SlideShare a Scribd company logo

The Rise of Spear Phishing & How to Avoid being the Next Headline

PhishLabs
PhishLabs

Phishing is not cybercrime, phishing is the exploitation of people. In this presentation, PhishLabs walks through the problem phishing poses to businesses and how you can prepare your employees with effective security awareness training, robust intelligence and tools to fight back against the threat. Download the on-demand version of the full webinar here: https://info.phishlabs.com/the-rise-of-spear-phishinghow-to-avoid-being-the-next-headline If you're interested in signing up for our webinar series, click here: https://info.phishlabs.com/the-rise-of-spear-phishinghow-to-avoid-being-the-next-headline

Technology
1 of 50
Download to read offline
2017 R.A.I.D. Webinar Series • What’s it about? • Insights from our Research, Analysis, Intelligence Division and other PhishLabs’ experts • Hosted every month, exact dates TBD • Focus on current threat campaigns – dissect attacks, scams, campaigns, and discuss threat actors • Goal: equip you to better secure your network, your employees, your company and your customers • Who should attend? • Open invitation – feel free to share! • Security leaders and professionals responsible for managing cyber threats
January agenda The Rise of Spear Phishing: How to Avoid Being the Next Headline Proprietary and Confidential Copyright 2017 PhishLabs 4 Crane Hassold Senior Security Threat Researcher Dane Boyd Employee Defense Training Principal
What is Phishing? 6 Proprietary and Confidential Copyright 2017 PhishLabs Phishing is not a cyber crime Phishing is the exploitation of people that leads to cybercrime
Impacts of Phishing • Financial loss (direct & indirect) • Direct monetary loss • $209 million lost to ransomware in Q1 2016 • $3.1 billion lost to BEC scams since January 2016 • Remediation costs • $2-4 million average cost of a data breach • Stock price • Lawsuits • Consumer trust Proprietary and Confidential Copyright 2017 PhishLabs 8
Impacts of Phishing • Financial loss (direct & indirect) • Data compromise • Personally identifiable information (PII) • Credentials (employee & customer) • Tax records • Intellectual property Proprietary and Confidential Copyright 2017 PhishLabs 9
Impacts of Phishing • Financial loss (direct & indirect) • Data compromise • Brand reputation • Employee trust Proprietary and Confidential Copyright 2017 PhishLabs 11
Ransomware • Biggest emerging threat of 2016 • Restricts access to files and extorts victim for ransom in exchange for decryption • Relatively simple • Numerous families, yet only a few persist • Ransomware-as-a-Service (Cerber) • Targeted campaigns focused on high- impact targets Proprietary and Confidential Copyright 2017 PhishLabs 13
Remote Access Trojans (RATs) • Allows attacker to remotely control a victim’s computer • Generic in nature (no targeting information) • Requires very little skill to use • Can steal information and monitor user’s activity • Available for purchase in underground forums and the Dark Web Proprietary and Confidential Copyright 2017 PhishLabs 14
Banking Trojans • Generally used to collect credentials • Little to no interaction with attacker after infection • Webinjects and redirects used to present victim with fake webpages • Targeting information contained within configuration files • Can be configured to target internal enterprise systems Proprietary and Confidential Copyright 2017 PhishLabs 15
IRS/W-2 Scams • Offshoot of BEC scams • 400% increase in IRS tax scams in January 2016 • 40+ companies compromised in Q1 2016 • Spoofed email requests employee W-2s • Goal is to collect W-2s for tax refund fraud and identity theft • Will likely re-emerge in 2017 Proprietary and Confidential Copyright 2017 PhishLabs 17
APT Malware • “Advanced Persistent Threat” • Goal is stealth and persistence • Extremely sophisticated • Unique tools • The Big Three • Russia – espionage, propaganda • China – IP theft • North Korea – political retaliation Proprietary and Confidential Copyright 2017 PhishLabs 18 Deep Panda/ APT19 Fancy Bear/ APT28 Deep Panda/ APT19
Agenda • Duration • Frequency • Content • Deployment Proprietary and Confidential Copyright 2017 PhishLabs Employee Defense Training Descriptors
Worst Interview Question What’s your greatest weakness? Proprietary and Confidential Copyright 2017 PhishLabs 21
Lesson Learned: Proprietary and Confidential Copyright 2017 PhishLabs 27 Make it Memorable; Keep it Short
Proprietary and Confidential Copyright 2017 PhishLabs 28
Proprietary and Confidential Copyright 2017 PhishLabs What high school did I attend?
A Question of the Ages Proprietary and Confidential Copyright 2017 PhishLabs 42 Stairs Escalator?
Proprietary and Confidential Copyright 2017 PhishLabs 43
Employee Defense Training Descriptors • Duration: Keep it Short; Make it Memorable • Frequency: Repetition is Crucial for Success • Content: Prepare for the Real World • Deployment: Make Success Easy Proprietary and Confidential Copyright 2017 PhishLabs
The Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next Headline

