SlideShare a Scribd company logo

Phishing - A Game of Deception

•Download as PPTX, PDF•
•
D
Digital35

Phishing is a cybercrime in which a target is contacted by email, or message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and any bank card details, and passwords. To know more: https://www.infopercept.com/phishing-a-game-of-deception

Technology
1 of 34
"Infopercept Proprietary Material - Please do not copy or distribute". Leveraging Opensource Deception, SIEM, SOAR,Threat Intel Sophisticated Email Phishing Detection and Prevention All trademarks, logos, and brand names are the property of their respective owners. Instant Pay
"Infopercept Proprietary Material - Please do not copy or distribute". PHISHING A Game of Deception 2
"Infopercept Proprietary Material - Please do not copy or distribute". Phishing – A Game of Deception OftheUsersare unabletorecognizea sophisticatedPhishing Email 97% Thefirsthalfof2021showsa 22%increasein thevolumeofPhishing Attacksoverthe sametimeperiodlastyear 22% Oforganizationsaroundtheworld experiencedsomekindofPhishing Attackin 2020 75%
"Infopercept Proprietary Material - Please do not copy or distribute". Spamand Phishing in Q12021 Geography of Phishing Attacks Organizations Under Attack Source: https://securelist.com/spam-and-phishing-in-q1-2021/102018/
"Infopercept Proprietary Material - Please do not copy or distribute". Email with Link 1.Attackersends email 2.Victimclicks onlink inthe emailandgoestomalicious website Attacker Victim 3.Attackercollectsvictims credentials Legitimate website 4.Attackersusesvictims credentialstoaccesswebsite
"Infopercept Proprietary Material - Please do not copy or distribute". Email with Attachment 1.Adversariessendsphishing emailswithattachment. 2.Victimopenstheemailand downloadtheattachment Adversaries Victim 3.AttachmentcontainsMalware.The Malwaredownloadsmaliciousfiles 4.The maliciouscode encrypts thefiles.
"Infopercept Proprietary Material - Please do not copy or distribute". Secure Email Gateway is NOTthat Secure ZeroDayAttack Attacker Business CompromiseEmail Attack Signature-less Threat InternalEmailThreat Email Security Gateway Email Service Bypass
"Infopercept Proprietary Material - Please do not copy or distribute". Westart with Email security to prevent usual phishing attacks. Where phishing gets sophisticated and smart with deception, wealso make our anti-phishing approach smart with deception.
"Infopercept Proprietary Material - Please do not copy or distribute". Next Gen ManagedSOC 1. Personalized Threat Intelligence 2. Detection 3. Prevention
"Infopercept Proprietary Material - Please do not copy or distribute". How we work ? Adversaries We createsocialmedia decoyusingrealcompanydetailsand emailid as a deceptionfor attackers. E.g. : abc@example.com Adversariesgetphishedwith ourdeceptionto launchtheir phishingattacktargetingthedecoyemail id. Notification DeceptionMonitoring SOC Monitoring SOAR – Orchestration and Automation Email Security Gateway Firewall Action Action Threat Intelligence- Exchange of IOCs
"Infopercept Proprietary Material - Please do not copy or distribute". Steps 1. Wecreate decoyEmail Address for the userlike : stevend@example.com orstevend@myexample.com 2. Wecreate the users decoy Social Media Account
"Infopercept Proprietary Material - Please do not copy or distribute". Email Box
"Infopercept Proprietary Material - Please do not copy or distribute". Social Media Profile
"Infopercept Proprietary Material - Please do not copy or distribute". NoDecoyin Email Client
"Infopercept Proprietary Material - Please do not copy or distribute". Now we AddtoEmail Client Decoy
"Infopercept Proprietary Material - Please do not copy or distribute". Now we Addrequired details to Email Client Decoy
"Infopercept Proprietary Material - Please do not copy or distribute". We then addrequisite details to Email Client Decoy
"Infopercept Proprietary Material - Please do not copy or distribute". Email Client Decoy is now set togo toDecoyManagement TheClicktoManage Decoyletsyou toseetheAddedDecoy ListonLeftSideoftheDecoy ManagementPage.
"Infopercept Proprietary Material - Please do not copy or distribute". Dejavu Console PagetoSeetheActiveAttacks– Atthisstage,wedon’thaveanyActiveAttackLogsonConsole
"Infopercept Proprietary Material - Please do not copy or distribute". Sending Email SendanEmail toStevend@myexmaple.comuserfor Phishingobjective.
"Infopercept Proprietary Material - Please do not copy or distribute". Email Box Usermailbox iscurrentlyemptyandthereare noexistingEmails
