In the current article, I would like to review the chain of events that occurs every time, again and again, in a scenario in which the attacker manages to successfully execute a Phishing mail attack.
The reaction of the involved persons is known in advance, and the sad end of the story is known in advance.
The main goal of the story is - to serve as a wakeup call, so you do not have to be a character in the play of – Phishing mail attack!
http://o365info.com/dealing-spoof-mail-attacks-phishing-mail-attacks-little-story-sad-end-part-1-of-9/
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
Dealing with a spoof mail attacks and phishing mail attacks a little story with a sad end - part 1#9 | Eyal Doron | o365info.com
1. Dealing with a Spoof mail attack and Phishing
mail attacks | A little story with a sad end
Part 1/9
2. Eyal Doron o365info.com
The common feeling of IT persons is –
that they know and understand everything that is
related to security and threats in their environment.
3. Eyal Doron o365info.com
The simple truth is that most of the time, we don t really
have any idea, about the threats and dangers that exist,
and what is happening under our noses.
5. Eyal Doron o365info.com
In each security event, in which we discover the
damage which was caused by the Spoof Phishing
mail attacks, we act the same – panic!
8. Eyal Doron o365info.com
The only difference between those events that
organizations experience is - the faces and the names of
the people who are involved in the process.
12. Eyal Doron o365info.com
It's 9:30 in the morning; the sun is shining.
In our little story, your name is Jeff, and you are the CIO of a
company that belongs to the financial sector named –
Don t do anything and hope that everything will work
out by itself .
13. Eyal Doron o365info.com
You're sitting in your Office, drinking a cup of hot coffee
(no sugar because you need to maintain your weight).
You log on to Facebook, and start to watch some
boring video of a dog or a cat doing something.
14. Eyal Doron o365info.com
Your phone is ringing.
Your gut feeling is telling you that something
is wrong!
On the line is Suzan, the personal assistant of Brad, the company CEO.
Suzan is asking you to urgently come to Brad s office.
15. Eyal Doron o365info.com
The facial expression of Brad is grave and serious.
This morning, after a brief conversation with David,
I understand that I was a victim of an ugly fraud!
You enter Brad s room.
Brad asks you to close the door behind you.
Brad says:
"Jeff, let's make it simple and straight-forward.
Yesterday, I got an E-mail message from David (David is the company CFO)
that asked me to deposit 500, 000$ in a specific bank account.
The purpose of the deposit was an initial payment for a big acquisition deal,
which is about to take place soon.
16. Eyal Doron o365info.com
1. I want my money back!
2. I want you to locate the person that carried out this ugly
fraud + report the information to the police!
17. Eyal Doron o365info.com
3. I demand to know - how can it be that our security
infrastructure that costs us so much money, didn t
recognize and blocked this attack, and I demand to know
who to blame, and who is the person that is
responsible for this failure!
20. Eyal Doron o365info.com
Billy enters your office.
You ask Billy to close the door behind him.
You instantly call Billy (the company IT manager), and ask him
firmly to reach your office immediately!
21. Eyal Doron o365info.com
You inform Billy about the "mess", waving your finger in his face.
You inform Billy that you need instant answers and that
someone will have to pay the price!
23. Eyal Doron o365info.com
Billy rushes into his office, finds Bob (the Help desk manager), and
informs him about the "issue".
Billy asks Bob to call the IT company that planned and built our mail infrastructure
immediately, and inform them that they will have to provide an accurate answer
to the following questions:
24. Eyal Doron o365info.com
1. How did the hostile element manage to hack our system, despite the advanced
security infrastructure that was supposed to protect our mail infrastructure?
2. How to identify with certainty the hostile element, and locate the hostile element
which carried out the attack?
3. How are they going to compensate us for the Indignities and the financial losses?
26. Eyal Doron o365info.com
Bob calls the technical support of the IT company that built our mail
infrastructure, informs them about the incident that happened, and
present the list of questions.
27. Eyal Doron o365info.com
The "other side", explains that this problem
is not related to "their side" in any way, and that the responsibility for
protecting the organization mail infrastructure from such attack, is the
responsibility of the organization that owns the mail infrastructure
meaning, our responsibility.
28. Eyal Doron o365info.com
After an exchange of harsh words, Bob disconnects the
call and informs Billy that the provider, refuses to help
us and in addition, blames us for the "mess".
30. Eyal Doron o365info.com
Billy (the company IT manager) picks up the phone and calls the
technical support of the provider who built our mail infrastructure.
