This document discusses phishing incident response and provides details about phishing attacks. It begins with the evolution of phishing from the 1990s to present day. It then covers the purpose and impact of phishing, including major financial losses. Various types of phishing attacks are described such as spear phishing, whaling, and cloning. Common delivery methods like email and websites are outlined. The document provides information to help identify and respond to phishing incidents.
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Raffael Marty
Extended Detection and Response, or XDR for short, is one of the acronyms that are increasingly used by cybersecurity vendors to explain their approach to solving the cyber security problem. We have been spending trillions of dollars on approaches to secure our systems and data, with what success? Cybersecurity is still one of the biggest and most challenging areas that companies, small and large, are dealing with. XDR is another approach driven by security vendors to solve this problem. The challenge is that every vendor defines XDR slightly differently and makes it fit their own “challenge du jour” for marketing and selling their products.
In this presentation we will demystify the XDR acronym and put a working model behind it. Together, we will explore why XDR is a fabulous concept, but also discover that it’s nothing revolutionarily new. With an MSP lens, we will explore what the XDR benefits are for small and medium businesses and what it means to the security strategy of both MSPs and their clients. The audience will leave with a clear understanding of what XDR is, how the technology matters to them, and how XDR will ultimately help them secure their customers and enable trusted commerce.
Cross site scripting (XSS) is a type of computer security vulnerability typically found in web applications, but in proposing defensive measures for cross site scripting the websites validate the user input and determine if they are vulnerable to cross site scripting. The major considerations are input validation and output sanitization.
There are lots of defense techniques introduced nowadays and even though the coding methods used by developers are evolving to counter attack cross site scripting techniques, still the security threat persist in many web applications for the following reasons:
• The complexity of implementing the codes or methods.
• Non-existence of input data validation and output sanitization in all input fields of the application.
• Lack of knowledge in identifying hidden XSS issues etc.
This proposed project report will briefly discuss what cross site scripting is and highlight the security features and defense techniques that can help against this widely versatile attack.
This Edureka PPT on "Application Security" will help you understand what application security is and measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Following are the topics covered in this PPT:
Introduction to Cybersecurity
What is Application Security?
What is an SQL Injection attack
Demo on SQL Injection
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptxChi En (Ashley) Shen
Speakers: Ashley Shen, Steve Su
This is a threat hunting and campaign tracking 101 workshop Ashley Shen (Google) and Steve (FireEye) prepared for the HITCON 2020 CTI Village. In this presentation we share the threat hunting concept with some basic techniques and explain the process and guidance for campaign tracking. The presentation was only 65 mins so we couldn't covered everything. However through this talk we hope to share our experience and insight to the beginners.
Learn about the different types of Phishing Attacks; like Content-Injection, and MiTM attack, that can target you and your organization.
To know more about phishing prevention, read our in-depth article "How to Prevent a Phishing Attack? 17 Easy Hacks for Administrators"
https://blog.syscloud.com/phishing-attack/
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Raffael Marty
Extended Detection and Response, or XDR for short, is one of the acronyms that are increasingly used by cybersecurity vendors to explain their approach to solving the cyber security problem. We have been spending trillions of dollars on approaches to secure our systems and data, with what success? Cybersecurity is still one of the biggest and most challenging areas that companies, small and large, are dealing with. XDR is another approach driven by security vendors to solve this problem. The challenge is that every vendor defines XDR slightly differently and makes it fit their own “challenge du jour” for marketing and selling their products.
In this presentation we will demystify the XDR acronym and put a working model behind it. Together, we will explore why XDR is a fabulous concept, but also discover that it’s nothing revolutionarily new. With an MSP lens, we will explore what the XDR benefits are for small and medium businesses and what it means to the security strategy of both MSPs and their clients. The audience will leave with a clear understanding of what XDR is, how the technology matters to them, and how XDR will ultimately help them secure their customers and enable trusted commerce.
Cross site scripting (XSS) is a type of computer security vulnerability typically found in web applications, but in proposing defensive measures for cross site scripting the websites validate the user input and determine if they are vulnerable to cross site scripting. The major considerations are input validation and output sanitization.
There are lots of defense techniques introduced nowadays and even though the coding methods used by developers are evolving to counter attack cross site scripting techniques, still the security threat persist in many web applications for the following reasons:
• The complexity of implementing the codes or methods.
• Non-existence of input data validation and output sanitization in all input fields of the application.
• Lack of knowledge in identifying hidden XSS issues etc.
This proposed project report will briefly discuss what cross site scripting is and highlight the security features and defense techniques that can help against this widely versatile attack.