"Infopercept Proprietary Material - Please do not copy or distribute". Dejavu Attacks logs PhishingEmail AddressisShowingon DejavuAttackslogs –ForDetailedLogsandtoseetheemailContentyouneedtoClickView Logs
"Infopercept Proprietary Material - Please do not copy or distribute". Email Phishing Client Detail Logs ToseethePhishingEmail Content,click on Envelopicon andDownloadtheEmail
"Infopercept Proprietary Material - Please do not copy or distribute". Sending Email SendanEmail toStevend@myexmaple.com userforPhishingPurpose Note:ThisLogTriggersWAZUHSIEM TOOL
"Infopercept Proprietary Material - Please do not copy or distribute". Phishing Email Alert on Dejavu Console
"Infopercept Proprietary Material - Please do not copy or distribute". WAZUH – Dashboard Alert
"Infopercept Proprietary Material - Please do not copy or distribute". WAZUH – Phishing Email Event Log
"Infopercept Proprietary Material - Please do not copy or distribute". WAZUH – Phishing Email SecurityEvents Log
"Infopercept Proprietary Material - Please do not copy or distribute". WAZUH SIEM – SHUFFLESOAR Integration through Webhook Wazuh SIEM Integration with Shuffle SOAR for Automated Playbook to be executed for blocking the IP Address
"Infopercept Proprietary Material - Please do not copy or distribute". SHUFFLE SOARPlaybook How Playbook would work ? 1 - Dejavu triggers an alert and sends it to Wazuh SIEM through syslog configuration. 2 - Integration of Wazuh SIEM is done with Shuffle. 3 - When an alert triggers in Wazuh from the Deception Email Client, it triggers the Shuffle Workflow. 4 - The system then starts analysis of the email header and IP Address. 5 - It pushes the IP address to MISP Threat Exchange Database for future reference and marks it as blacklisted. 6 - Creates a case in the Case Management Tool. 7 - Blocks IP Address in Email Security Gateway and Firewall
"Infopercept Proprietary Material - Please do not copy or distribute". Forcybersecurity to have an upper hand, attacker’s sense is the most important approach. Like anti-phishing, in everycounter, attackers' tactics can be used to design and executea proactive cybersecurity solution. Opensource cybersecurity innovations help in leveraging attacker’s intelligence to preparecounter cybersecurity intelligence.
"Infopercept Proprietary Material - Please do not copy or distribute". Automatic Incidence Response for Anti-Phishing Leveraging Deception 32 Personalized Threat Intelligence Gathering SMS Email Notification Notification Open Ticket Ticket Shuffle Soar Wazuh SIEM Shuffle Check Reputations Check Existing DB Block IP in NetworkFirewall API Webhook On Sending Email on Decoy Email Decoy 1.OBSERVE 2.ORIENT 3.DECIDE 4.ACT Case Management for SOC Team Social Media Decoy Block IOC in Email Security Gateway
"Infopercept Proprietary Material - Please do not copy or distribute". Infopercept’s vision and core values revolve around making organizations more secure through the core values of Honesty, Transparency and Knowledge, so as to enable them to make better informed decisions about their security practices & goals. With our synergistic vision to combine technical expertise and professional experience, we aim to further establish our place as a one stop shop for our clients and partners’ cybersecurity and accreditation needs. Our specialized core team comprises of experienced veterans, technical experts & security enthusiasts having good practical experience & thorough knowledge in the Cybersecurity domain, are abreast of the latest trends and security innovations; ensuring that you always get the best security approach & solutions for your specific business needs, exactly the way you want it to be. About Infopercept Imprint © Infopercept Consulting Pvt. Ltd. 2021 Publisher H-1209, Titanium City Center, Satellite Road, Ahmedabad – 380 015, Gujarat, India. Contact Info M: +91 9898857117 W: www.infopercept.com E: sos@infopercept.com By accessing/ proceeding further with usage of this platform / tool / site /application, you agree with the Infopercept Consulting Pvt. Ltd.’s (ICPL) privacy policy and standard terms and conditions along with providing your consent to/for the same. For detailed understanding and review of privacy policy and standard terms and conditions. kindly visit www.infopercept.com or refer our privacy policy and standard terms and conditions. Global Offices United State of America +1 516 713 5040 United Kingdom +44 2035002056 Sri Lanka +94 702 958 909 Kuwait +965 6099 1177 India +91 9898857117 33
"Infopercept Proprietary Material - Please do not copy or distribute". 34