Billy asks politely but firmly to talk to Stephen,
the manager!
31. Eyal Doron o365info.com
Stephen explains that this problem is not related to "their side" in any
way, and that responsibility for protecting the organization mail
infrastructure from such attack, is the
responsibility of the organization who owns and manages the mail
infrastructure.
34. Eyal Doron o365info.com
The bottom line – Stephen that represents the IT company that
built our mail infrastructure declares that – they are not willing
to take any kind of responsibility for this mess!
Billy calls you (just a quick reminder; you are Jeff the company
CIO) and reports on the conversation with Stephen.
35. Eyal Doron o365info.com
You ordered Billy to immediately summon a
conference call, that includes yourself, Billy
(the company IT manager) and Stephen.
36. Eyal Doron o365info.com
You start the phone conversation with some statement
about the fact that you have decades of experience in
the field (usually, the magic number is 15 years).
37. Eyal Doron o365info.com
You continue to the "threats phase", and clarify unambiguously that if he (the
provider) will not take responsibility, provide immediate answers and solve the
mess, you will:
fire him
sue him and in addition
publish negative information about his company on Facebook.
38. Eyal Doron o365info.com
Stephen says that he is very sorry, that he understands my pain, but
nothing he can do to help us in this scenario.
40. Eyal Doron o365info.com
You start to stutter and mumble about security risks, cyber-
attacks, the difficulty in dealing with the risks and threats of
the modern work environment.
You enter the office of the CEO with heavy steps
43. Eyal Doron o365info.com
Two years passed since you have been fired following the unfortunate incident.
You could not find another job (because of age and other reasons).
Your financial situation is not good, and you get a call from the bank on a daily basis.
After many reflections and obsessive thoughts, you decide that .
45. Eyal Doron o365info.com
The wind blows in your face.
You're standing on a high bridge looking into the abyss which
pours down!
Goodbye cruel world!
Notas do Editor
In the current article, I would like to review the chain of events that occurs every time, again and again, in a scenario in which the attacker manages to successfully execute a Phishing mail attack.
The reaction of the involved persons is known in advance, and the sad end of the story is known in advance.
The main goal of the story is - to serve as a wakeup call, so you do not have to be a character in the play of – Phishing mail attack!
The major challenges relating to the subject of Spoof mail attack and Phishing mail attacks are
The fact the Phishing mail attack is a sophisticated attack that includes many parts that will need to deal with each one of them separately such as – Spoof mail attack.
Our ignorance about the way the Phishing mail attack work and executed.
Our fake confidence which is based on our mistaken assumption that our mail infrastructure is protected and can deal with all this “mambo jumbo attack” stuff.
Why are we so arrogant?
The common denominator of IT people is - the strong believe, that he is some kind of Albert Einstein, that knows everything there is to know about IT and security.
If we have the courage to admit, most of us not really know what is the meaning of Phishing mail attack, what are the characters of Phishing mail attack, what are the different flavor of Phishing mail attack, what is the difference between spam mail, Phishing mail attack or a Spoof E-mail.
The bitter truth appears when and where we least expect it!
Your organization experiences a successful Phishing mail attack, in which the attacker manages to cause a huge damage to our organization.
You feel like a bull rammed you!
The next emotion in our emotional rollercoaster is "panic."
We don’t know what is volume of damage, we don’t know if our network was infected with malicious code to continue to damage our organization or, just sit and wait for the right opportunity.
The real reason of the “panic” is the very reasonable suspicion that his ass is on fire!
The next emotion in our emotional rollercoaster is "anger."
The source for the "anger," is frustration.
The source of the frustration is because:
We didn’t manage to identify and block the attack.
The fact that we are faced with the simple truth, that says that we are not so smart as we thought.
The anger outcome is - shouting and screaming at everyone below us or any other person that who we can shout.
One of the most popular “objects” for channeling our frustration is - the companies, that provide us some kind of service because, most of the time they will not answer back.
This is the last phase of our bad trip, which I describe as the "the silent grief phase."
This is the phase in which we manage to understand and accept that there is nothing that we can do besides of accept the reality, and understand that the attacker was smart enough to revel in our weak spot.
The conclusion
The drama which was described is not so special or unique to a specific origination.
It happened all the time to many organizations.
The only difference between the events is the name and the faces of the people that are involved.
Let me tell you a story that happened long long time ago in a distant land.