This Edureka PPT on "Application Security" will help you understand what application security is and measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Following are the topics covered in this PPT:
Introduction to Cybersecurity
What is Application Security?
What is an SQL Injection attack
Demo on SQL Injection
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptxChi En (Ashley) Shen
Speakers: Ashley Shen, Steve Su
This is a threat hunting and campaign tracking 101 workshop Ashley Shen (Google) and Steve (FireEye) prepared for the HITCON 2020 CTI Village. In this presentation we share the threat hunting concept with some basic techniques and explain the process and guidance for campaign tracking. The presentation was only 65 mins so we couldn't covered everything. However through this talk we hope to share our experience and insight to the beginners.
Learn about the different types of Phishing Attacks; like Content-Injection, and MiTM attack, that can target you and your organization.
To know more about phishing prevention, read our in-depth article "How to Prevent a Phishing Attack? 17 Easy Hacks for Administrators"
https://blog.syscloud.com/phishing-attack/
VAPT defines the security measures that are supposed to be put in place to address cyber threats. There are plenty of strategies that can be adopted in Pen Testing which include Black Box Pen Test, White Box Pen Text, Hidden Pen Test, Internal Pen Test, and Gray Box Testing. It is mandatory that VAPT is conducted in order to deter cyber-attacks that are on the upsurge daily. These VAPT ranges from Mobile, Network Penetration Testing, and Vulnerability Assessments.
There are many merits to VAPT in your business which include early error detection in program codes which will prevent cyber attacks. Most companies lose billions of dollars due to cyber-attacks. With VAPT, it guarantees that all loopholes are tightened before an intrusion transpires.
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Description : Organizations have spent massive amounts of money to protect the perimeter of their networks, but if your business exists on the internet, there really is no perimeter. In this presentation, we'll discuss Digital Footprints in understanding your company’s external attack surface. We will discuss social, mobile, web attacks and analyze and review lessons learned recently publicized attacks (Polish banking institutions, Apache Struts Vulnerability or WannaCry ransomware. The speed of business and cybercrime isn't slowing down, so how can you be prepared to address and defend against these types of threats? Attend our session to find out how.
Reducing Your Digital Attack Surface and Mitigating External Threats - What, Why, How:
What is a Digital Footprint?
Breakdown of External Threats (Social, Mobile, Web)
What are blended attacks?
What is actually being targeting at your company?
How are your brands, customers, and employees being attack outside of your company?
How to become proactive in threat monitoring on the internet?
Considerations in External Threat solutions
Threat correspondence tracking considerations
Is legal cease and desist letters adequate in stopping attacks?
Examination of a phishing attack campaign
How phishing kits work
Analysis and lesson learned from recent published attacks
What are the most important capability in a digital risk monitoring solution?
My slides for PHDays 2018 Threat Hunting Hands-On Lab - https://www.phdays.com/en/program/reports/build-your-own-threat-hunting-based-on-open-source-tools/
Virtual Machines for lab are available here - https://yadi.sk/d/qB1PNBj_3ViWHe
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
This presentation covers the Cross site scripting attacks and defences in web applications, this talk was delivered as part of OWASP Hyderabad Chapter meet. Comments and suggestions are welcome.
Information Security Awareness for everyoneYasir Nafees
SAFE (which stands for Security Awareness For Everyone) is an information security awareness program designed to help organizations creating a well informed and risk-aware culture. SAFE focuses on learning to make it important for everyone to be fully informed and take responsibility to protect organization’s most important asset, “The Information”.
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsUlf Mattsson
The Verizon 2017 Data Breach Investigations Report findings relate specifically to the occurrence (likelihood) of security breaches leading to data compromise. The information, provided in aggregate, is filtered in many ways to make it relevant to you (e.g., by industry, actor motive). It is a piece of the information security puzzle—an awesome corner piece that can get you started—but just a piece nonetheless. This session will discuss the new targets that are identified and some solutions
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSRandall Chase
cybersecurity - You Are Being Targeted
Business executive with high-level management and hands-on analytical skill sets and over 27 years of professional experience in technical solutions and service offering development and implementation, organizational strategies for efficiency, cost controls, and bottom-line profitability, multi-million dollar enterprise-wide client engagements, compliance with schedule, budget, and quality requirements, hiring and leadership of high-performance IT employees.
Keyven Lewis, CMIT SOLUTIONS- Cybersecurity - You Are Being Targeted.
An overview to help SMB owners understand the dynamics (exp. the who, the why, and the how) of cybersecurity as it relates to their business.
