1. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Email Security – Growing in
threats, quickening in pace
Erez Haimowicz
Enablement and Security
Mimecast
11-10-17
2. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Email: The Ultimate App
With demanding business and
user requirements
24 X 7
Email Availability
ContinuousMission-critical Mobile
.2
3. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Cyber Resilience
The technology that provides
the best possible multi-layered
protection
MULTILAYERED
SECURITY
A solution that allows you to
continue to work while the issue
is resolved
CONTINUITY
The knowledge that no matter
what, you can get back to the
last known good state
REMEDIATION
4. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Countdown to a
breach
Verizon 2016 Data Breach Investigations Report (DBIR)
100 Seconds average time-to-
first-click
5. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
91% of all
incidents start
with a phish
Wired
6. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
You can no longer stand in front of your board and say
that you won’t have an attack.
As we all know, it’s now a case of when.
7. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
What those attacking look like
8. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Your company
is at risk if
you.. • You have certain letters in your domain name
• You accept resumes on your website
• You have a team of people in finance
• You have a profile
• Your life is deemed interesting enough to be
on
• Your company is at
RISK if you…
9. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Do You Have a Page Like This On Your Website?
14. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Imagine being able
to stop EVERY
malicious file
We all know the
risks
Trust your users
not to click?
19. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Compromised Accounts
Stolen User Credentials
Utilize Corp Web mail to spread attack internally or
externally to partners/customers
Careless Users
Sending sensitive data internally such as projects and PII
“Oops, sent it to the wrong Michael…”
Malicious Insiders
Purposely distributing malware or malicious URLs
Internal
threats!
20. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Flawed - The technology
23% open the phish & click
Confidetial |
21. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
• To run an attack…
• You don’t even
need to know
how to code
Source: Forbes.com - "Ransomware As A Service Being Offered For
$39 On The Dark Net" 7/15/16
22. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
AND to bypass
sandboxes….
FUD (Fully
Undetectable)
Crypting Services to
avoid AV detection
• AND to bypass
sandboxes…
• FUD (Fully
Undetectable)
Crypting Services to
avoid AV Detection
23. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Confidential |
At Risk - The human firewall
11% open the phish & run the attachment
24. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
“HEY STRANGERS - Please send me files”
25. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
‘Click to View’ Dupe
26. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
You can’t fix stupid
27. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
• Whatever we do,
they’re still around
and getting ‘creative’
28. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Your business
needs a cyber resilience
strategy
ARCHIVING
SECURITY
CONTINUITY
29. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
29
Thank you
Notas do Editor
Interesting beast, email! Beyond its ubiquity, email has several other characteristics that make proper management both demanding and mission-critical:
Email has emerged into the predominant business communications medium, eclipsing even the telephone
Email is unique in creating a continuous body of business knowledge
Businesses demand 24x7 email availability
24x7 availability means anytime, anywhere access
**Countdown to a breach – 100 Seconds?
We refer to users as the human firewall and that human firewall is your weakest link.
1M 22 SECONDS THE MEDIAN TIME FOR SOMEONE TO CLICK
on a phishing link
That’s the Median, imagine what the lower outliers are.
And.. 50% of those people who do
click the link will do it within the first hour.
WHATS WORSE, WE KNOW…
95%
For the purposes of this talk, we’ll use the phrase phish
To mean spear-phishing, whaling and phishing
But in a business context
How do Attackers get their information?
An easy way to find out about a company is visit their website. Most companies have information about their executive teams. What better way to entice a user to open an email than having it look like it’s from the CEO, the CFO or some other senior leader?
Remember that it only takes one employee to “click before they think” to compromise an entire organization.
Let’s look at some of the attacks that aw are seeing as part of our service.
Phishing attack focused on getting a users password via a random mass-emailing attack.
An email from Chase Bank.
When you hover over the link you will see that the link is not legit.
Using our URL protection service you will also be able to see the User Awareness Page showing you:
The link which was automatically re-written
The email address that it was sent from (not legitimate)
Information on how to recognize a phishing attack.
An action to either exit or accept the risk
And the fact that your decision will be logged for future audit purposes.
Even if you accept the risk it will block access.
Let’s look at some of the attacks that aw are seeing as part of our service.
Phishing attack focused on getting a users password via a random mass-emailing attack.
An email from Chase Bank.
When you hover over the link you will see that the link is not legit.
Using our URL protection service you will also be able to see the User Awareness Page showing you:
The link which was automatically re-written
The email address that it was sent from (not legitimate)
Information on how to recognize a phishing attack.
An action to either exit or accept the risk
And the fact that your decision will be logged for future audit purposes.
Even if you accept the risk it will block access.
Let’s look at some of the attacks that aw are seeing as part of our service.
Phishing attack focused on getting a users password via a random mass-emailing attack.
An email from Chase Bank.
When you hover over the link you will see that the link is not legit.
Using our URL protection service you will also be able to see the User Awareness Page showing you:
The link which was automatically re-written
The email address that it was sent from (not legitimate)
Information on how to recognize a phishing attack.
An action to either exit or accept the risk
And the fact that your decision will be logged for future audit purposes.
Even if you accept the risk it will block access.
In this case this advanced phishing email with attachment is delivering a document with malicious code. This is a malware attack …very targeted.
What you will see from our attachment protect service is that we do both a safe file transfer into a PDF document which is safe to open as well as the ability to request the original file. Once the request is done the file will go through a sandbox threat service prior to it being delivered to the end user.
In this case this advanced phishing email with attachment is delivering a document with malicious code. This is a malware attack …very targeted.
What you will see from our attachment protect service is that we do both a safe file transfer into a PDF document which is safe to open as well as the ability to request the original file. Once the request is done the file will go through a sandbox threat service prior to it being delivered to the end user.
In this case this advanced phishing email with attachment is delivering a document with malicious code. This is a malware attack …very targeted.
What you will see from our attachment protect service is that we do both a safe file transfer into a PDF document which is safe to open as well as the ability to request the original file. Once the request is done the file will go through a sandbox threat service prior to it being delivered to the end user.
In this case you see a spear phishing attack impersonating a senior staff member. It is targeting an employee with authority. In this case it was send asking for a western union money transfer of $4500. Notice the email?
In this case you see a spear phishing attack impersonating a senior staff member. It is targeting an employee with authority. In this case it was send asking for a western union money transfer of $4500. Notice the email?
Layer one is of course the technology
Attackers don’t have to know how to code, they don’t even have to be smart. They can download TOX, a ransomware construction tool that provides an easy to use graphical interface that allows attackers to track how many folks have been infected and track the ransom paid
If you’re an attacker and can code but don’t know how to evade sandbox detection, that’s not a problem there’s an online service that can help. FUD- fully undetectable crypting services uses obfuscation, encryption and code manipulation.
The second layer of defense is employee awareness and vigilance.
The aim here is to a create herd alertness in your organization.
The intention is not to make everyone suspicious of everything, or make everyone a security pro, but make them alert enough to linger over a link or attachment.
The Mimecast security awareness tools help in this mission to compliment the other tactics you should use like training and perhaps simulated exercises.