Phishing is a cybercrime in which a target is contacted by email, or message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and any bank card details, and passwords.
To know more: https://www.infopercept.com/phishing-a-game-of-deception
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Â
Phishing - A Game of Deception
1. "Infopercept Proprietary Material - Please do not copy or distribute".
Leveraging Opensource Deception,
SIEM, SOAR,Threat Intel
Sophisticated Email
Phishing Detection
and Prevention
All trademarks, logos, and brand names are the property of their respective owners.
Instant
Pay
3. "Infopercept Proprietary Material - Please do not copy or distribute".
Phishing – A Game of Deception
OftheUsersare unabletorecognizea
sophisticatedPhishing Email
97%
Thefirsthalfof2021showsa 22%increasein
thevolumeofPhishing Attacksoverthe
sametimeperiodlastyear
22%
Oforganizationsaroundtheworld
experiencedsomekindofPhishing Attackin
2020
75%
4. "Infopercept Proprietary Material - Please do not copy or distribute".
Spamand Phishing in Q12021
Geography of Phishing Attacks Organizations Under Attack
Source: https://securelist.com/spam-and-phishing-in-q1-2021/102018/
5. "Infopercept Proprietary Material - Please do not copy or distribute".
Email with Link
1.Attackersends
email
2.Victimclicks onlink inthe
emailandgoestomalicious
website
Attacker
Victim
3.Attackercollectsvictims
credentials
Legitimate
website
4.Attackersusesvictims
credentialstoaccesswebsite
6. "Infopercept Proprietary Material - Please do not copy or distribute".
Email with Attachment
1.Adversariessendsphishing
emailswithattachment.
2.Victimopenstheemailand
downloadtheattachment
Adversaries
Victim
3.AttachmentcontainsMalware.The
Malwaredownloadsmaliciousfiles
4.The maliciouscode encrypts
thefiles.
7. "Infopercept Proprietary Material - Please do not copy or distribute".
Secure Email Gateway is NOTthat Secure
ZeroDayAttack
Attacker
Business
CompromiseEmail
Attack
Signature-less
Threat
InternalEmailThreat
Email Security Gateway
Email Service
Bypass
8. "Infopercept Proprietary Material - Please do not copy or distribute".
Westart with Email security to prevent usual phishing attacks. Where phishing gets
sophisticated and smart with deception, wealso make our anti-phishing approach smart with
deception.
9. "Infopercept Proprietary Material - Please do not copy or distribute".
Next Gen ManagedSOC
1. Personalized Threat Intelligence
2. Detection
3. Prevention
10. "Infopercept Proprietary Material - Please do not copy or distribute".
How we work ?
Adversaries
We createsocialmedia decoyusingrealcompanydetailsand
emailid as a deceptionfor attackers.
E.g. : abc@example.com
Adversariesgetphishedwith ourdeceptionto launchtheir
phishingattacktargetingthedecoyemail id.
Notification
DeceptionMonitoring SOC Monitoring
SOAR – Orchestration and Automation
Email Security Gateway
Firewall Action
Action
Threat Intelligence- Exchange
of IOCs
11. "Infopercept Proprietary Material - Please do not copy or distribute".
Steps
1. Wecreate decoyEmail Address for the userlike :
stevend@example.com orstevend@myexample.com
2. Wecreate the users decoy Social Media Account
18. "Infopercept Proprietary Material - Please do not copy or distribute".
Email Client Decoy is now set togo toDecoyManagement
TheClicktoManage Decoyletsyou toseetheAddedDecoy ListonLeftSideoftheDecoy ManagementPage.
19. "Infopercept Proprietary Material - Please do not copy or distribute".
Dejavu Console
PagetoSeetheActiveAttacks– Atthisstage,wedon’thaveanyActiveAttackLogsonConsole
20. "Infopercept Proprietary Material - Please do not copy or distribute".
Sending Email
SendanEmail toStevend@myexmaple.comuserfor
Phishingobjective.
21. "Infopercept Proprietary Material - Please do not copy or distribute".
Email Box
Usermailbox iscurrentlyemptyandthereare noexistingEmails
22. "Infopercept Proprietary Material - Please do not copy or distribute".
Dejavu Attacks logs
PhishingEmail AddressisShowingon DejavuAttackslogs –ForDetailedLogsandtoseetheemailContentyouneedtoClickView Logs
23. "Infopercept Proprietary Material - Please do not copy or distribute".
Email Phishing Client Detail Logs
ToseethePhishingEmail Content,click on Envelopicon andDownloadtheEmail
24. "Infopercept Proprietary Material - Please do not copy or distribute".
Sending Email
SendanEmail toStevend@myexmaple.com
userforPhishingPurpose
Note:ThisLogTriggersWAZUHSIEM TOOL
29. "Infopercept Proprietary Material - Please do not copy or distribute".
WAZUH SIEM – SHUFFLESOAR Integration through Webhook
Wazuh SIEM Integration with Shuffle SOAR for Automated Playbook to be executed for blocking the IP
Address
30. "Infopercept Proprietary Material - Please do not copy or distribute".
SHUFFLE SOARPlaybook
How Playbook would work ?
1 - Dejavu triggers an alert and
sends it to Wazuh SIEM through
syslog configuration.
2 - Integration of Wazuh SIEM is
done with Shuffle.
3 - When an alert triggers in Wazuh
from the Deception Email Client, it
triggers the Shuffle Workflow.
4 - The system then starts analysis
of the email header and IP Address.
5 - It pushes the IP address to MISP
Threat Exchange Database for
future reference and marks it as
blacklisted.
6 - Creates a case in the Case
Management Tool.
7 - Blocks IP Address in Email
Security Gateway and Firewall
31. "Infopercept Proprietary Material - Please do not copy or distribute".
Forcybersecurity to have an upper hand, attacker’s sense is the most important approach.
Like anti-phishing, in everycounter, attackers' tactics can be used to design and executea
proactive cybersecurity solution. Opensource cybersecurity innovations help in leveraging
attacker’s intelligence to preparecounter cybersecurity intelligence.
32. "Infopercept Proprietary Material - Please do not copy or distribute".
Automatic Incidence Response for Anti-Phishing Leveraging Deception
32
Personalized Threat Intelligence Gathering
SMS
Email
Notification
Notification
Open Ticket Ticket
Shuffle Soar
Wazuh SIEM
Shuffle
Check Reputations Check Existing DB Block IP in NetworkFirewall
API
Webhook
On Sending Email on
Decoy
Email Decoy
1.OBSERVE
2.ORIENT 3.DECIDE
4.ACT
Case Management for SOC Team
Social Media Decoy
Block IOC in Email Security
Gateway