Beyond the Nigerian Prince: A How-To Guide to Modernizing ... Slides... · Control your email with...

Beyond the Nigerian Prince: A How-To Guide to Modernizing Phishing Defenses

December 11, 2018

Logistics

＞ You will be on mute

＞ Submit questions in the Q&A box (probably on the right side of your screen) in the GoToWebinar control pane

＞Webinar is being recorded and will be available for replay

＞ Slides will be made available after the webinar

Copyright © 2018 GreatHorn & dmarcian 2

Kevin O’BrienCEOGreatHorn

Tim DraegenCEOdmarcian

Agenda

＞ Recap: The evolution of phishing

＞ Anatomy of modern email threats

＞ Assess your defenses

＞Most common areas

＞ Prioritizing next steps


Last Time…

Prevent your brand from being used in phishing attacks

Prevention Protection

Industry Organization Individual

Shared Responsibility Model

Protect your organization from falling victim to phishing attacks

“Phishing” is Many Things, Not Just One

＞ Requires different tools / strategies to combat

＞ Constantly evolving attack patterns easily bypass threat intel-based defenses

＞Most dangerous:ѱ Impersonationsѱ Business Services spoofingѱ Credential Theft


Common Characteristics of a Phishing Email


Trusted Sender

Urgency

Response Required

Anatomy of a Phishing Email: Name SpoofWhat: ＞ Display Name is adjusted to a

person of trust

Challenge: ＞ Personal email addresses &

mobile devices


Anatomy of a Phishing Email: Direct Spoof


What:

＞ Sender email appears to be colleague’s business email

Challenge:

＞ Email, photo, Outlook history are correct

＞ Average user doesn’t know how to check header data

Anatomy of a Phishing Email: Business Services Spoofing


What: ＞ Sender appears as

an automated alert from a trusted business service

Challenge: ＞ Often properly

branded and carefully crafted

＞ Some links are legitimate; others are not

Anatomy of a Phishing Email: Malware


What:

＞ Malicious attachment

Challenge:

＞ Display name matches content

＞ Average user doesn’t know how to check header data

Phishing Tactics & Countermeasures

Technical Tactics

＞ Display name spoof

＞ Email address spoof

＞ Branding

＞ Domain look-alikes

＞ URL obfuscation

Countermeasures

＞ Check authentication

＞ Verify sending email addresses against known email addresses

＞ Review header dataѱ Reply toѱ Return Pathѱ IP Addressѱ Sending Domain

＞ Confirm destination URLs


Challenge: Users can’t / won’t review email metadata

What Now?

How to prevent phishing and protect your employees

Copyright © 2018 GreatHorn - GreatHorn Confidential 12

Assess Your Defenses: Phishing Protection “Danger Zones”

＞ Shared responsibility breaks down at intersections

＞ How well do organizations support:ѱ Industry standards for confirming corporate identity?ѱ Providing individuals context on email risk?


Manage Online Identity

Manage Internal Risk

Translate into Actionable Areas of Protection


Prevention Protection

Prevention: Managing Online Identity

Protect employees, customers, and partners from direct spoofs and domain spoofs


Prevention – Role of Online Identity

Organization A

Organization B?

Organization A needs to know:“Are you reallyOrganization B?”

Prevention - Email Focus

Biggest problem gets the focus.

>90% of attacks begin with an email.

The email you send becomes email that others receive.

How can you make yourself into a Trusted Sender?

Prevention - Trusted Sender Benefits

＞Allow others to easily determine if your email is real.

＞Tell others to ignore email that pretends to be you.

＞Receivers can build on your trust to reliably deliver your email.

Prevention - Become a Trusted Sender

＞Technology exists to make your email easy to identify.

＞DMARC introduces stable domain-level identifiers to email. Brings:ѱ Policy controls for how to dispose of non-DMARC/fake email.ѱ Feedback mechanisms to make deployment possible.ѱ Consistency to email practice to ease maintenance.

Prevention - Assess Your Trust

Your organization has domains on the Internet.

Collect all of your domain assets into a big list.