Recommended

Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
Phishing
PhishingPhishing
PhishingSyahida
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacksSreejith.D. Menon
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phishing
PhishingPhishing
Phishingoitaoming
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
Phishing
PhishingPhishing
PhishingKiran Patil
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 

Recommended

Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
Phishing
PhishingPhishing
PhishingSyahida
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacksSreejith.D. Menon
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phishing
PhishingPhishing
Phishingoitaoming
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
Phishing
PhishingPhishing
PhishingKiran Patil
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 
Anti phishing
Anti phishingAnti phishing
Anti phishingShethwala Ridhvesh
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackMark Mair
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
Phishing
PhishingPhishing
Phishingdefquon
 
Phishing
PhishingPhishing
Phishingshivli0769
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till nowelakkiya poongunran
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Phishing
PhishingPhishing
PhishingSyeda Javeria
 
Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp. Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp. mariotoronto
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gtemi
 
IRJET-Content based approach for Detection of Phishing Sites
IRJET-Content based approach for Detection of Phishing SitesIRJET-Content based approach for Detection of Phishing Sites
IRJET-Content based approach for Detection of Phishing SitesIRJET Journal
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposedtamfin
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishingRaviteja Chowdary Adusumalli
 
Phishing and hacking
Phishing and hackingPhishing and hacking
Phishing and hackingMd. Mehadi Hassan Bappy
 
secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger Abhishek Hirapara
 
The anatomy of a spear phishing attack
The anatomy of a spear phishing attackThe anatomy of a spear phishing attack
The anatomy of a spear phishing attackVade Secure
 
A Guide to Cyber Etiquette.pdf
A Guide to Cyber Etiquette.pdfA Guide to Cyber Etiquette.pdf
A Guide to Cyber Etiquette.pdfInfosec Train
 

More Related Content

What's hot

Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackMark Mair
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
Phishing
PhishingPhishing
Phishingdefquon
 
Phishing
PhishingPhishing
Phishingshivli0769
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp. Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp. mariotoronto
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gtemi
 
IRJET-Content based approach for Detection of Phishing Sites
IRJET-Content based approach for Detection of Phishing SitesIRJET-Content based approach for Detection of Phishing Sites
IRJET-Content based approach for Detection of Phishing SitesIRJET Journal
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposedtamfin
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger Abhishek Hirapara
 

What's hot (20)

Anti phishing
Anti phishingAnti phishing
Anti phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing Attack
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
Phishing
PhishingPhishing
Phishing
 
Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp. Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
IRJET-Content based approach for Detection of Phishing Sites
IRJET-Content based approach for Detection of Phishing SitesIRJET-Content based approach for Detection of Phishing Sites
IRJET-Content based approach for Detection of Phishing Sites
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposed
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
 
Phishing and hacking
Phishing and hackingPhishing and hacking
Phishing and hacking
 
secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger
 

Similar to Phishing - A Game of Deception

The anatomy of a spear phishing attack
The anatomy of a spear phishing attackThe anatomy of a spear phishing attack
The anatomy of a spear phishing attackVade Secure
 
A Guide to Cyber Etiquette.pdf
A Guide to Cyber Etiquette.pdfA Guide to Cyber Etiquette.pdf
A Guide to Cyber Etiquette.pdfInfosec Train
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Mukesh Chinta
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppWeSecureApp
 
What about Two Factor Authentication?
What about Two Factor Authentication? What about Two Factor Authentication?
What about Two Factor Authentication? Sinch
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresIRJET Journal
 
