Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Mark Villinski
@markvillinski
The Explosion of Phishing -
How to avoid being caught!
All this is done every 60 seconds on the internet
http://www.domo.com/learn/data-never-sleeps-2
How bad is it out there?
Malware
1994
One new virus every hour
2006
One new virus every minute
2011
One new virus every second
Or 70.000 samples/day
Kaspersky Lab is currently processing 300,000 unique malware samples EVERY DAY
PAGE 4 |
2014 MOBILE MALWARE STATISTICS
PAGE 5 |
2013: MOBILE MALWARE INSTALLATION PACKAGES
In 2013,
3,905,502
installation
packages were
used by
cybercriminals to
distribute mobile
malware.
From 2012-2013
we detected
approximately
10,000,000
unique malicious
installation
packages
Q2 2014 by the numbers from the lab • According to KSN data, Kaspersky Lab products detected and neutralized a total of 995,534,410
threats in the second quarter of 2014.
• Kaspersky Lab solutions repelled 354,453,992 attacks launched from online resources located all
over the world.
• Kaspersky Lab's web antivirus detected 57,133,492 unique malicious objects: scripts, web pages,
exploits, executable files, etc.
• 145,386,473 unique URLs were recognized as malicious by web antivirus.
• 39% of web attacks neutralized by Kaspersky Lab products were carried out using malicious web
resources located in the US and Germany.
• Kaspersky Lab's antivirus solutions detected 528,799,591 virus attacks on users' computers. A total
of 114,984,065 unique malicious and potentially unwanted objects were identified in these incidents.
• In Q2 2014, 927,568 computers running Kaspersky Lab products were attacked by banking
malware.
• A total of 3,455,530 notifications about attempts to infect those computers with financial malware
were received.
2013 Corporate Threats Survey • 91% of business’s suffered
one cyber attack in the last 12 months
• 9% of business’s were victims of a targeted attack
• Malicious programs could soon replace company insiders as the way of gathering information
https://www.securelist.com/en/analysis/204792317/Kaspersky_Security_Bulletin_2013_Corporate_threats
PHISHING ATTACKS EMPLOYEE
PHISHING ATTACKS ARE NOW A MAJOR ISSUE
KASPERSKY LAB ANALYSIS REPORT
▶ In 2012-2013, 37.3 million
users around the world were
subjected to phishing attacks,
up 87% from 2011-2012
▶ The number of distinct sources
of attacks in 2012 and 2013
increased 3.3 times (+330%)
SOURCE: THE EVOLUTION OF PHISHING ATTCKS 2011-2013, KASPERSKY LAB ANALYSIS REPORT
▶ 102,100 Internet users around the world
were subjected to phishing attacks daily!
PHISHING SITES BY CATEGORY
TOP 30 PHISHING TARGETED SITES 2012-2013
CORPORATE EMPLOYEE ACTIVITIES
▶ 69% of U.S. employees spend at least 30 minutes on personal activities
during business hours
▶ 34% of those employees spend their time online, most commonly on:
SOURCE: Salary.com's 2013 Wasting Time at Work Survey: http://www.salary.com/2013-wasting-time-at-work-survey/
The Anti-Phishing Work Group “Q2 2014 Report”
PHISHING EXAMPLE #1
REDIRECTED PHISHING SITE
PHISHING EXAMPLE #2
LET’S TAKE A CLOSER LOOK
HOW ABOUT THIS ONE? WHAT’S SUSPICIOUS?
PAYPAL’S OFFICIAL SECURITY GUIDELINES
October 2013 GSB Phishing Incident
Member FDIC
SPEAR-PHISHING & TARGETED ATTACKS
▶ Spear-phishing emails is one of the most common methods for infecting
valuable targets in corporations, often used in targeted attacked
▶ Highly customized, it now combines social engineering and common
system vulnerabilities to breach defenses
▶ In the past 12 months, 91% of the companies surveyed had at least one
external IT security incident and 85% reported internal incidents.
▶ A large enterprise breach in North America was calculated at an average of
$818,000 per incident
▶ For small to medium size businesses, the average cost was $82,000 per
incident
SOURCE: GLOBAL IT SECURITY RISKS SURVEY 2013
RSA: TARGETED ATTACK CASE STUDY
▶ On March 17th 2011, RSA announced that it was hacked
▶ During the 2011 Kaspersky Security Analyst Summit, Uri
Rivner from RSA talked about how it happened:
▶ Two employees received an e-mail which contained a
spreadsheet attachment labeled “2011 Recruitment
Plan”.
▶ The e-mail has been marked as SPAM and put into the
spam folder
▶ One of the employees opened it…and released a zero-
day Adobe Flash vulnerability.
RSA E-mail & Attachment
http://www.f-secure.com/weblog/archives/00002226.html
RSA: ANATOMY OF ATTACK
SOURCE: RSA ANATOMY OF ATTACK - https://blogs.rsa.com/anatomy-of-an-attack/
The Target Breach, By the Numbers
http://krebsonsecurity.com/2014/05/the-target-breach-by-the-numbers/
VULNERABILITIES – WHO IS AT RISK?