Recommended

2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the HumanPhishLabs
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptSanjay Kumar
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
Cyber crime in Pakistan
Cyber crime in PakistanCyber crime in Pakistan
Cyber crime in PakistanMustufain Ahmed Ansari
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 

Recommended

2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the HumanPhishLabs
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptSanjay Kumar
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
Cyber crime in Pakistan
Cyber crime in PakistanCyber crime in Pakistan
Cyber crime in PakistanMustufain Ahmed Ansari
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Phishing
PhishingPhishing
PhishingArchit Mohanty
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till nowelakkiya poongunran
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackMark Mair
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrimepronab Kurmi
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Phishing
PhishingPhishing
PhishingCarla Morales Vásquez
 
Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHydn|u - The Open Security Community
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTIONKaterynaPetrova4
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Splunk
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing TechnologyAvishekMondal15
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation AniketPandit18
 
Phishing
PhishingPhishing
Phishingguicelacatalina
 
Attack chaining for web exploitation
Attack chaining for web exploitationAttack chaining for web exploitation
Attack chaining for web exploitationn|u - The Open Security Community
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection schemeMussavir Shaikh
 
Phishing
PhishingPhishing
PhishingSaurabhKantSahu1
 
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware ExplosionPhishLabs
 
The Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing AgenciesThe Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing AgenciesDavid Dourgarian
 

More Related Content

What's hot

Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackMark Mair
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrimepronab Kurmi
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Splunk
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation AniketPandit18
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection schemeMussavir Shaikh
 

What's hot (20)

Phishing
PhishingPhishing
Phishing
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
 
Phishing
PhishingPhishing
Phishing
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing Attack
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrime
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing
PhishingPhishing
Phishing
 
Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHyd
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTION
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing Technology
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
 
Phishing
PhishingPhishing
Phishing
 
Attack chaining for web exploitation
Attack chaining for web exploitationAttack chaining for web exploitation
Attack chaining for web exploitation
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection scheme
 
Phishing
PhishingPhishing
Phishing
 

Similar to The Rise of Spear Phishing & How to Avoid being the Next Headline

2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware ExplosionPhishLabs
 
The Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing AgenciesThe Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing AgenciesDavid Dourgarian
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingJoe Nathans
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the UnionDavid Perkins
 
Symantec: The rise of hacktivism and insider threats
Symantec: The rise of hacktivism and insider threatsSymantec: The rise of hacktivism and insider threats
Symantec: The rise of hacktivism and insider threatsSymantec Website Security
 
HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...
HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...
HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...hdicapitalarea
 
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...MHM (Mayer Hoffman McCann P.C.)
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsGDSCCVR
 
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...Javier Vargas
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case studyAbhilash vijayan
 
The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUResilient Systems
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
 
Preventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel ApproachPreventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel ApproachGuardian Analytics
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionBlackbaud
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud securityPeter Wood
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 

Similar to The Rise of Spear Phishing & How to Avoid being the Next Headline (20)

2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
 
The Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing AgenciesThe Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
 
MASC RMA Cyber presentation by Belton Zeigler
MASC RMA Cyber presentation by Belton ZeiglerMASC RMA Cyber presentation by Belton Zeigler
MASC RMA Cyber presentation by Belton Zeigler
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
 
Symantec: The rise of hacktivism and insider threats
Symantec: The rise of hacktivism and insider threatsSymantec: The rise of hacktivism and insider threats
Symantec: The rise of hacktivism and insider threats
 
HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...
HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...
HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...
 