VAPT defines the security measures that are supposed to be put in place to address cyber threats. There are plenty of strategies that can be adopted in Pen Testing which include Black Box Pen Test, White Box Pen Text, Hidden Pen Test, Internal Pen Test, and Gray Box Testing. It is mandatory that VAPT is conducted in order to deter cyber-attacks that are on the upsurge daily. These VAPT ranges from Mobile, Network Penetration Testing, and Vulnerability Assessments.
There are many merits to VAPT in your business which include early error detection in program codes which will prevent cyber attacks. Most companies lose billions of dollars due to cyber-attacks. With VAPT, it guarantees that all loopholes are tightened before an intrusion transpires.
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Description : Organizations have spent massive amounts of money to protect the perimeter of their networks, but if your business exists on the internet, there really is no perimeter. In this presentation, we'll discuss Digital Footprints in understanding your company’s external attack surface. We will discuss social, mobile, web attacks and analyze and review lessons learned recently publicized attacks (Polish banking institutions, Apache Struts Vulnerability or WannaCry ransomware. The speed of business and cybercrime isn't slowing down, so how can you be prepared to address and defend against these types of threats? Attend our session to find out how.
Reducing Your Digital Attack Surface and Mitigating External Threats - What, Why, How:
What is a Digital Footprint?
Breakdown of External Threats (Social, Mobile, Web)
What are blended attacks?
What is actually being targeting at your company?
How are your brands, customers, and employees being attack outside of your company?
How to become proactive in threat monitoring on the internet?
Considerations in External Threat solutions
Threat correspondence tracking considerations
Is legal cease and desist letters adequate in stopping attacks?
Examination of a phishing attack campaign
How phishing kits work
Analysis and lesson learned from recent published attacks
What are the most important capability in a digital risk monitoring solution?
My slides for PHDays 2018 Threat Hunting Hands-On Lab - https://www.phdays.com/en/program/reports/build-your-own-threat-hunting-based-on-open-source-tools/
Virtual Machines for lab are available here - https://yadi.sk/d/qB1PNBj_3ViWHe
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
This presentation covers the Cross site scripting attacks and defences in web applications, this talk was delivered as part of OWASP Hyderabad Chapter meet. Comments and suggestions are welcome.
Information Security Awareness for everyoneYasir Nafees
SAFE (which stands for Security Awareness For Everyone) is an information security awareness program designed to help organizations creating a well informed and risk-aware culture. SAFE focuses on learning to make it important for everyone to be fully informed and take responsibility to protect organization’s most important asset, “The Information”.
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsUlf Mattsson
The Verizon 2017 Data Breach Investigations Report findings relate specifically to the occurrence (likelihood) of security breaches leading to data compromise. The information, provided in aggregate, is filtered in many ways to make it relevant to you (e.g., by industry, actor motive). It is a piece of the information security puzzle—an awesome corner piece that can get you started—but just a piece nonetheless. This session will discuss the new targets that are identified and some solutions
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSRandall Chase
cybersecurity - You Are Being Targeted
Business executive with high-level management and hands-on analytical skill sets and over 27 years of professional experience in technical solutions and service offering development and implementation, organizational strategies for efficiency, cost controls, and bottom-line profitability, multi-million dollar enterprise-wide client engagements, compliance with schedule, budget, and quality requirements, hiring and leadership of high-performance IT employees.
Keyven Lewis, CMIT SOLUTIONS- Cybersecurity - You Are Being Targeted.
An overview to help SMB owners understand the dynamics (exp. the who, the why, and the how) of cybersecurity as it relates to their business.
Cyberattacks are malicious actions taken by individuals, groups, or organizations against computer systems, networks, and digital devices with the intent to damage, steal or manipulate data, or disrupt normal operations. These attacks can target anyone, from individuals to governments and large corporations, and can cause severe damage to both personal and professional lives.
Cybercrime and Cybersecurity Governance: A Kenyan PerspectiveIvan Sang
Achieving effective cybersecurity and governance is a complex challenge for states, businesses and individuals. Recent empirical analyses indicate that cybercrime now costs the global economy over USD 600 billion annually, but many experts believe that this is a conservative figure that understates the actual amount. Reports of cyber breaches that affect democracy, financial services, retail, healthcare, defence, utilities, and infrastructure are becoming more frequent. Also, this trend is projected to increase in the near future. Governments of developing countries, including Kenya, are slowly adopting technology as a tool to offer efficient services. In contrast, cybercriminals use some of the most cutting edge cyber technologies to commit criminal offences and to outfox state countermeasures. Another trend is that cyber threats originate not only from individual actors or highly organized groups, but are also increasingly states-sponsored. Weaknesses in the cyber domain such as deficient cyber or law enforcement capabilities and poor legislation have been exploited to cause harm and impede socio-economic progress. Using a comparative approach, this presentation shows that cybersecurity is a shared responsibility for private citizens, communities, corporations and states alike. It also illustrates that professionals should play a more active role in minimizing and deterring cyber incidents. This session will explore the case of Kenya as country-specific yet comparatively relevant jurisdiction to explore strategic responses to cybercrime, the operational limits of cybersecurity governance and propose ways to mitigate cyber risks.
