![Page 1: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/1.jpg)
©2017Mimecast.comAllrightsreserved.1
The Human Firewall is on fire – Anatomy of an email-based attack.
![Page 2: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/2.jpg)
©2017Mimecast.comAllrightsreserved.2
DefenseArmsRace
BusinessDisrup1ons
SkillsDeficiencies
CyberSecurityToday
DataRecovery
Threatsareconstantlyevolving!
It’sdifficulttoa@ractandretaintalent!
HowdowemaintainavailabilityduringadisrupEon!
Canwerecovertothelastsafestate!
![Page 3: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/3.jpg)
©2017Mimecast.comAllrightsreserved.3
EmailA@acks
1 Verizon Data Breach Report 2016 | 2 Wired 2015 | 3 Verizon Data Breach Report 2017 | 4 FBI, Public Service Announcement, May 4, 2017
~30% 100S 91% 66% $5Bofphishinga@ackswereopened1
MedianEmetofirstclick1
ofa@acksstartwithaphish2
ofmalwarewasinstalledvia
maliciousemaila@achments3
BECis$5Bglobalscam4
![Page 4: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/4.jpg)
©2017Mimecast.comAllrightsreserved.4
Whydoa@ackersrelyonemail?Cheap,ubiquitous,global,flexible,anonymous,trustedbyusers,
integraltosomanybusinessprocesses
225BEmailssenteveryday
#1Office365Cloud
ServicebyUserCount
6.3BEmailMailboxesin2017,growingto7.7Bby2021
![Page 5: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/5.jpg)
©2017Mimecast.comAllrightsreserved.5
OriginalPhishingScams-WhatdoyounoEceaboutthem?
![Page 6: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/6.jpg)
• Haveaprofile
• Thinkyourlifeisdeemedinteres'ngenoughtobeon
Your company is at risk if you…
• Havecertainle@ersinyourdomainname
• Acceptresumesonyourwebsite
• HighlightyourManagementorLeadershipTeamonyourwebsite
![Page 7: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/7.jpg)
©2017Mimecast.comAllrightsreserved.7
It Only Takes One.
![Page 8: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/8.jpg)
©2017Mimecast.comAllrightsreserved.8
Introducing:YourUsers
![Page 9: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/9.jpg)
WouldYouClick?
![Page 10: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/10.jpg)
![Page 11: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/11.jpg)
©2017Mimecast.comAllrightsreserved.11
WhatShouldYourUserDo?WSYUD?
![Page 12: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/12.jpg)
URLProtect
![Page 13: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/13.jpg)
URLProtect
![Page 14: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/14.jpg)
Realorfake?
![Page 15: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/15.jpg)
©2017Mimecast.comAllrightsreserved.15
That“Apple.com”URLisreallythis….
xn--80ak6aa92e.com
IsthisreallyApple.com?
![Page 16: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/16.jpg)
©2018Mimecast.comAllrightsreserved.16
WatchOutMobileBrowsers!PhishingwithElongatedURLs–Whatsiteareyoureallyon?
h@p://m.facebook.com----------------------------------securelogin.liraon.com/sign_in.htm
![Page 17: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/17.jpg)
WouldYouOpenThis
A`achment?
![Page 18: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/18.jpg)
![Page 19: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/19.jpg)
©2017Mimecast.comAllrightsreserved.19
![Page 20: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/20.jpg)
©2017Mimecast.comAllrightsreserved.20
NoOneWaytoCatchMalware
![Page 21: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/21.jpg)
ImaginebeingabletostopEVERYmaliciousfile
WeallknowtherisksTrustyourusersnottoclick?