Using Deception to Detect and Profile Hidden Threats
Using Deception to Detect and Profile Hidden ThreatsUsing Deception to Detect and Profile Hidden Threats
Using Deception to Detect and Profile Hidden ThreatsSatnam Singh
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksHokme
 
What Types Of Information ECommerce Sites Need To.pdf
What Types Of Information ECommerce Sites Need To.pdfWhat Types Of Information ECommerce Sites Need To.pdf
What Types Of Information ECommerce Sites Need To.pdfHost It Smart
 
Cyber Security School Workshop
Cyber Security School WorkshopCyber Security School Workshop
Cyber Security School WorkshopRahul Nayan
 
Why Cybercriminals are targeting Small Businesses
Why Cybercriminals are targeting Small BusinessesWhy Cybercriminals are targeting Small Businesses
Why Cybercriminals are targeting Small BusinessesD-Amies Technologies (P) Ltd.
 
10 Tips for Improving Small Business Cyber Security
10 Tips for Improving Small Business Cyber Security10 Tips for Improving Small Business Cyber Security
10 Tips for Improving Small Business Cyber SecurityThrottleNet, Inc
 
Identity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementIdentity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementProlifics
 
Close the Security Gaps of a Remote Workforce
Close the Security Gaps of a Remote WorkforceClose the Security Gaps of a Remote Workforce
Close the Security Gaps of a Remote Workforcejlieberman07
 
Cyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small BusinessesCyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small Businessesntoscano50
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1NetWatcher
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraudWebSitePulse
 

Similar to Phishing - A Game of Deception (20)

The anatomy of a spear phishing attack
The anatomy of a spear phishing attackThe anatomy of a spear phishing attack
The anatomy of a spear phishing attack
 
A Guide to Cyber Etiquette.pdf
A Guide to Cyber Etiquette.pdfA Guide to Cyber Etiquette.pdf
A Guide to Cyber Etiquette.pdf
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
 
What about Two Factor Authentication?
What about Two Factor Authentication? What about Two Factor Authentication?
What about Two Factor Authentication?
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
Cyber Security and Data Protection
Cyber Security and Data ProtectionCyber Security and Data Protection
Cyber Security and Data Protection
 
Using Deception to Detect and Profile Hidden Threats
Using Deception to Detect and Profile Hidden ThreatsUsing Deception to Detect and Profile Hidden Threats
Using Deception to Detect and Profile Hidden Threats
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
 
What Types Of Information ECommerce Sites Need To.pdf
What Types Of Information ECommerce Sites Need To.pdfWhat Types Of Information ECommerce Sites Need To.pdf
What Types Of Information ECommerce Sites Need To.pdf
 
Cyber Security School Workshop
Cyber Security School WorkshopCyber Security School Workshop
Cyber Security School Workshop
 
Why Cybercriminals are targeting Small Businesses
Why Cybercriminals are targeting Small BusinessesWhy Cybercriminals are targeting Small Businesses
Why Cybercriminals are targeting Small Businesses
 
10 Tips for Improving Small Business Cyber Security
10 Tips for Improving Small Business Cyber Security10 Tips for Improving Small Business Cyber Security
10 Tips for Improving Small Business Cyber Security
 
Identity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementIdentity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access Management
 
Close the Security Gaps of a Remote Workforce
Close the Security Gaps of a Remote WorkforceClose the Security Gaps of a Remote Workforce
Close the Security Gaps of a Remote Workforce
 
Cyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small BusinessesCyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small Businesses
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 
10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud
 
Information security
Information securityInformation security
Information security
 

Recently uploaded

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Recently uploaded (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Phishing - A Game of Deception