Failed Ransom: How IBM XGS Defeated RansomwareIBM Security
View on-demand webinar: http://event.on24.com/wcc/r/1238398/409AE8848D4FF1210B56EC81538788EB
Ransomware is a growing threat impacting organizations across all industries. But not all is lost. There are preventative measures that can be taken to help protect against ransomware attacks, including deploying a next-generation intrusion prevention system (IPS), such as the IBM XGS.
Join our webinar to:
Understand the current threats associated with ransomware
Learn how leading-edge research from IBM X-Force powers the XGS to stop ransomware
Hear how IBM XGS proactively blocked ransomware at a large healthcare insurance organization
Today's security is that the main downside and every one the work is finished over the net mistreatment knowledge. whereas the information is out there, there square measure many varieties of users who act with knowledge and a few of them for his or her would like it all for his or her gaining data. There square measure numerous techniques used for cover of information however the hacker or cracker is a lot of intelligent to hack the security, there square measure 2 classes of hackers theyre completely different from one another on the idea of their arrange. The one who has smart plans square measure referred to as moral hackers as a result of the ethics to use their talent and techniques of hacking to supply security to the organization. this idea describes concerning the hacking, styles of hackers, rules of moral hacking and also the blessings of the moral hacking. Mukesh. M | Dr. S. Vengateshkumar "Ethical Hacking" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29351.pdf Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/29351/ethical-hacking/mukesh-m
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
In this presentation from their joint webinar, security experts and trainers at CQURE, Greg Tworek and Mike Jankowski-Lorek, help you put on your hacker cap to better identify dangerous vulnerabilities, strengthen your systems, and STOP the data breaches that litter the news sites today. They will also demonstrate how to exploit systems and how (from the hacker perspective) this can be proactively mitigated.
Catch the full on-demand webinar here:
https://www.beyondtrust.com/resources/webinar/hackers-playbook-think-like-cybercriminal-reduce-risk/?access_code=de936e36f25bb91acaae7593959af3c1
If you know the enemy and know yourself, you need not fear the result of a hundred battles- Sun Tzu
Sharing some pointers wrt some trends and tactics in the cyber domain and threat intel.
Thanks to CRCIDF team.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
4. About phishing?
■ Word “Phishing” originated from “Password Harvesting ” or “fishing for Passwords”
■ The “Ph” is linked to word “phreaking” – the hacking of telephone systems and early
hackers who were called “phreaks”.
■ Phishing is an online pretexting or deception where the attacker tries to obtain
sensitive information from the victim pretending as someone else.
■ The methodology used is social engineering and technical subterfuge
■ The basic trick is to send official looking messages to trick user towards counterfeit
websites and acquire sensitive information from the user
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
5. Phishing Evolution
■ Started with attackers stealing user passwords and creating randomized credit card
numbers to open AOL account to send spam to other users in 1995.
■ Usenet newsgroup called AOHell mentioned the word “phishing for first time in 1996.
■ Real phishing attacks started when attackers started sending messages through AOL
messenger and email posing asAOL employees
■ Hacked accounts were called "phish“ in 1996
■ By 1997 phish were traded actively between hackers as a form of electronic currency
■ 10 AOL phish were traded for a piece of hacking software or warez.
■ Phishing started in big way in 2004 with attackers successfully making huge money
including that from banking sites and their customers
■ Social engineering is most used source of phishing accounting for over 30% message in
(Verizon’s Data Breach Investigations Report 2016)
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
6. Phishing attacks by category, Q1 2017
■ Maximum attacks on financial sector
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
7. Spam emails with malicious attachments
■ Substantial rise in Spam emails containing malicious attachments
■ Spam is nuisance as well as the primary delivery mechanisms for attacks
Source: IBM Threat Intelligence Index 2017
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
9. Purpose of Phishing
■ Theft of identity and users’ confidential details such as personal, bank, and credit
information using forged email and fake web site
– Cause financial losses to users
– Lock them out from their own accounts
■ Theft of trade secrets
■ Distribution of botnet and DDoS agents
– Loss of productivity.
