Interop 2017 - Defeating Social Engineering, BEC, and Phishing
2 likes847 views
The document provides insights on defeating social engineering, business email compromise (BEC), and phishing attacks as presented by Rob Ragan and Alex DeFreese from Bishop Fox. It outlines the anatomy of phishing attacks, common BEC scenarios, ineffective security measures, and effective mitigation strategies including incident response plans and email protection techniques. The authors emphasize the essential role of technical controls alongside user awareness in enhancing organizational security.
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
- 1. Defeating Social Engineering, BECs, & Phishing Rob Ragan @sweepthatleg | Alex DeFreese @lunarca_
- 2. We are Rob and Alex Security consultants at Bishop Fox. We help organizations secure their networks, applications, and people. Hello!
- 4. Trap the Phisherman Lure attackers into traps that betray their presence
- 5. Trap the Phisherman Lure attackers into traps that betray their presence Trigger rapid incident response
- 8. Email phishing was the first step in 91% of data breaches in 2016
- 11. The Anatomy of an Attack • Find Targets • Create Payload • Deliver Attack
- 14. Email Address Formats • [email protected] • [email protected] • [email protected] • [email protected]
- 15. Attack Payload • Compromise Accounts and Credentials • Compromise Computers • Perform an Action $
- 18. Deliver Attack
- 20. Link to Attack Site
- 24. • Business Working with a Foreign Supplier • Business Executive Receiving or Initiating a Request for a Wire Transfer • Business Contacts Receiving Fraudulent Correspondence through Compromised E-mail • Data Theft • Business Executive and Attorney Impersonation https://www.ic3.gov/media/2017/170504.aspx Most Common BEC Scenarios
- 26. • Business Working with a Foreign Supplier • Business Executive Receiving or Initiating a Request for a Wire Transfer • Business Contacts Receiving Fraudulent Correspondence through Compromised E-mail • Data Theft • Business Executive and Attorney Impersonation https://www.ic3.gov/media/2017/170504.aspx Most Common BEC Scenarios
- 28. • Clearly-defined process for financial transactions • Out-of-band verification for transactions beyond a threshold • Multi-factor authentication Mitigation Strategies
- 29. Event of the Year
- 31. “
- 32. “
- 34. Common Ineffectual Techniques What Doesn’t Work
- 36. Not useless • Reduce attack surface • Improve detection rates
- 37. “ But it’s nowhere near enough on its own
- 38. It only takes one
- 40. Social engineering attacks will always succeed without technical controls for defense
- 41. • Helpful • Naïve • Trusting • Routine-oriented Because people are…
- 42. Not security experts Because people are…
- 43. And they shouldn’t have to be
- 46. v=spf1 include:spf.protection.outlook.com include:mailgun.org -all v=DMARC1; p=reject; pct=100; rua=mailto:[email protected]; aspf=r; SPF DMARC
- 52. Set up Canary Emails
- 57. Block at First Sight
- 63. Limit Access to PowerShell
- 68. Password Manager
- 70. Refuser
- 74. Tailored Incident Response Plan • Identify the most common threats facing your company • Define and enforce incident response plans for these threats
- 75. Detect
- 77. It still only takes one
- 79. Domain Protections • DNS RPZ • Automate redirection of known-bad domains • Redirect DNS Homoglyphs • Tripwire to alert on attacks in progress
- 81. Contain
- 84. Eradicate
- 85. Revert to Known- Good Backup • Getting around persistence is hard and not worth it • Difficult to tell if its actually eradicated
- 86. Burn Payload Infrastructure • Break Command and Control channels • Blacklist server IP addresses and DNS names • Buy time to respond • Make attackers spend money
- 87. Burn Delivery Infrastructure • Block emails from attacking MTA • Prevent further attacks from that server • Make attackers spend money
- 88. Raise the alarm
- 90. Any questions ? You can find us at: • @bishopfox • facebook.com/bishopfoxconsulting • linkedin.com/company/bishop-fox • google.com/+bishopfox Thanks!
- 91. CREDITS Christina Camilleri (@0xkitty) for the slide design!