  • 1. "Infopercept Proprietary Material - Please do not copy or distribute". Leveraging Opensource Deception, SIEM, SOAR,Threat Intel Sophisticated Email Phishing Detection and Prevention All trademarks, logos, and brand names are the property of their respective owners. Instant Pay
  • 2. "Infopercept Proprietary Material - Please do not copy or distribute". PHISHING A Game of Deception 2
  • 3. "Infopercept Proprietary Material - Please do not copy or distribute". Phishing – A Game of Deception OftheUsersare unabletorecognizea sophisticatedPhishing Email 97% Thefirsthalfof2021showsa 22%increasein thevolumeofPhishing Attacksoverthe sametimeperiodlastyear 22% Oforganizationsaroundtheworld experiencedsomekindofPhishing Attackin 2020 75%
  • 4. "Infopercept Proprietary Material - Please do not copy or distribute". Spamand Phishing in Q12021 Geography of Phishing Attacks Organizations Under Attack Source: https://securelist.com/spam-and-phishing-in-q1-2021/102018/
  • 5. "Infopercept Proprietary Material - Please do not copy or distribute". Email with Link 1.Attackersends email 2.Victimclicks onlink inthe emailandgoestomalicious website Attacker Victim 3.Attackercollectsvictims credentials Legitimate website 4.Attackersusesvictims credentialstoaccesswebsite
  • 6. "Infopercept Proprietary Material - Please do not copy or distribute". Email with Attachment 1.Adversariessendsphishing emailswithattachment. 2.Victimopenstheemailand downloadtheattachment Adversaries Victim 3.AttachmentcontainsMalware.The Malwaredownloadsmaliciousfiles 4.The maliciouscode encrypts thefiles.
  • 7. "Infopercept Proprietary Material - Please do not copy or distribute". Secure Email Gateway is NOTthat Secure ZeroDayAttack Attacker Business CompromiseEmail Attack Signature-less Threat InternalEmailThreat Email Security Gateway Email Service Bypass
  • 8. "Infopercept Proprietary Material - Please do not copy or distribute". Westart with Email security to prevent usual phishing attacks. Where phishing gets sophisticated and smart with deception, wealso make our anti-phishing approach smart with deception.
  • 9. "Infopercept Proprietary Material - Please do not copy or distribute". Next Gen ManagedSOC 1. Personalized Threat Intelligence 2. Detection 3. Prevention
  • 10. "Infopercept Proprietary Material - Please do not copy or distribute". How we work ? Adversaries We createsocialmedia decoyusingrealcompanydetailsand emailid as a deceptionfor attackers. E.g. : abc@example.com Adversariesgetphishedwith ourdeceptionto launchtheir phishingattacktargetingthedecoyemail id. Notification DeceptionMonitoring SOC Monitoring SOAR – Orchestration and Automation Email Security Gateway Firewall Action Action Threat Intelligence- Exchange of IOCs
  • 11. "Infopercept Proprietary Material - Please do not copy or distribute". Steps 1. Wecreate decoyEmail Address for the userlike : stevend@example.com orstevend@myexample.com 2. Wecreate the users decoy Social Media Account
  • 12. "Infopercept Proprietary Material - Please do not copy or distribute". Email Box
  • 13. "Infopercept Proprietary Material - Please do not copy or distribute". Social Media Profile
  • 14. "Infopercept Proprietary Material - Please do not copy or distribute". NoDecoyin Email Client
  • 15. "Infopercept Proprietary Material - Please do not copy or distribute". Now we AddtoEmail Client Decoy
  • 16. "Infopercept Proprietary Material - Please do not copy or distribute". Now we Addrequired details to Email Client Decoy
  • 17. "Infopercept Proprietary Material - Please do not copy or distribute". We then addrequisite details to Email Client Decoy
  • 18. "Infopercept Proprietary Material - Please do not copy or distribute". Email Client Decoy is now set togo toDecoyManagement TheClicktoManage Decoyletsyou toseetheAddedDecoy ListonLeftSideoftheDecoy ManagementPage.
  • 19. "Infopercept Proprietary Material - Please do not copy or distribute". Dejavu Console PagetoSeetheActiveAttacks– Atthisstage,wedon’thaveanyActiveAttackLogsonConsole
  • 20. "Infopercept Proprietary Material - Please do not copy or distribute". Sending Email SendanEmail toStevend@myexmaple.comuserfor Phishingobjective.
  • 21. "Infopercept Proprietary Material - Please do not copy or distribute". Email Box Usermailbox iscurrentlyemptyandthereare noexistingEmails
  • 22. "Infopercept Proprietary Material - Please do not copy or distribute". Dejavu Attacks logs PhishingEmail AddressisShowingon DejavuAttackslogs –ForDetailedLogsandtoseetheemailContentyouneedtoClickView Logs