– Excessive resource consumption on corporate networks (bandwidth, saturated email
systems, etc.).
■ Attack Propagation:Compromise host and install botnet for future attack.
■ Attackers leverage vulnerabilities in client software (mail user agents and web
browsers) as well as design vulnerabilities in targeted website applications.
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
10. Prompts for opening email attachments
■ Fake invoices as disguising malicious attachments most popular method for tricking
users into opening phishing emails and taking the bait.
Source: Symantec 2017 Internet Security Threat Report (ISTR)
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
11. Phishing emails designed to steal credentials
■ Apple IDs targeted maximum
Source: Proofpoint 2017 Human Factor Report
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
13. Major Financial losses
■ Fortune Apr 27, 2017
– Facebook andGoogle were victims of a $100 million dollar phishing scam
– Evaldas Rimasauskas, a Lithuanian, forged email addresses, invoices, and
corporate stamps to impersonate a large Asian-based manufacturer with whom the
tech firms regularly did business.Tricked companies into paying for computer
supplies for over 2 years.
■ 2017 GlobalThreat Intelligence Report (GTIR)by NTT Security
– 53% of the world’s phishing attacks originated in EMEA:
■ FBI Report
– From October 2013 to December 2016 in 22,000 incidents investigated losses
amounted to $1.6 billion
https://www.nttcomsecurity.com/en/gtir-2017/
https://www.forbes.com/sites/leemathews/2017/05/05/phishing-scams-cost-american-businesses-half-
a-billion-dollars-a-year/#4041d0e93fa1
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
14. Cost of phishing
■ As per IBM Security Services report: 1.5 million cyber-attacks reported in 2013
■ Joint 2013 study from Symantec and the Ponemon Institute indicates the average total
cost to an organization of a data breach was $5,403,644
■ As 2013 UK study Range of total cost of a security breach:
– Small businesses: $55,000 to $100,000
– Large businesses: $700,000 to $1,300,000
■ About 64% of data breaches due to system problems and human mistakes
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
16. PhishingThreat
■ Phishing attacks use a mix of technical deceit and social engineering practices.
■ The most popular channel are e-mail, web-pages, IRC and instant messaging services
are popular
■ Phisher impersonates a trusted source for the victim to believe
■ The trusted source can be:
– helpdesk of their bank,
– automated support response from retailer use by the user
– Government site
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
17. Phases of Phishing attacks
Criminalizing
the information
stolen
Go to fake web
site or send
sensitive
information or
down load
malware
Victim taking
suggestion in
message or
banner
PotentialVictim
Gets a phish
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
18. Phishing attacks
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
19. Types of Phishing attacks
Spear Phishing
• Targets specific group of individuals or organizations
Whaling
• Targeted at executive level individual
Cloning
• Duplicates legitimate email but the content is replaced with
malicious attachment or links
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
20. Spear Phishing
■ Targets particular company, organization, group or government agency
■ First, criminals gathers some inside information on their targets to convince them the
e-mails are legitimate.
■ Obtain personal information by hacking into an organization’s computer network or,
blogs, and social networking sites (Facebook, Linkdin etc.).
■ Send e-mails that look like the real thing to targeted victims, offering all sorts of
urgent and legitimate-sounding explanations as to why they need your personal data.
■ Victims asked to click on a link inside the e-mail that takes them to a phony but
realistic-looking website, where they are asked to provide passwords, account
numbers, user IDs, access codes, PINs, etc.
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
21. Spear Phishing
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
22. Spear Phishing e-mail
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
23. Whaling
■ Comes fromWhales and target big fish
■ Targeted attacks against small groups of high-level executives within a single
organization, or executive positions common to multiple organizations
■ Tries to steal credentials using the installation of malware that provides back-door
functionality and keylogging.
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
24. Cloning
■ A legitimate, and previously delivered, email containing an attachment or link has is
used to create an almost identical email.
■ The attachment or Link within the email is replaced with a malicious version and then
sent from an email address spoofed to appear to come from the original sender.
■ May claim to be a re-send of the original or an updated version to the origin
■ Hacker may also clone a website that his victim usually visits.
■ Cloned website usually asks for login credentials, mimicking the real website and then
steal these.
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
25. Cloning website
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
27. Phishing Methods
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
28. E-mail and Spam
■ Most common Phishing attacks initiated by e-mail
■ Attacker can send specially crafted e-mails to millions of legitimate “live” e-mail
addresses within a few hours
■ Normally phishing e-mails are purchased
■ Create e-mails with fake “Mail From:” headers and impersonate any organization
using flaws in SMTP protocol used for email.