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case study
 
The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EU
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber Security
 
Preventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel ApproachPreventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel Approach
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting Introduction
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud security
 
Phishing Incident Response Playbook
Phishing Incident Response PlaybookPhishing Incident Response Playbook
Phishing Incident Response Playbook
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat Experiences
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 

Recently uploaded

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 

Recently uploaded (20)

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

The Rise of Spear Phishing & How to Avoid being the Next Headline

  • 1.
  • 2. 2017 R.A.I.D. Webinar Series • What’s it about? • Insights from our Research, Analysis, Intelligence Division and other PhishLabs’ experts • Hosted every month, exact dates TBD • Focus on current threat campaigns – dissect attacks, scams, campaigns, and discuss threat actors • Goal: equip you to better secure your network, your employees, your company and your customers • Who should attend? • Open invitation – feel free to share! • Security leaders and professionals responsible for managing cyber threats
  • 3.
  • 4. January agenda The Rise of Spear Phishing: How to Avoid Being the Next Headline Proprietary and Confidential Copyright 2017 PhishLabs 4 Crane Hassold Senior Security Threat Researcher Dane Boyd Employee Defense Training Principal
  • 5.
  • 6. What is Phishing? 6 Proprietary and Confidential Copyright 2017 PhishLabs Phishing is not a cyber crime Phishing is the exploitation of people that leads to cybercrime
  • 7.
  • 8. Impacts of Phishing • Financial loss (direct & indirect) • Direct monetary loss • $209 million lost to ransomware in Q1 2016 • $3.1 billion lost to BEC scams since January 2016 • Remediation costs • $2-4 million average cost of a data breach • Stock price • Lawsuits • Consumer trust Proprietary and Confidential Copyright 2017 PhishLabs 8
  • 9. Impacts of Phishing • Financial loss (direct & indirect) • Data compromise • Personally identifiable information (PII) • Credentials (employee & customer) • Tax records • Intellectual property Proprietary and Confidential Copyright 2017 PhishLabs 9
  • 10.
  • 11. Impacts of Phishing • Financial loss (direct & indirect) • Data compromise • Brand reputation • Employee trust Proprietary and Confidential Copyright 2017 PhishLabs 11
  • 12.
  • 13. Ransomware • Biggest emerging threat of 2016 • Restricts access to files and extorts victim for ransom in exchange for decryption • Relatively simple • Numerous families, yet only a few persist • Ransomware-as-a-Service (Cerber) • Targeted campaigns focused on high- impact targets Proprietary and Confidential Copyright 2017 PhishLabs 13
  • 14. Remote Access Trojans (RATs) • Allows attacker to remotely control a victim’s computer • Generic in nature (no targeting information) • Requires very little skill to use • Can steal information and monitor user’s activity • Available for purchase in underground forums and the Dark Web Proprietary and Confidential Copyright 2017 PhishLabs 14
  • 15. Banking Trojans • Generally used to collect credentials • Little to no interaction with attacker after infection • Webinjects and redirects used to present victim with fake webpages • Targeting information contained within configuration files • Can be configured to target internal enterprise systems Proprietary and Confidential Copyright 2017 PhishLabs 15
  • 16.
  • 17. IRS/W-2 Scams • Offshoot of BEC scams • 400% increase in IRS tax scams in January 2016 • 40+ companies compromised in Q1 2016 • Spoofed email requests employee W-2s • Goal is to collect W-2s for tax refund fraud and identity theft • Will likely re-emerge in 2017 Proprietary and Confidential Copyright 2017 PhishLabs 17
  • 18. APT Malware • “Advanced Persistent Threat” • Goal is stealth and persistence • Extremely sophisticated • Unique tools • The Big Three • Russia – espionage, propaganda • China – IP theft • North Korea – political retaliation Proprietary and Confidential Copyright 2017 PhishLabs 18 Deep Panda/ APT19 Fancy Bear/ APT28 Deep Panda/ APT19
  • 19.
  • 20. Agenda • Duration • Frequency • Content • Deployment Proprietary and Confidential Copyright 2017 PhishLabs Employee Defense Training Descriptors
  • 21. Worst Interview Question What’s your greatest weakness? Proprietary and Confidential Copyright 2017 PhishLabs 21
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27. Lesson Learned: Proprietary and Confidential Copyright 2017 PhishLabs 27 Make it Memorable; Keep it Short
  • 29.
  • 30.
  • 31.
  • 32.
  • 33. Proprietary and Confidential Copyright 2017 PhishLabs What high school did I attend?
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42. A Question of the Ages Proprietary and Confidential Copyright 2017 PhishLabs 42 Stairs Escalator?
  • 44.
  • 45.
  • 46.
  • 47. Employee Defense Training Descriptors • Duration: Keep it Short; Make it Memorable • Frequency: Repetition is Crucial for Success • Content: Prepare for the Real World • Deployment: Make Success Easy Proprietary and Confidential Copyright 2017 PhishLabs