Mark Villinski

@markvillinski

The Explosion of Phishing -

How to avoid being caught!

All this is done every 60 seconds on the internet

http://www.domo.com/learn/data-never-sleeps-2

How bad is it out there?

Malware

1994

One new virus every hour

2006

One new virus every minute

2011

One new virus every second

Or 70.000 samples/day

Kaspersky Lab is currently processing 300,000 unique malware samples EVERY DAY

PAGE 4 |

2014 MOBILE MALWARE STATISTICS

PAGE 5 |

2013: MOBILE MALWARE INSTALLATION PACKAGES

In 2013,

3,905,502

installation

packages were

used by

cybercriminals to

distribute mobile

malware.

From 2012-2013

we detected

approximately

10,000,000

unique malicious

installation

packages

Q2 2014 by the numbers from the lab • According to KSN data, Kaspersky Lab products detected and neutralized a total of 995,534,410

threats in the second quarter of 2014.

• Kaspersky Lab solutions repelled 354,453,992 attacks launched from online resources located all

over the world.

• Kaspersky Lab's web antivirus detected 57,133,492 unique malicious objects: scripts, web pages,

exploits, executable files, etc.

• 145,386,473 unique URLs were recognized as malicious by web antivirus.

• 39% of web attacks neutralized by Kaspersky Lab products were carried out using malicious web

resources located in the US and Germany.

• Kaspersky Lab's antivirus solutions detected 528,799,591 virus attacks on users' computers. A total

of 114,984,065 unique malicious and potentially unwanted objects were identified in these incidents.

• In Q2 2014, 927,568 computers running Kaspersky Lab products were attacked by banking

malware.

• A total of 3,455,530 notifications about attempts to infect those computers with financial malware

were received.

2013 Corporate Threats Survey • 91% of business’s suffered

one cyber attack in the last 12 months

• 9% of business’s were victims of a targeted attack

• Malicious programs could soon replace company insiders as the way of gathering information

https://www.securelist.com/en/analysis/204792317/Kaspersky_Security_Bulletin_2013_Corporate_threats

PHISHING ATTACKS EMPLOYEE

PHISHING ATTACKS ARE NOW A MAJOR ISSUE

KASPERSKY LAB ANALYSIS REPORT

▶ In 2012-2013, 37.3 million

users around the world were

subjected to phishing attacks,

up 87% from 2011-2012

▶ The number of distinct sources

of attacks in 2012 and 2013

increased 3.3 times (+330%)

SOURCE: THE EVOLUTION OF PHISHING ATTCKS 2011-2013, KASPERSKY LAB ANALYSIS REPORT

▶ 102,100 Internet users around the world

were subjected to phishing attacks daily!

PHISHING SITES BY CATEGORY

TOP 30 PHISHING TARGETED SITES 2012-2013

CORPORATE EMPLOYEE ACTIVITIES

▶ 69% of U.S. employees spend at least 30 minutes on personal activities

during business hours

▶ 34% of those employees spend their time online, most commonly on:

SOURCE: Salary.com's 2013 Wasting Time at Work Survey: http://www.salary.com/2013-wasting-time-at-work-survey/

The Anti-Phishing Work Group “Q2 2014 Report”

PHISHING EXAMPLE #1

REDIRECTED PHISHING SITE

PHISHING EXAMPLE #2

LET’S TAKE A CLOSER LOOK

HOW ABOUT THIS ONE? WHAT’S SUSPICIOUS?

PAYPAL’S OFFICIAL SECURITY GUIDELINES

October 2013 GSB Phishing Incident

Member FDIC

SPEAR-PHISHING & TARGETED ATTACKS

▶ Spear-phishing emails is one of the most common methods for infecting

valuable targets in corporations, often used in targeted attacked

▶ Highly customized, it now combines social engineering and common

system vulnerabilities to breach defenses

▶ In the past 12 months, 91% of the companies surveyed had at least one

external IT security incident and 85% reported internal incidents.

▶ A large enterprise breach in North America was calculated at an average of

$818,000 per incident

▶ For small to medium size businesses, the average cost was $82,000 per

incident

SOURCE: GLOBAL IT SECURITY RISKS SURVEY 2013

RSA: TARGETED ATTACK CASE STUDY

▶ On March 17th 2011, RSA announced that it was hacked

▶ During the 2011 Kaspersky Security Analyst Summit, Uri

Rivner from RSA talked about how it happened:

▶ Two employees received an e-mail which contained a

spreadsheet attachment labeled “2011 Recruitment

Plan”.

▶ The e-mail has been marked as SPAM and put into the

spam folder

▶ One of the employees opened it…and released a zero-

day Adobe Flash vulnerability.

RSA E-mail & Attachment

http://www.f-secure.com/weblog/archives/00002226.html

RSA: ANATOMY OF ATTACK

SOURCE: RSA ANATOMY OF ATTACK - https://blogs.rsa.com/anatomy-of-an-attack/

The Target Breach, By the Numbers

http://krebsonsecurity.com/2014/05/the-target-breach-by-the-numbers/

VULNERABILITIES – WHO IS AT RISK?