■ Also in some cases “RCPTTo:” field to an e-mail address to attacker's choice
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
29. Techniques used within Phishing E-mails
■ Official looking and sounding e-mails
– Sophisticated phishers send very legitimate looking mail with proper syntax and
structure.
■ HTML based e-mail to obfuscate destination URL information
– Use a text color the same as the background to hide suspect parts of the URL.
– use a legitimateURL as the textual string, while the actual hyperlink points to the
phishing URL
– inclusion of graphics to look like a text message
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
30. Techniques used within Phishing E-mails
■ Attachments to e-mails referenced within the text of the e-mail with instructions to
open attachment in order to verify some transactional detail.
– Attachments areTrojan keyloggers or other dangerous spyware
■ Anti spam-detection inclusions
– Headers and references in email designed to bypass anti spasm software
– use of deliberate spelling mistakes and spacing characters inside key words
■ Fake postings to popular message boards and mailing lists
■ Use of fake “Mail From:” addresses to fool the recipient into thinking that the e-mail
has come from a legitimate source.
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
31. Techniques used within Phishing E-mails
■ Use of font differences
– Use of font that causes lowercase and uppercase characters to be used and appear
as a different character to bypass anti-spam keyword filters
– Example: substitution of uppercase “i” for lowercase “L”, and the number zero for
uppercase “O”
■ Use of credit card digits
– use the first four digits of a credit card number within the e-mail instead of last four
digits which are unique to fool customers that mail is intended for them
■ Use of local language
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
32. Characteristics of Phishing email
■ The content of a phishing e-mail intended to trigger a quick reaction from user
■ Uses upsetting or exciting information, demand an urgent response or employee a
false pretence or statement.
■ Phishing messages are normally not personalized.
■ Typically, phishing messages will ask user to "update", "validate", or "confirm" their
account information or face dire consequences.
■ Message even ask to make a phone call.
■ Often, the message or website includes official-looking logos and other identifying
information taken directly from legitimate websites.
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
33. Spotting a phishing email
https://techviral.net/wp-content/uploads/2016/07/Identify-phishing-emails.jpg
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
34. Spotting a phishing email
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
35. Spotting a phishing email
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
36. Typical Phishing email Messages
■ E-mail MoneyTransfer Alert: Please verify this
payment information below…
■ It has come to our attention that your online
banking profile needs to be updated as part of our
continuous efforts to protect your account and
reduce instances of fraud…
■ DearOnline Account Holder, AccessToYour Account
Is Currently Unavailable…
■ Important Service Announcement from…,You have
1 unread Security Message!
■ We regret to inform you that we had to lock your
bank account access.Call (telephone number) to
restore your bank account.
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
37. Web-based Delivery
■ Another popular method of conducting phishing attacks is through malicious website
content
■ Use of HTML disguised links within popular websites, and message boards.
■ Use of third-party supplied, or fake, banner advertising graphics to lure customers to
the phisher’s website
■ The use of web-bugs (hidden items within the page – such as a zero-sized graphic) to
track a potential phishing customer
■ Use of pop-up or frameless windows to disguise the true source of the phisher’s
message
■ Embedding malicious content in web page to exploits a known vulnerability within the
customer’s web browser software to installs software of the phisher’s choice
■ Disguising the true source of the fake website by exploiting crosssite scripting flaws in
a trusted website
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
45. Man-in-the-middleAttacks
■ Man-in-the-middle attacks is used to gaining control of customer information and
resources
■ The attackers situate themselves between the customer and the real web-based
application, and proxy all communications between the systems.
■ Thus they can monitor all transactions.
■ Methods used for directing customer to proxy server instead of real server are:
– Transparent Proxies
– DNS Cache Poisoning
– URL Obfuscation
– Browser Proxy Configuration
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
46. Man-in-the-middleAttacks
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
47. URL ObfuscationAttacks
■ Make user follow a hyperlink (URL) to the attacker’s server without realizing that they
have been duped
■ Most common methods of URL obfuscation include
– Bad domain names
– Friendly login URLs
– Third-party shortened URLs
– Host name obfuscation
– URL obfuscation
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
48. PayPal fake site
Real Site
Fake Site
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
49. Real & Fake (Issued by BOA for their clients)
Real Fake
All information with ‘%’ is used to customize the emails with personal information
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
50. Cross-site Scripting Attacks (CSS or XSS)
■ Make use of custom URL or code injection into a valid
web-based application URL or imbedded data field.
