1. CBI WEBINAR SERIES
SPEAR PHISHING DEFENSE
Presented By:
Joe Schorr
Principal Security Strategist
800.747.8585 | help@cbihome.com
2. Agenda
• Spear Phishing Defined
• Spear Phishing Defense
• Next Steps
• Tips for home and family
• Q&A
2 800.747.8585 | help@cbihome.com
3. Spear Phishing Defined
Spear phishing is a targeted attack using email spoofing
that seeks to obtain illegal access in order to steal
confidential data.
These attacks are not the work of random actors but more
often the persistent efforts of criminal enterprises, or
state-sponsored professionals seeking trade secrets,
financial gain or military intelligence.
Spear phishing emails leverage social engineering
techniques and appear to come from within a person’s
place of employment, an authority figure or a known
associate.
3 800.747.8585 | help@cbihome.com
7. Anatomy of the Attack
Step 4
• Gather and
encrypt
stolen data
Step 2 Step 5
• Fake Email • Stolen data
Delivered transferred to
Step 3 attacker
• Create a backdoor
and steal user
information
Step 1
• Targets (people)
researched and
pinpointed
7 800.747.8585 | help@cbihome.com
8. Step 1 – Target selection and research
1. Target selected from shopping list
2. Passive searching – ‘Google-Fu’
3. Cyber-stalking via Facebook and Linked In
4. Select individuals for Spear-phishing attack
5. Customize mail to targets
8 800.747.8585 | help@cbihome.com
9. Step 2 – ‘Payload’ Delivery
1. The targeted person receives the fake email
2. User follows instructions on false site they are directed to
3. Or… the user opens a malicious payload in an attachment
9 800.747.8585 | help@cbihome.com
10. Step 3 – Exploitation
1. Create ‘Backdoor’ to access the network un-impeded
2. Steal credentials, i.e. user names and passwords
3. ‘Phone Home’ to Command & Control servers
4. Spread out to other systems
10 800.747.8585 | help@cbihome.com
11. Step 4 – Data Gathering
1. Gather important data targeted by the original shopping list
2. Encrypt the stolen data
3. Prepare the data to be transferred from the target
11 800.747.8585 | help@cbihome.com
12. Step 5 - Extraction
Encrypted data extracted via FTP to compromised server outside the target’s network
12 800.747.8585 | help@cbihome.com
13. Spear Phishing Defense
1. REVIEW! Your personal information on the internet
and social networking sites immediately. Start to
look at your online persona as an attacker would.
13 800.747.8585 | help@cbihome.com
14. Spear Phishing Defense
2. SANITIZE! Your online life. Remove references to
personal information on social networking and social
media sites. Even family info, photos and hobbies
can be used against you and your company.
14 800.747.8585 | help@cbihome.com
15. Spear Phishing Defense
3. DON’T! Click links or respond to mysterious email
messages. Double-check the authenticity especially if
they seem abnormally urgent. Examine the link
names.
15 800.747.8585 | help@cbihome.com
16. Spear Phishing Defense
4. UPDATE! And patch your anti-virus software. Many
attackers make use of ‘zero-day’ or very new viruses
and attack vectors. Keeping up to date is your best
defense against new malware.
16 800.747.8585 | help@cbihome.com
17. Spear Phishing Defense
5. TURN ON! All the features on your security software.
Make sure that all elements of the solution are
enabled and active. It does no good if your anti-virus
is ‘On’ but the firewall or email filters are ‘Off’.
17 800.747.8585 | help@cbihome.com
18. Spear Phishing Defense
6. ENCRYPT! The Crown Jewels of your organization.
Make your priceless data ‘worthless’.
18 800.747.8585 | help@cbihome.com
19. Spear Phishing Defense
7. PREVENT! Sensitive data from leaving. Data Loss
Prevention inspects the content flow and give
assurance the content doesn’t contain any sensitive
data that may be violate company policy. If it violates
the policy, the transmission is blocked and a
notification sent.
19 800.747.8585 | help@cbihome.com
20. Next Steps
• Publish a corporate policy for public information
• Prohibit publication of org charts, personal info, phone lists,
customer lists, etc.
• Implement awareness training for your employees
• Let them know they are targets and what attackers want to
know
• Create a Phishing Response Strategy
• Begin to track the kinds of ‘spam’ you’re getting (you may be
targeted and not realize it)
• Contact CBI for assistance with these and other information
security and security awareness issues, including security and
vulnerability assessments
20 800.747.8585 | help@cbihome.com
21. Tips for Home
http://www.connectsafely.org/ http://www.staysafeonline.org http://us.norton.com/content/en
pdfs/fbparents.pdf /sites/default/files/resource_d /us/home_homeoffice/media/the
ocuments/Parents%20Internet me/parentresources/FamilyOnlin
%20Safety%20and%20Security eSafetyGuide_3rdEd_final.pdf
%20STC.pdf
21 800.747.8585 | help@cbihome.com