![Page 22: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/22.jpg)
©2017Mimecast.comAllrightsreserved.22
Sta1cFileAnalysis
~1-2secondsa@achmentscanExpeditesscanningandscanEmeforusers
![Page 23: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/23.jpg)
©2017Mimecast.comAllrightsreserved.23
Analyzeinbounda@achmentswithmul1pleAVengines+sta1cfile
analysis+behavioralsandboxing+Safefileconversion
![Page 24: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/24.jpg)
©2017Mimecast.comAllrightsreserved.24
• Leverageglobalthreatintelligence• Incident/ResponseDashboard• Constantlymonitorandre-checkstatusofallfilea@achmentfingerprintsglobally
• Ifsecurityscoreofadeliveredfilechanges:– Quicklyalertandupdateadministrators– AutomaEcallyormanuallyremediatea@achmentbasedmalware
– LogincidentacEons
EnhancedThreatRemedia1on
![Page 25: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/25.jpg)
WhoSaysA`acksNeedtoInvolveMalware?
• BusinessEmailCompromise• Whaling• WiretransferorW-2Fraud
![Page 26: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/26.jpg)
Whowouldsendthemoney?
![Page 27: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/27.jpg)
Impersona1onProtect
![Page 28: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/28.jpg)
Impersona1onProtect
![Page 29: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/29.jpg)
Impersona1onProtect
![Page 30: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/30.jpg)
SupplyChainImpersona1on
![Page 31: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/31.jpg)
©2017Mimecast.comAllrightsreserved.31
Oneofthesethingsisnotliketheothers!!!
![Page 32: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/32.jpg)
©2018Mimecast.comAllrightsreserved.32
“Similar”DomainsBeingRegisteredEveryDay–Why?• Serer-faƈebook.com-xn--faebook-ozb.com[facebook.com]• OldEnglish-ɑƿƿle.com-xn--le-m1aa24e.com[apple.com]• MathSymbol-hotmail¬.com-xn--hotmail-jka.com[hotmail.com]• German-microsömonline.com-xn--microsmonline-0pb.com
[microsomonline.com]• Chinese-amazon. -amazon.xn--g2xx48c[amazon.com]• Cyrillic-applḙ.com-xn--appl-t64a.com[apple.com]• Polish-ażure.com-xn--aure-bbb.com[azure.com]• Fula/African-dropɓox.com--dropox-sxc.com[dropbox.com]• Fula/African-eɓay.com-xn--eay-osb.com[ebay.com]• Polish-ebąy.com-xn--eby-jpa.com[ebay.com]• Danish-facebøøk.com-xn--facebk-fyaa.com[facebook.com]
![Page 33: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/33.jpg)
©2017Mimecast.comAllrightsreserved.33
Similaritymatchingcapabili1esRealDomain SimilarityMatchmimecast.com mimecast.co.zaapple.com xn--80ak6aa92e.comamazon.co.uk www.amazonn.co.ukfacebook.com h@p://m.facebook.com----------------------------------securelogin.liraon.com/sign_in.htm
paypal.comh@p://paypal.com-us-cgi-bin-webscr-cmd--login-submit-dispatch-5885d80a13c0.mytruebox.com/
CustomDomain.com CustomDornain.com
• Detectsimilaritybothsimpleandcomplex– Characterswitching,Homoglyph/Homograph,longdomainstringsandmore
![Page 34: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/34.jpg)
N CompromisedAccountsØ A`ackerusesstolenusercreden1alstospreada`ackinternallyand/orexternallyInternalEmail
ProtectN CarelessUsers
Ø “Oops,Isentittothewrongperson…again.”
N MaliciousInsidersØ Purposelydistribu1ngmalwareormaliciousURLs
AreUserspartofthesoluEonorpartoftheproblem?
![Page 35: The Human Firewall is on fire – Anatomy of an email-based · 2018-11-02 · 1 © 2017 Mimecast.com All rights reserved. The Human Firewall is on fire – Anatomy of an email-based](https://reader034.vdocuments.site/reader034/viewer/2022042308/5ed54d70ac702a729d4a4049/html5/thumbnails/35.jpg)
©2017Mimecast.comAllrightsreserved.35
CyberResilienceforemail
ThreatProtecEon
Durability
AdaptabilityRecoverability