Scene number 1
In our little story, your name is Jeff, and you are the CIO of a company that belongs to the financial sector named – “Don’t do anything and hope that everything will work out by itself."
It's 9:30 in the morning; the sun is shining.
You're sitting in your office, drinking a cup of hot coffee (no sugar because you need to maintain your weight).
You log on to Facebook, and start to watch some boring video of a dog or a cat, doing something.
Your phone is ringing.
On the line is Suzan, the personal assistant of Brad, the company CEO.Suzan is asking you to urgently come to Brad’s office.
Your gut feeling is telling you that something is wrong!
You enter the Brad’s room.
Brad asks you to close the door behind you.
The facial expression of Brad is grave and serious.
Brad says:
"Jeff, let's make it simple and straight-forward. Yesterday, I got an E-mail message from David (David is the company CFO) that asked me to deposit 500, 000$ in a specific bank account. The purpose of the deposit was an initial payment for a big acquisition deal, which is about to take place soon.”
This morning, after a brief conversation with David, I understand that I was a victim of an ugly fraud!
1. I want my money back!
2. I want you to locate the persons that carried out this ugly fraud + report the information to the police!
3. I demand to know - how can it be that our security infrastructure that costs us so much money, didn’t recognize and blocked this attack, and I demand to know who to blame and who is the person that is responsible for this disaster!
Scene number 2
You can hear your heart pounding.
You Instantly call Billy (the company IT manager), and ask him firmly, to reach your office immediately.
Billy enters your office.
You ask Billy to close the door behind him.
You inform Billy about the "mess," waving your finger in his face.
You inform Billy that you need instant answers and that someone will have to pay the price!
Scene number 3
Billy rushes into his office, finds Bob (the Help desk manager), and informs him about the "issue."
Billy asks from Bob to immediately call the IT company, which planned and built our mail infrastructure, and inform them that they will have to provide an accurate answer to the following questions:
1. How did the hostile element manage to hack our system despite the advanced security infrastructure that was supposed to protect our mail infrastructure?
2. How to identify with certainty the hostile element, and locate the hostile element which carried out the attack?
3. How are they going to compensate us for the Indignities and the financial losses?
Scene number 4
Bob calls the technical support of the IT company that built our mail infrastructure.
Bob informs them about the incident that happened, and present the list of questions.
The "other side", explains that this problem is not related to "their side" in any way, and that the responsibility for protecting the organization mail infrastructure from such attack, is the responsibility of the organization that owns the mail infrastructure meaning, our responsibility.
After an exchange of harsh words, Bob disconnects the call and informs Billy that the provider refuses to help us and in addition, blames us for the "mess".
Scene number 5
Billy (the company IT manager) picks up the phone, and calls the technical support of the provider who built the mail infrastructure.
Billy asks politely but firmly to talk to Stephen, the manager!
Stephen explains that this problem is not related to "their side" in any way, and that responsibility for protecting the organization mail infrastructure from such attack, is the responsibility of the organization who owns and manages the mail infrastructure.
After an exchange of harsh words, Billy disconnects the call.
Scene number 6
Billy calls you (just a quick reminder; you are Jeff the company CIO) and reports on the conversation with Stephen.
The bottom line – Stephen that represents the IT company that built our mail infrastructure declares that – they are not willing to take any kind of responsibility for this mess!
You ordered Billy to immediately summon a conference call, that includes yourself, Billy (the company IT manager) and Stephen.
You start the phone conversation with some statement about the fact that you have decades of experience in the field (usually, the magic number is 15 years).
You continue to the "threats phase", and clarify unambiguously that if he (the provider) will not take responsibility, provide immediate answers and solve the mess, you will fire him, sue him, and in addition, publish negative information about his company on Facebook.
Stephen says that he is very sorry, that he understands my pain, but nothing he can do to help us in this scenario.
Scene number 7
Clumping you enter the director's office.
You start to stutter and mumble about security risks, cyber-attacks, the difficulty in dealing with the risks and threats of the modern work environment.
Brad (your CEO) informs you that you will have drawn the required conclusions.
Scene number 8
Two years passed since you have been fired following the unfortunate incident.
You could not find another job (because of age and other reasons).
Your financial situation is not good, and you get a call from the bank on a daily basis.
After many reflections and obsessive thoughts, you decide that….
Scene number 9
The wind blows in your face.
You're standing on a high bridge looking into the abyss which pours down!
Good-bye crawl word!