▶ In the first half of 2013, over 30,900,000 vulnerable programs
and files were detected on user computers running Kaspersky
Security Network (KSN)
▶ An average of 8 vulnerabilities were detected on each user’s
computer
▶ 45% of vulnerabilities detected by users were Oracle & Java
▶ Oracle Java, Adobe Reader, Office and Adobe Flash are the
most exploited programs by cybercriminals in attacks
Source: Kaspersky Lab 2013 Vulnerabilities Report
In short, many more users are vulnerable than
conventional thinking suggests
Vulnerable Apps Exploited by “The Bad Guys”
SURVIVING PHISING, TARGETED ATTACKS ET AL
▶ Users should be cautious and mindful of what websites they are accessing and
what files they are opening on corporate computers and devices
▶ They should be aware that they are working for a organization with data and
information, that is a valuable commodity on the cybercriminal market
▶ Everyone will probably face a targeted attack at least once in their career, and
while attackers generally prefer executives, HR, Legal staff, they will try anyone
▶ Attacks will most likely be more sophisticated in terms of social engineering:
▶ E-mails could come from other employees or even top management (CEO, COO)
▶ E-mails will often have an attachment – Word, Excel, PDF are top choices
▶ It’s possible and quite likely that the AV will not detect the attack (0-day vulnerability)
▶ Users should always be vigilant, and when they are suspicious, look carefully first
SECURITY TIPS FOR PHISHING EMAILS Do NOT open attachments in suspicious or strange emails – especially Word, Excel, PowerPoint, PDF
Do NOT click on embedded links or images in suspicious emails – these can be seeded with malware
▶ Turn off “Auto-
Preview of
attachments
▶ Receive emails in
plain text
▶ Alert your security
team of any
suspicious emails;
do not forward them
PREVENTING ONLINE PHISHING SCAMS
▶ Be cautious when receiving messages from vendors or third-parties
▶ Never click on any embedded URLs in the original message
▶ Visit the site directly by typing in the correct URL address to verify the request
▶ Review the vendor’s contact procedures and policies for requesting information
WEBSITE IDENTITY VERIFICATION
Source: https://support.google.com/chrome/
Anyone can create a website
pretending to be another site
but only the real site
possesses a valid security
certificate for the URL you’re
trying to reach
SSL VERIFICATION & DEFINITIONS
Source: https://support.google.com/chrome/
INTERNET EXPLORER VERIFICATION
Internet Explorer shows the same valid
security certificate to verify the site’s
identity and connection.
FIREFOX
• Never click a link in an email • Never open unexpected attachments • Never provide information, no matter how
innocuous it may seem, to unsolicited phone callers, visitors or email requests
• Never agree to an unsolicited remote control session (such as WebEx, GoToMeeting, LogMeIn)
• Your best defense: “Can I call you back?”
Phishing Prevention-The 100% rules!
Phishing Prevention-The 100% rules!
July 2012 – Yahoo
Passwords Hacked
435,000 usernames and
passwords hacked.
Particularly troubling? The
login credentials are in
plaintext, not even encrypted.
TOP TEN PASSWORDS FROM
THE YAHOO HACK
1) 123456 (38%)
2) password (18%)
3) welcome (10%)
4) ninja (8%)
5) abc123 (6%)
6) 123456789 (5%)
7) 12345678 (5%)
8) sunshine (5%)
9) princess = (5%)
10) qwerty = (4%)
Preventing Successful Spear Phishing Attacks
• Do not have a list of all employees on your website
• Regularly scan internet for exposed e-mail addresses and/or credentials
• Educate users on dangers of leaving to much information on social media sites
http://www.knowbe4.com/spear-phishing/
Recommendation: User Education • FAKE!!!!!!!
• User Awareness Training is Critical
• Fake Phishing E-mail Services
Phish Self-Testing (Too Successful 12/2013)
Phish Self-Testing eSlap
Phish Self-Testing (Zero Success 5/2014)
KEEP YOUR SYSTEM & PROGRAMS UPDATED
Windows, Office,
Adobe, Java, QuickTime
USE A RELIABLE SECURITY SOLUTION
Vulnerability Scanning
Patch Management
Advanced Malware Detection
Kaspersky Endpoint Security for Business
All managed through a single management console: Kaspersky Security Center
OUR LEADERSHIP IS PROVEN BY INDEPENDENT TESTS
45
0%
20%
40%
60%
80%
100%
0 20 40 60 80
N of independent tests/reviews
Sco
re o
f TO
P 3
pla
ce
s
Kaspersky Lab Participation
in 79 tests/reviews
1st places — 41
TOP 3 = 77% Bitdefender
Sophos
G-Data
Symantec
F-Secure
McAfee
Trend Micro
Avira
Avast
BullGuard
AVG
Eset
AhnLab
Microsoft
Panda
In 2013, Kaspersky Lab products participated
in 79 independent tests and reviews.
Our products won the 1st place 41 times and
finished in the Top 3 of all tests 61 times (77%).
The size of the bubble is number of 1st places.
ANALYSTS AGREE: KASPERSKY LAB IS A MARKET LEADER
46
* Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research
organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
** The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research , Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet
with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.
*** IDC's Go-to-Market Services (GMS) offers webrights and reprints of IDC research to support your marketing initiatives. GMS can also help you to leverage IDC's globally respected brand by delivering custom content and multimedia deliverables which are drawn from
research and analysis independently conducted and published by IDC analysts. Learn more here or contact us at [email protected]
2014. A Leader. Magic Quadrant for Endpoint Protection Platform*
A leader in the Forrester Wave for Endpoint Security, The Forrester Wave™: Endpoint
Security, Q1 2013**
Leader in IDC MarketScape***