Are you using DMARC?− dmarcian inspector: https://dmarcian.com/dmarc-inspector/− Internet.NL has a great email-testing suite− Global Cyber Alliance: https://dmarc.globalcyberalliance.org/

https://dmarcian.com/dmarc-inspector/

https://dmarc.globalcyberalliance.org/

Prevention - What To Expect

Convert feedback data into actions

Actions:

Identify vendors, infrastructure, senders

Build internal process to maintain DMARC

Fix up senders et al to send DMARC-compliant email

Roll out DMARC controls to disallow fake email

Maintenance mode: just another asset to keep locked down

Prevention - Ounce of Prevention..

Building an online identity using DMARC allows good actors to “Trust but verify”.

In terms of protection, DMARC:

Protects against direct spoofs and brand impersonations

Protection: Managing Internal Risk


Effective Phishing Protection Requires a Lifecycle of Email Security

Incoming Email Inbox

Threat Detection

Automated Threat Defense

Incident Response Copyright © 2018 GreatHorn - GreatHorn Confidential 24

Putting Lifecycle into Practice


People

Business Process

Technology

Evaluate Business Processes with Phishing in MindWork with high risk teams to minimize risk

Develop internal communication processes for sharing incident information

Finance – How are wire transfers authorized?

HR / Execs – How do different classes of confidential information get communicated?

How do executive teams communicate urgent requests?

Who has access to what data? Who has access to which systems?


Protects against phishing attacks that target financial risk & information theft

Change Mindset from “User=Risk” to “User Improves Security”

Ensure that security controls balance risk and business agility

Provide accessible tools for users to easily judge email authenticity

Invest in context-based tools to reinforce business processes and security hygiene habits

Develop program for users to participate in security improvements – phish reporting, etc.

Automate integration of user feedback email security


Protects against social engineering techniques

Technology as Both Enablement and EnforcementAssess existing threat detection tools against phishing threats

Is multi-factor authentication enabled across all apps?

Provide users real-time security context within email

Implement a feedback mechanism to determine effectiveness / accuracy of email security

Evaluate existing incident response processes / tools against ideal time-to-remediation goals

Align technology capabilities against business process / user feedback needs

Determine whether customizations are required to meet your organization’s risk profile / tolerance


Protects against phishing and enforces other areas

Next Steps

＞ Evaluate your risk against biggest threatsѱ Which tactics / goals make you most vulnerable?

＞ Prioritize core areas (brand reputation, business process, people, technology) based on analysis

＞ Create an integrated plan for each risk areaѱ E.g. Protecting against wire transfer fraud involves:

− Business process changes

− User training

− Making DMARC / authentication / header data accessible / understandable to end users− Contextualized warnings


30

Control your email with DMARC. Control your DMARC process with dmarcian.

dmarcian specializes in processing complex DMARC reports and identifying what steps needs to be taken, so you can become DMARC compliant.

At dmarcian, we see email security and authentication as cornerstones of the Internet. We’re dedicated to upgrading the entire world’s email by making DMARC accessible to all. dmarcian brings together thousands of senders, vendors, and operators in a common effort to build DMARC into the email ecosystem.

We believe email is worth fixing.

GreatHorn simplifies email security by automating detection, remediation, and incident response.

Security teams using GreatHorn not only gain enterprise-class protection against both sophisticated phishing attacks and traditional threats, they also reduce complexity, manual remediation time, and negative impact on business operations.

www.dmarcian.com

[email protected]

www.greathorn.com

[email protected]

http://www.dmarcian.com/

mailto:[email protected]

http://www.greathorn.com/


Questions?

＞ Recording and slides will be made available following the webinar

＞ Keep an eye out for our upcoming webinar (dates TBD):

ѱ Comprehensive Phishing Defense with dmarcian and GreatHorn(Part 3 in our “Beyond the Nigerian Prince” series)


www.dmarcian.com

[email protected]

www.greathorn.com

[email protected]

http://www.dmarcian.com/


http://www.greathorn.com/


Beyond the Nigerian Prince: A How-To Guide to Modernizing ... Slides... · Control your email with...

Documents

Transcript of Beyond the Nigerian Prince: A How-To Guide to Modernizing ... Slides... · Control your email with...