■ Customer has received the following URL via a phisher’s
e-mail:
http://mybank.com/ebanking?URL=http://evilsite.com/phis
hing/fakepage.htm
■ While the customer is indeed directed and connected to
the real MyBank web application, due to poor application
coding by the bank, the e-banking component will accept
an arbitrary URL for insertion within the URL field the
returned page
■ Instead of the application providing a MyBank
authentication form embedded within the page, the
attacker manages to reference a page under control on
an external server
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
51. Cross Site Scripting
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
52. Preset Session Attacks
■ Phishing message contains a web link to the real application server, but also
contains a predefined SessionID field.
■ The attacker’s system constantly polls the application server for a restricted
page using the preset SessionID
■ Phishing attacker waits until a message recipient follows the link and authenticates
themselves using the SessionID.
■ Once authenticated, the application server will allow any connection using the
authorized SessionID to access restricted content
■ Attacker uses the preset SessionID to access a restricted page and carryout his attack
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
53. Preset Session Attacks
• Phisher has e-mailed potential MyBank
customers a fake message containing the URL
https://mybank.com/ebanking?session=3V1L5e5
510N&Login=True containing a preset
SessionID of 3V1L5e5510N
• Attacker continually polls the MyBank server
every minute for a restricted page that will
allow customer FundTransfers
(https://mybank.com/ebanking?session=3V1L5e
5510N&Transfer=True).
• After the customer authenticates themselves
the SessionID becomes valid, and the phisher
can access the FundTransfer page
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
54. Observing Customer Data
■ Attacker us key-loggers and screen-grabbers to observe confidential customer data as
it is entered into a webbased application
■ Key loggers observes and record all key presses by the customer.
■ Screen-grabbers take screen shot of data that has been entered into a web-based
application
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
55. Client-sideVulnerability Exploitation
■ Attacker exploits browser’s to gain access to, or observe, confidential information of
the customer.
■ Use of add on to browsers such as Flash, RealPlayer and other embedded applications
adds more opportunities for attack
■ Example
– A vulnerability existed within Microsoft Media Player that was exploitable through
java coding with Microsoft Internet Explorer. It enabled remote servers to read local
customer files, browse directories and finally execution of arbitrary software
– The problem was the method used by Media Player to download customized skins
and stored them.
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
57. Defense Mechanisms
■ Mix of information security technologies and techniques required.
■ Techniques deployment required at three locations:
1. The Client-side – User’s PC.
2. The Server-side –The business’ Internet visible systems and custom applications.
3. Enterprise Level – distributed technologies and third-party management
services
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
58. Client-side
■ Desktop protection technologies:
– Antivirus, antispam, persona firewall, spyware detection etc.
■ Avoid html based email client to avoid clicking embed scripting elements.
■ Utilization of appropriate communication settings
■ User application-level monitoring solutions
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
59. Client-side
■ Locking-down browser capabilities
– Browser need to be configured security
– Extended facilities may be avoided as these are exploited.
– Disable all pop-up window functionality
– DisableJava runtime support
– Disable ActiveX support
– Disable all multimedia and auto-play/auto-execute extensions
– Prevent the storage of non-secure cookies
– Ensure that any downloads cannot be automatically run from the browser
– Use anti-phishing plugins
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
60. Client-side
■ Digital signing and validation of email
– This will ensure that mail received is from know source
■ General security vigilance
– Carefully inspecting email content as per guidelines provided in previous slides
– No response to HTML e-mail with embedded submission forms
– Avoid e-mailing personal and financial information unless website lock icon is seen
– For sites that indicate they are secure, review the SSL certificate that has been
received and ensure that it has been issued by a trusted certificate authority.
– SSL certificate information can be obtained by double-clicking on the “lock” icon at
the bottom of the browser, or by right-clicking on a page and selecting properties
– Review credit card and bank account statements fro any unauthorised charges
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
61. Server-side
■ Intelligent anti-phishing techniques into the organization’s web application security,
■ developing internal processes to combat phishing vectors and educating customers
■ Improving customer awareness
– Repeatedly and constantly inform all users and customers of the dangers from
phishing attacks and what preventative actions are available
– Provide easy reporting of phishing scam noticed or fraudulent email received
– Establish company’s security policy and enforce then strictly
– Quick response to phishing scams identified.
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
62. Server-side
■ Providing validation information for official communications
– This will help in identifying phishing attacks
– Try to send only personalized emails
– Referencing previous mail to instill trust
– Use digital signatures where feasible
■ Ensuring that the Internet web application is securely developed and doesn’t include
easily exploitable attack vectors
– Strong implementation of content validation processes
– Never present submitted data directly back to an application user without sanitizing
it first.