▶ In the first half of 2013, over 30,900,000 vulnerable programs

and files were detected on user computers running Kaspersky

Security Network (KSN)

▶ An average of 8 vulnerabilities were detected on each user’s

computer

▶ 45% of vulnerabilities detected by users were Oracle & Java

▶ Oracle Java, Adobe Reader, Office and Adobe Flash are the

most exploited programs by cybercriminals in attacks

Source: Kaspersky Lab 2013 Vulnerabilities Report

In short, many more users are vulnerable than

conventional thinking suggests

Vulnerable Apps Exploited by “The Bad Guys”

SURVIVING PHISING, TARGETED ATTACKS ET AL

▶ Users should be cautious and mindful of what websites they are accessing and

what files they are opening on corporate computers and devices

▶ They should be aware that they are working for a organization with data and

information, that is a valuable commodity on the cybercriminal market

▶ Everyone will probably face a targeted attack at least once in their career, and

while attackers generally prefer executives, HR, Legal staff, they will try anyone

▶ Attacks will most likely be more sophisticated in terms of social engineering:

▶ E-mails could come from other employees or even top management (CEO, COO)

▶ E-mails will often have an attachment – Word, Excel, PDF are top choices

▶ It’s possible and quite likely that the AV will not detect the attack (0-day vulnerability)

▶ Users should always be vigilant, and when they are suspicious, look carefully first

SECURITY TIPS FOR PHISHING EMAILS Do NOT open attachments in suspicious or strange emails – especially Word, Excel, PowerPoint, PDF

Do NOT click on embedded links or images in suspicious emails – these can be seeded with malware

▶ Turn off “Auto-

Preview of

attachments

▶ Receive emails in

plain text

▶ Alert your security

team of any

suspicious emails;

do not forward them

PREVENTING ONLINE PHISHING SCAMS

▶ Be cautious when receiving messages from vendors or third-parties

▶ Never click on any embedded URLs in the original message

▶ Visit the site directly by typing in the correct URL address to verify the request

▶ Review the vendor’s contact procedures and policies for requesting information

WEBSITE IDENTITY VERIFICATION

Source: https://support.google.com/chrome/

Anyone can create a website

pretending to be another site

but only the real site

possesses a valid security

certificate for the URL you’re

trying to reach

SSL VERIFICATION & DEFINITIONS

Source: https://support.google.com/chrome/

INTERNET EXPLORER VERIFICATION

Internet Explorer shows the same valid

security certificate to verify the site’s

identity and connection.

FIREFOX

• Never click a link in an email • Never open unexpected attachments • Never provide information, no matter how

innocuous it may seem, to unsolicited phone callers, visitors or email requests

• Never agree to an unsolicited remote control session (such as WebEx, GoToMeeting, LogMeIn)

• Your best defense: “Can I call you back?”

Phishing Prevention-The 100% rules!

Phishing Prevention-The 100% rules!

July 2012 – Yahoo

Passwords Hacked

435,000 usernames and

passwords hacked.

Particularly troubling? The

login credentials are in

plaintext, not even encrypted.

TOP TEN PASSWORDS FROM

THE YAHOO HACK

1) 123456 (38%)

2) password (18%)

3) welcome (10%)

4) ninja (8%)

5) abc123 (6%)

6) 123456789 (5%)

7) 12345678 (5%)

8) sunshine (5%)

9) princess = (5%)

10) qwerty = (4%)

Preventing Successful Spear Phishing Attacks

• Do not have a list of all employees on your website

• Regularly scan internet for exposed e-mail addresses and/or credentials

• Educate users on dangers of leaving to much information on social media sites

http://www.knowbe4.com/spear-phishing/

Recommendation: User Education • FAKE!!!!!!!

• User Awareness Training is Critical

• Fake Phishing E-mail Services

Phish Self-Testing (Too Successful 12/2013)

Phish Self-Testing eSlap

Phish Self-Testing (Zero Success 5/2014)

KEEP YOUR SYSTEM & PROGRAMS UPDATED

Windows, Office,

Adobe, Java, QuickTime

USE A RELIABLE SECURITY SOLUTION

Vulnerability Scanning

Patch Management

Advanced Malware Detection

Kaspersky Endpoint Security for Business

All managed through a single management console: Kaspersky Security Center

OUR LEADERSHIP IS PROVEN BY INDEPENDENT TESTS

45

0%

20%

40%

60%

80%

100%

0 20 40 60 80

N of independent tests/reviews

Sco

re o

f TO

P 3

pla

ce

s

Kaspersky Lab Participation

in 79 tests/reviews

1st places — 41

TOP 3 = 77% Bitdefender

Sophos

G-Data

Symantec

F-Secure

McAfee

Trend Micro

Avira

Avast

BullGuard

AVG

Eset

AhnLab

Microsoft

Panda

In 2013, Kaspersky Lab products participated

in 79 independent tests and reviews.

Our products won the 1st place 41 times and

finished in the Top 3 of all tests 61 times (77%).

The size of the bubble is number of 1st places.

ANALYSTS AGREE: KASPERSKY LAB IS A MARKET LEADER

46

* Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research

organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

** The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research , Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet

with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

*** IDC's Go-to-Market Services (GMS) offers webrights and reprints of IDC research to support your marketing initiatives. GMS can also help you to leverage IDC's globally respected brand by delivering custom content and multimedia deliverables which are drawn from

research and analysis independently conducted and published by IDC analysts. Learn more here or contact us at gms@idc.com

2014. A Leader. Magic Quadrant for Endpoint Protection Platform*

A leader in the Forrester Wave for Endpoint Security, The Forrester Wave™: Endpoint

Security, Q1 2013**

Leader in IDC MarketScape***