Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Spear Phishing Defense


Published on

  • Be the first to comment

Spear Phishing Defense

  1. 1. CBI WEBINAR SERIESSPEAR PHISHING DEFENSE Presented By: Joe Schorr Principal Security Strategist 800.747.8585 |
  2. 2. Agenda • Spear Phishing Defined • Spear Phishing Defense • Next Steps • Tips for home and family • Q&A2 800.747.8585 |
  3. 3. Spear Phishing Defined Spear phishing is a targeted attack using email spoofing that seeks to obtain illegal access in order to steal confidential data. These attacks are not the work of random actors but more often the persistent efforts of criminal enterprises, or state-sponsored professionals seeking trade secrets, financial gain or military intelligence. Spear phishing emails leverage social engineering techniques and appear to come from within a person’s place of employment, an authority figure or a known associate.3 800.747.8585 |
  5. 5. Recent Events – Personal Information Lost5 800.747.8585 |
  6. 6. Recent Events – Spear Phishing Attacks6 800.747.8585 |
  7. 7. Anatomy of the Attack Step 4 • Gather and encrypt stolen data Step 2 Step 5 • Fake Email • Stolen data Delivered transferred to Step 3 attacker • Create a backdoor and steal user information Step 1 • Targets (people) researched and pinpointed7 800.747.8585 |
  8. 8. Step 1 – Target selection and research1. Target selected from shopping list2. Passive searching – ‘Google-Fu’3. Cyber-stalking via Facebook and Linked In4. Select individuals for Spear-phishing attack5. Customize mail to targets8 800.747.8585 |
  9. 9. Step 2 – ‘Payload’ Delivery1. The targeted person receives the fake email2. User follows instructions on false site they are directed to3. Or… the user opens a malicious payload in an attachment9 800.747.8585 |
  10. 10. Step 3 – Exploitation1. Create ‘Backdoor’ to access the network un-impeded2. Steal credentials, i.e. user names and passwords3. ‘Phone Home’ to Command & Control servers4. Spread out to other systems10 800.747.8585 |
  11. 11. Step 4 – Data Gathering 1. Gather important data targeted by the original shopping list 2. Encrypt the stolen data 3. Prepare the data to be transferred from the target11 800.747.8585 |
  12. 12. Step 5 - Extraction Encrypted data extracted via FTP to compromised server outside the target’s network12 800.747.8585 |
  13. 13. Spear Phishing Defense 1. REVIEW! Your personal information on the internet and social networking sites immediately. Start to look at your online persona as an attacker would.13 800.747.8585 |
  14. 14. Spear Phishing Defense 2. SANITIZE! Your online life. Remove references to personal information on social networking and social media sites. Even family info, photos and hobbies can be used against you and your company.14 800.747.8585 |
  15. 15. Spear Phishing Defense 3. DON’T! Click links or respond to mysterious email messages. Double-check the authenticity especially if they seem abnormally urgent. Examine the link names.15 800.747.8585 |
  16. 16. Spear Phishing Defense 4. UPDATE! And patch your anti-virus software. Many attackers make use of ‘zero-day’ or very new viruses and attack vectors. Keeping up to date is your best defense against new malware.16 800.747.8585 |
  17. 17. Spear Phishing Defense 5. TURN ON! All the features on your security software. Make sure that all elements of the solution are enabled and active. It does no good if your anti-virus is ‘On’ but the firewall or email filters are ‘Off’.17 800.747.8585 |
  18. 18. Spear Phishing Defense 6. ENCRYPT! The Crown Jewels of your organization. Make your priceless data ‘worthless’.18 800.747.8585 |
  19. 19. Spear Phishing Defense 7. PREVENT! Sensitive data from leaving. Data Loss Prevention inspects the content flow and give assurance the content doesn’t contain any sensitive data that may be violate company policy. If it violates the policy, the transmission is blocked and a notification sent.19 800.747.8585 |
  20. 20. Next Steps • Publish a corporate policy for public information • Prohibit publication of org charts, personal info, phone lists, customer lists, etc. • Implement awareness training for your employees • Let them know they are targets and what attackers want to know • Create a Phishing Response Strategy • Begin to track the kinds of ‘spam’ you’re getting (you may be targeted and not realize it) • Contact CBI for assistance with these and other information security and security awareness issues, including security and vulnerability assessments20 800.747.8585 |
  21. 21. Tips for Home /sites/default/files/resource_d /us/home_homeoffice/media/the ocuments/Parents%20Internet me/parentresources/FamilyOnlin %20Safety%20and%20Security eSafetyGuide_3rdEd_final.pdf %20STC.pdf21 800.747.8585 |
  22. 22. THANK @JoeSchorr 800.747.8585 |