– Always sanitize data before processing or storing it.
– Remove html characters that can be exploited by safe characters.
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
63. Server-side
■ Using strong token-based authentication systems
– Minimum two phase login process should be used
– Provide Use of anti key-logging processes such as onscreen keyboard
– Use of personalized content to identify fake websites
– Keeping naming systems simple and understandable
– Keep authentication process simple
– Use one time password or token based authentication.
■ Use simple DNS naming system that can be easily identified by customer/user
– Use only root domain
– Automatically redirect regional or other registered domain names to the main corporate
domain.
– Never keep session information in a URL format
– Use host names that represent the nature of the web-based application.
– For example: https://secure.mybank.com instead of https://www.mybank.com
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
64. Enterprise Level
■ Automatic validation of sending e-mail server addresses
■ Digital signing of e-mail services
■ Monitoring of corporate domains and notification of “similar” registrations
■ Perimeter or gateway protection agents
– To monitor and control both inbound and outbound communications to identify
malicious phishing content
■ Third-party managed services
– Can analyze e-mail messages delivered at a global level, and identify common
threads between malicious e-mail
– agent-based bots to monitor URLs and web content from remote sites, actively
searching for all instances of an organization’s logo, trademark, or unique web
content
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
65. www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
67. Incident Response
Prepare
Detect
Analyze
Contain
Eradicate
Recover
• Most important part of security system
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
68. Prepare
■ Identify the IT security manager responsible and advertise his contact and email for
reporting incident to every staff and customers
■ Ensure that IT Manager selected is trained in handing phishing
■ Prepare internal escalation list, including names, contact information, and responsibilities
for all staff involved in incident response and management
■ Create a methodology for user to inform security manager immediately using email as well
as phone about the incident.
■ The IT manager need to check the mail regularly for any urgent messages.
■ Keep list of contact information for external resources that may be involved in handing
incident response for ready reference.
■ Keep list of all Internet domains owned by the company
■ Prepare informational web page that warns partners and customers about an active
phishing attack
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
69. Detect
■ On receiving the information about incident the IT manager should get all phishing
email or URLs from user
■ These emails, URLs and another information provided need to be investigated on
priority
■ As standard practice the IT manager need to keep watch on:
– E-Mails flagged by various filters
– Non returnable and non deliverable emails
– Notification by third part of suspicious emails
– Emails linked to internal and external URLs
– Notification from ISP and law enforcement agencies about emails
– Suspicious activity on organization’s web site.
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
70. Analyze
■ The suspicious activity once detected should be analyzed using available tools or
external help as the case may be.
■ Once suspicious activity is confirmed to be attack related to phishing it should be
categorized according to threat it poses to organization
■ Use various means including logs and tools to gather information and analyze to:
– Identify the protected information that has been compromised
– Identify the information exposed
– Users, customers, public likely to get exposed
– Who might have launched the activity
– Who all have knowledge of this activity
– Worst case impact on the system
– If this can be exploited for any criminal activity
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
71. Contain
■ Identify the system effected and how wide spread the attack is.
■ Isolate system including user or servers effected by the attack
■ Inform all users of the problems and immediate action need to be taken by them to
contain the attack
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
72. Eradicate
■ Use various tools to get the system free from the malware etc. installed during the
attack
■ Install patch, update rules and modify content filter to avoid problem in future
■ Test the system to ensure the problem does not occur again
■ Modify or change the affected system/site/network
■ Co-ordinate with ISP to initiate counter measures
■ Co-ordinate with any third party to take down the site if required
■ Add problem to incident database along with all details for future reference
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
73. Recover
■ Updated system, firewall, IDS and remove temporary containment
■ Wipe and Baseline the system
■ Update system with fresh signatures
■ Prepared detailed advisory and publicize it widely to avoid future such attacks.
■ Review the incident in detail
■ Update policy and processes
■ Document problem and actions taken including policy changes, process modifications
and configuration changes.
■ Get ready for any new attack
www.naushad.co.uk | || Computer Forensic Analyst || Information Security Analyst || Vulnerability Detective || Network Examiner || Digital Data Interpreter ||
|| Digital Intelligence Tactical Solutions Developer || Cyber Criminology || Criminal Science ||
74. THANKYOU
www.naushad.co.uk | || Computer Forensic Analyst || Information SecurityAnalyst ||Vulnerability Detective ||
Network Examiner || Digital Data Interpreter ||