gfi blocking malicious email
TRANSCRIPT
-
8/2/2019 Gfi Blocking Malicious Email
1/12
Shut the Electronic Front Door in the
Face of Cybercriminals
Dan SullivanAnalyst
www.ConcentratedTech.com
-
8/2/2019 Gfi Blocking Malicious Email
2/12
Overview State of Email Today
Why So Much Malicious Email?
Phishing and the Potential Impact on Your
Business How to Block Malicious Email
What to Look for in an Anti-malware for Email
-
8/2/2019 Gfi Blocking Malicious Email
3/12
-
8/2/2019 Gfi Blocking Malicious Email
4/12
Why So Much Malicious Email?
Well established cybercrime industry
Uses malware to commandeer CPU and storageresources
Even low click through rates on spam generateprofit
Low marginal cost to spread malware
Email malware and phishing attacks may bepart of long term, targeted attack (AdvancedPersistent Threat, APT)
Source: Fahrenheit Marketing
-
8/2/2019 Gfi Blocking Malicious Email
5/12
Phishing : Global Problem
0
5,000
10,000
15,000
20,000
25,000
30,000
35,000
July August September October November December
Number of Phishing
Web Sites
-
8/2/2019 Gfi Blocking Malicious Email
6/12
Phishing: Global Problem
0
5,000
10,000
15,000
20,000
25,000
30,000
35,000
July August September October November December
USA
Canada
Egypt
UK
Germany
Countries Hosting
Phishing Sites
Number of Phishing
Web Sites
Source: Anti-Phishing Working Group
-
8/2/2019 Gfi Blocking Malicious Email
7/12
Multi Target Phishing Attack:
RSA victim of Advanced Persistent Threat(APT) attack. Part of the attack involvedphishing. Employee lured into opening a spreadsheet
titled 2011 Recruitment Plan
Spreadsheet contained a zero-day exploit thatused an Adobe Flash vulnerability (sincepatched)
Now the attacker is inside monitoring thevictims activity and seeking out additionalvictims
Over 700 other businesses and organizationsattacked with same method, including 20% ofFortune 500s.
Source: RSA, Anatomy of an Attack http://blogs.rsa.com/rivner/anatomy-of-an-attack/and http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/
http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/ -
8/2/2019 Gfi Blocking Malicious Email
8/12
Blocking Malicious Email
Some viruses and malware can be detected by
scanning for patterns
Look for binary patterns that appear in known
malware but not in other programs
Known as signature based detection
http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/ -
8/2/2019 Gfi Blocking Malicious Email
9/12
Blocking Malicious Email
Some viruses and malware can be detected byscanning for patterns Look for binary patterns that appear in known
malware but not in other programs
Known as signature based detection Malware developers have created stealth
technologies for malicious code Encryption can hide the malware but must be
decrypted to run. Decryption code can be detected. Polymorphic techniques change the patterns in the
code without changing the behavior. Signature baseddetection insufficient, need to analyze behavior.
http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/ -
8/2/2019 Gfi Blocking Malicious Email
10/12
Key Features of Anti-Malware
Scalability - Meets demands of increasing volume ofemail traffic
Reliability Always on when email system isfunctioning
Manageability Dashboard, reports, and other toolsto help email administrators understand the state ofemail security
Comprehensive Detect multiple threats, such asviruses, Trojans, malicious scripts, spam, phishing lures
Accuracy Does not block legitimate email (low falsepositive rate)
http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/ -
8/2/2019 Gfi Blocking Malicious Email
11/12
3 Elements for Securing Email
Anti-malware Signature-based Detection
Behavior-based Detection
Procedures
Establish policies Implement access controls
Monitor activities onnetworks and endpoints
People Provide security awarenesstraining
Minimize privileges
http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/ -
8/2/2019 Gfi Blocking Malicious Email
12/12
Key Points
Malicious email is a profit driven phenomenon
Variety of threats use email to attack yourbusiness
Expect volumes of malicious email to grow Expect malicious content to become more
difficult to detect
Evaluate options based on key feature Securing email requires anti-malware, soundprocedures, and user awareness
http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/http://blogs.rsa.com/rivner/anatomy-of-an-attack/