresses all potential attack mechanisms of spear phishing: Phishing Attack Mechanisms and ThreatSecure: Malicious Links The ThreatSecure Email has a very extensive and current blacklist of malicious urls. This list is derived from ThreatTrack s own best-of-breed ThreatIQ threat data service used by many other large security vendors, which aggregates malware data continuously from its own products, its partners data, and other important malware information sites. This information is updated on the ThreatSecure appliance on a continuous basis and is used as a reputational score on every link within the email. If the link scores high the email is usually quarantined. Email attachments ThreatSecure Email is capable of scoring the risk of documents, executables and archived files using machine learning, static analysis using multiple sourced signatures, and behavioral analysis using the best-ofbreed sandboxes. Social Engineering Most social engineering efforts involve a request in an email to open a document or visit a site, either one of which may contain some malware. In this case, the ThreatSecure product addresses these vectors using the techniques above. 4

POWERFUL ANALYTICS In addition, the ThreatSecure Email console has a powerful analytics view that is designed explicitly to help in identifying the targets of attacks such as spear phishing campaigns. As an example, Figure 1 shows the console has a graphical view of the top ten targets that shows the persons that have been most targeted with suspicious emails within a date range. This graph allows a security analyst to drill down into any target on the list and view the details of the emails involved. Evidence of persistent attacks can be uncovered using the views filters and time lines. Often, the resulting data of this analysis may be able to be used in other security systems such as a SIEM and IPS to block the sources of further attacks. Figure1: Powerful Analytics Show Targeted individuals and Groups 5

SUMMARY Spear phishing is a targeted email scam with the sole purpose of obtaining unauthorized access to sensitive data. These attacks will use vectors of attached files, links within the email, and social engineering traps. The ThreatSecure Email product is explicitly designed to: 1. Provide detection and prevention of all three of these mechanisms 2. Provide its customers with analytics tools to investigate in more detail the sources of these attacks 3. Use its inferred information with other security systems to inhibit and block further attacks from the same sources

ABOUT THREATTRACK SECURITY ThreatTrack Security specializes in helping organizations identify and stop Advanced Persistent Threats (APTs), targeted attacks and other sophisticated malware designed to evade the traditional cyber defenses deployed by enterprises and government agencies around the world. With more than 300 employees worldwide and backed by Insight Venture Partners and Bessemer Venture Partners, the company develops advanced cybersecurity solutions that Expose, Analyze and Eliminate the latest malicious threats, including its ThreatSecure advanced threat detection and remediation platform, ThreatAnalyzer malware behavioral analysis sandbox, ThreatIQ real-time threat intelligence service, and VIPRE business antivirus endpoint protection. To learn more about ThreatTrack Security call +1-855-885-5566 or visit www.threattracksecurity.com. The information and content in this document is provided for informational purposes only and is provided as is with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. ThreatTrack Security, Inc. is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, ThreatTrack Security, Inc. makes no claim, promise or guarantee about the completeness, accuracy, relevancy or adequacy of information and is not responsible for misprints, out-ofdate information, or errors. ThreatTrack Security, Inc. makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. All products mentioned are trademarks or registered trademarks of their respective companies.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information