the human firewall is on fire – anatomy of an email-based · 2018-11-02 · 1 © 2017...
Post on 29-May-2020
3 Views
Preview:
TRANSCRIPT
©2017Mimecast.comAllrightsreserved.1
The Human Firewall is on fire – Anatomy of an email-based attack.
©2017Mimecast.comAllrightsreserved.2
DefenseArmsRace
BusinessDisrup1ons
SkillsDeficiencies
CyberSecurityToday
DataRecovery
Threatsareconstantlyevolving!
It’sdifficulttoa@ractandretaintalent!
HowdowemaintainavailabilityduringadisrupEon!
Canwerecovertothelastsafestate!
©2017Mimecast.comAllrightsreserved.3
EmailA@acks
1 Verizon Data Breach Report 2016 | 2 Wired 2015 | 3 Verizon Data Breach Report 2017 | 4 FBI, Public Service Announcement, May 4, 2017
~30% 100S 91% 66% $5Bofphishinga@ackswereopened1
MedianEmetofirstclick1
ofa@acksstartwithaphish2
ofmalwarewasinstalledvia
maliciousemaila@achments3
BECis$5Bglobalscam4
©2017Mimecast.comAllrightsreserved.4
Whydoa@ackersrelyonemail?Cheap,ubiquitous,global,flexible,anonymous,trustedbyusers,
integraltosomanybusinessprocesses
225BEmailssenteveryday
#1Office365Cloud
ServicebyUserCount
6.3BEmailMailboxesin2017,growingto7.7Bby2021
©2017Mimecast.comAllrightsreserved.5
OriginalPhishingScams-WhatdoyounoEceaboutthem?
• Haveaprofile
• Thinkyourlifeisdeemedinteres'ngenoughtobeon
Your company is at risk if you…
• Havecertainle@ersinyourdomainname
• Acceptresumesonyourwebsite
• HighlightyourManagementorLeadershipTeamonyourwebsite
©2017Mimecast.comAllrightsreserved.7
It Only Takes One.
©2017Mimecast.comAllrightsreserved.8
Introducing:YourUsers
WouldYouClick?
©2017Mimecast.comAllrightsreserved.11
WhatShouldYourUserDo?WSYUD?
URLProtect
URLProtect
Realorfake?
©2017Mimecast.comAllrightsreserved.15
That“Apple.com”URLisreallythis….
xn--80ak6aa92e.com
IsthisreallyApple.com?
©2018Mimecast.comAllrightsreserved.16
WatchOutMobileBrowsers!PhishingwithElongatedURLs–Whatsiteareyoureallyon?
h@p://m.facebook.com----------------------------------securelogin.liraon.com/sign_in.htm
WouldYouOpenThis
A`achment?
©2017Mimecast.comAllrightsreserved.19
©2017Mimecast.comAllrightsreserved.20
NoOneWaytoCatchMalware
ImaginebeingabletostopEVERYmaliciousfile
WeallknowtherisksTrustyourusersnottoclick?
©2017Mimecast.comAllrightsreserved.22
Sta1cFileAnalysis
~1-2secondsa@achmentscanExpeditesscanningandscanEmeforusers
©2017Mimecast.comAllrightsreserved.23
Analyzeinbounda@achmentswithmul1pleAVengines+sta1cfile
analysis+behavioralsandboxing+Safefileconversion
©2017Mimecast.comAllrightsreserved.24
• Leverageglobalthreatintelligence• Incident/ResponseDashboard• Constantlymonitorandre-checkstatusofallfilea@achmentfingerprintsglobally
• Ifsecurityscoreofadeliveredfilechanges:– Quicklyalertandupdateadministrators– AutomaEcallyormanuallyremediatea@achmentbasedmalware
– LogincidentacEons
EnhancedThreatRemedia1on
WhoSaysA`acksNeedtoInvolveMalware?
• BusinessEmailCompromise• Whaling• WiretransferorW-2Fraud
Whowouldsendthemoney?
Impersona1onProtect
Impersona1onProtect
Impersona1onProtect
SupplyChainImpersona1on
©2017Mimecast.comAllrightsreserved.31
Oneofthesethingsisnotliketheothers!!!
©2018Mimecast.comAllrightsreserved.32
“Similar”DomainsBeingRegisteredEveryDay–Why?• Serer-faƈebook.com-xn--faebook-ozb.com[facebook.com]• OldEnglish-ɑƿƿle.com-xn--le-m1aa24e.com[apple.com]• MathSymbol-hotmail¬.com-xn--hotmail-jka.com[hotmail.com]• German-microsömonline.com-xn--microsmonline-0pb.com
[microsomonline.com]• Chinese-amazon. -amazon.xn--g2xx48c[amazon.com]• Cyrillic-applḙ.com-xn--appl-t64a.com[apple.com]• Polish-ażure.com-xn--aure-bbb.com[azure.com]• Fula/African-dropɓox.com--dropox-sxc.com[dropbox.com]• Fula/African-eɓay.com-xn--eay-osb.com[ebay.com]• Polish-ebąy.com-xn--eby-jpa.com[ebay.com]• Danish-facebøøk.com-xn--facebk-fyaa.com[facebook.com]
©2017Mimecast.comAllrightsreserved.33
Similaritymatchingcapabili1esRealDomain SimilarityMatchmimecast.com mimecast.co.zaapple.com xn--80ak6aa92e.comamazon.co.uk www.amazonn.co.ukfacebook.com h@p://m.facebook.com----------------------------------securelogin.liraon.com/sign_in.htm
paypal.comh@p://paypal.com-us-cgi-bin-webscr-cmd--login-submit-dispatch-5885d80a13c0.mytruebox.com/
CustomDomain.com CustomDornain.com
• Detectsimilaritybothsimpleandcomplex– Characterswitching,Homoglyph/Homograph,longdomainstringsandmore
N CompromisedAccountsØ A`ackerusesstolenusercreden1alstospreada`ackinternallyand/orexternallyInternalEmail
ProtectN CarelessUsers
Ø “Oops,Isentittothewrongperson…again.”
N MaliciousInsidersØ Purposelydistribu1ngmalwareormaliciousURLs
AreUserspartofthesoluEonorpartoftheproblem?
©2017Mimecast.comAllrightsreserved.35
CyberResilienceforemail
ThreatProtecEon
Durability
AdaptabilityRecoverability
top related