  • 23. "Infopercept Proprietary Material - Please do not copy or distribute". Email Phishing Client Detail Logs ToseethePhishingEmail Content,click on Envelopicon andDownloadtheEmail
  • 24. "Infopercept Proprietary Material - Please do not copy or distribute". Sending Email SendanEmail toStevend@myexmaple.com userforPhishingPurpose Note:ThisLogTriggersWAZUHSIEM TOOL
  • 25. "Infopercept Proprietary Material - Please do not copy or distribute". Phishing Email Alert on Dejavu Console
  • 26. "Infopercept Proprietary Material - Please do not copy or distribute". WAZUH – Dashboard Alert
  • 27. "Infopercept Proprietary Material - Please do not copy or distribute". WAZUH – Phishing Email Event Log
  • 28. "Infopercept Proprietary Material - Please do not copy or distribute". WAZUH – Phishing Email SecurityEvents Log
  • 29. "Infopercept Proprietary Material - Please do not copy or distribute". WAZUH SIEM – SHUFFLESOAR Integration through Webhook Wazuh SIEM Integration with Shuffle SOAR for Automated Playbook to be executed for blocking the IP Address
  • 30. "Infopercept Proprietary Material - Please do not copy or distribute". SHUFFLE SOARPlaybook How Playbook would work ? 1 - Dejavu triggers an alert and sends it to Wazuh SIEM through syslog configuration. 2 - Integration of Wazuh SIEM is done with Shuffle. 3 - When an alert triggers in Wazuh from the Deception Email Client, it triggers the Shuffle Workflow. 4 - The system then starts analysis of the email header and IP Address. 5 - It pushes the IP address to MISP Threat Exchange Database for future reference and marks it as blacklisted. 6 - Creates a case in the Case Management Tool. 7 - Blocks IP Address in Email Security Gateway and Firewall
  • 31. "Infopercept Proprietary Material - Please do not copy or distribute". Forcybersecurity to have an upper hand, attacker’s sense is the most important approach. Like anti-phishing, in everycounter, attackers' tactics can be used to design and executea proactive cybersecurity solution. Opensource cybersecurity innovations help in leveraging attacker’s intelligence to preparecounter cybersecurity intelligence.
  • 32. "Infopercept Proprietary Material - Please do not copy or distribute". Automatic Incidence Response for Anti-Phishing Leveraging Deception 32 Personalized Threat Intelligence Gathering SMS Email Notification Notification Open Ticket Ticket Shuffle Soar Wazuh SIEM Shuffle Check Reputations Check Existing DB Block IP in NetworkFirewall API Webhook On Sending Email on Decoy Email Decoy 1.OBSERVE 2.ORIENT 3.DECIDE 4.ACT Case Management for SOC Team Social Media Decoy Block IOC in Email Security Gateway
  • 33. "Infopercept Proprietary Material - Please do not copy or distribute". Infopercept’s vision and core values revolve around making organizations more secure through the core values of Honesty, Transparency and Knowledge, so as to enable them to make better informed decisions about their security practices & goals. With our synergistic vision to combine technical expertise and professional experience, we aim to further establish our place as a one stop shop for our clients and partners’ cybersecurity and accreditation needs. Our specialized core team comprises of experienced veterans, technical experts & security enthusiasts having good practical experience & thorough knowledge in the Cybersecurity domain, are abreast of the latest trends and security innovations; ensuring that you always get the best security approach & solutions for your specific business needs, exactly the way you want it to be. About Infopercept Imprint © Infopercept Consulting Pvt. Ltd. 2021 Publisher H-1209, Titanium City Center, Satellite Road, Ahmedabad – 380 015, Gujarat, India. Contact Info M: +91 9898857117 W: www.infopercept.com E: sos@infopercept.com By accessing/ proceeding further with usage of this platform / tool / site /application, you agree with the Infopercept Consulting Pvt. Ltd.’s (ICPL) privacy policy and standard terms and conditions along with providing your consent to/for the same. For detailed understanding and review of privacy policy and standard terms and conditions. kindly visit www.infopercept.com or refer our privacy policy and standard terms and conditions. Global Offices United State of America +1 516 713 5040 United Kingdom +44 2035002056 Sri Lanka +94 702 958 909 Kuwait +965 6099 1177 India +91 9898857117 33
  • 34. "Infopercept Proprietary Material - Please do not copy or distribute". 34