View
1
Download
0
Category
Preview:
Citation preview
"Cybercriminals Utilize SocialEngineering Techniques to Obtain Employee Credentials to Conduct
Payroll Diversion.”
“Active Phishing Campaign Targeting Student Email Accounts.”
Federal Student Aid has identified a malicious phishing campaign that may lead to potential fraud associated with student refunds and aid distributions.
The medical industry is the new No. 1 target for hackers. Almost all U.S. health care organizations have reported at least one cyberattack. (CBSN 2017)
The average impact of a successful spear-phishing attack: $1.6 Million.”2016 FireEye Whitepaper
"All the screens were black, all the computer screens were turned off," said Dr. Jennifer Pugh. "Everything we had normally used was essentially unplugged."
Pugh runs the medical center's emergency room. She was on duty the morning hackers sent a ransomware message demanding $44,000 in the cyber currency bitcoin to unlock hospital data being held hostage.
They went back to pen and paper for six weeks until the systems were back online.” © 2017 CBS Interactive Inc. All Rights Reserved.
Southwest Washington Regional Surgery Center notifies 2.3K patients after phishing attackVancouver-based Southwest Washington Regional Surgery Center informed 2,393 patients Nov. 6 about an email phishing attack that compromised their protected health information.
What is IT doing about this threat?
DMZ Internal vLANs
File Shares
DatabasesWeb Servers
App and Email Servers
PCs / Printers
InternetInternet
O365?
Proofpoint Email Targeted Attack Protection Filtering malicious attachments before delivery Rewriting URLs and filtering malicious sites Identifying clicks on malicious URLs
Multiple anti-virus scanning points (email, gateway, desktop)Network Intrusion Detection monitoring(24x7x365)
Email Security Gateway Filtering(July – September 2018)
Inbound EmailProofpoint Protection
ReputationClassifiers
Proofpoint TAPAttachment URL
Defense Defense
Company Inbox
• TAP Feed• Reputation
• TAP Feed• Signature based• Phish, AV, Spam
• Attachment detonation
48MEmails
37.6MEmails
Blocked
Known Threats Targeted Threats
.7MEmails
Blocked
• URL predictive
12,297ThreatsBlocked
14,701ThreatsBlocked 9.8M
Emails Delivered
Proofpoint Targeted Attack Protection Effectiveness • 93% effective (blocking 17,336 out of a total
of18,597 malicious emails in a one month period)• 1,261 malicious emails are still reaching user
mailboxes every month and present a risk of compromise based upon the user’s awareness of the specific threat and safe email practices
Phishing is the #1 attack method in 91% of cyber-attacks world-wide.
“Amateurs Hack Computers. Professionals Hack Humans.”
---Microsoft’s Guide to Defending Against Social Engineering Attacks
Phishing is a type of social engineering attack in which the attacker constructs an email message that lures the recipient of the message into performing an action. …
that action could be clicking on a URL, opening an attachment, responding with personally identifiable information such as a User-ID and Password.
“84% of organizations said a spear-phishing attack successfully penetrated their organization. ---2016 FireEye Whitepaper
“95% of all Security incidents involve human error.”
“Humans can be either the strongest or weakest defense against threats.”
The combination of high popularity and ease of attack generates significant risks to the University as employees and students are fooled by phishing emails and expose confidential information to theft and internal systems to compromise. (Gartner)
• Are you a Very Attacked Person (VAP)?• Have you received a large number of phishing
emails?• Access to PHI or Personally Identifiable Information?• Use risky devices or cloud services?• Top 10 Recipient of malicious messages?• Top 10 Clickers?
Are you a one of the Top 20 Credential Phished Persons?
What is your personal risk score?
How can you lower your personal risk score?
• Complete security awareness training assignments• Watch out for red flags in phishing emails and
become a human firewall• The lower your Phish-prone Percentage, the lower
your Personal Risk Score will be.
Subject: Secure your mailboxDate: August 21, 2016
OUHSC email Admin has detected unusual activity related to your account and will be temporarily disabled if you don’t Re-Activate and add more space. CLICK HERE to login and re-activate.
SignedAdminInternet Network 2016
Tips for Identifying a Phish
Subject: OU University Who's Who (2016 Edition) - You are included
Good morning.
We're writing to let you know that you received Honorable Mention in yesterday’s article titled "Who's Who in Academia" by Joseph Bozanek.
The article will remain available at www.newsdigest.co for the next few hours and is also available to download in PDF format.
Wishing you the best of continued success,
Mark Geierman, Ph.D.Editor, News Digest International
Subject: Fed Ex Delivery Notification
Unfortunately we were not able to deliver postal package you sent on December the 14 in time because the recipient's address is not correct. Please print out the invoice copy attached and collect the package at our office.
Your FEDEX
www.fedex.com
Malicious software (Malware) payloads usually hide in an attachment to a phishing message
• purporting to be from a business copier like Xerox that is delivering a PDF
• from a major delivery service like UPS or FedEx offering tracking information
• or from an OUHSC user who has a compromised account
• Back up your data regularly• Keep you data on a server in the campus
data center.• Do not download attachments from
someone you don’t know or if you weren’t expecting the file. Call the sender to make sure it’s legitimate.
• Any email that requires “immediate action”• Emails addressed to “Dear customer”• Grammar or spelling mistakes• Attachments you didn’t request
• Don’t click on links or fill out forms• Don’t believe everything you read• Visit the web page directly in your browser• Never provide personal information• Only open attachments you’re expecting
Proofpoint has reported that you have clicked on a link in an email that leads to a site that has been identified as a Phishing site. Your OUHSC account password will need to be reset.
If it's suspicious, don't open it!
If you see something, say something!
Report suspected phishing emails to IT.
Use the Phish Alert Button in Outlook.
Incidents are reported to:• Tier 1 or Computer Support Personnel or
Supervisor• IT Service Desk• IT Security• Office of Compliance (PHI incidents)
IT Information Security• it-security@ouhsc.edu• 271-2476
IT Service Desk• servicedesk@ouhsc.edu• 271-2203
• Comprehensive Training Education and Awareness (TEA) plan for all users that provides more TEA opportunities
• Implement Duo Two-factor authentication on the remaining enterprise applications
Untrained users have a phish-prone percentage of 75%
Trained users have a phish-prone percentage of 25%
• Share this information with your students• Encourage them to complete the security
awareness courses• Ask me to come speak to your class• ?
• ?
Recommended