threat landscape &bec · 2018-12-02 · security. ̶. c&c server can send localized or no...
TRANSCRIPT
![Page 1: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/1.jpg)
TM
![Page 2: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/2.jpg)
![Page 3: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/3.jpg)
![Page 4: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/4.jpg)
![Page 5: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/5.jpg)
![Page 6: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/6.jpg)
Medical Devices
Medical Insurers
Medical Labs Medical Retail
PharmaceuticalMedical Providers
![Page 7: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/7.jpg)
![Page 8: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/8.jpg)
$200 for Every Record:Cost of the breach,
downtime, reputational damage, litigations,
business loss.
Highest Cost per Stolen Record ( $.50-$1.00)
( Extortion)
Rise in Opportunistic Malware
80% of Cybercrime is from Organized Crime Gangs
#1 Most at Risk Sector
![Page 9: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/9.jpg)
![Page 10: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/10.jpg)
10
![Page 11: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/11.jpg)
![Page 12: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/12.jpg)
• Make a Statement• Because They Can / Test• Disruption• Money• Headlines• Recognition• Espionage• Revenge
![Page 13: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/13.jpg)
![Page 14: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/14.jpg)
Breaches Equifax – 145.5 million – breach of the century Target: 70 million - 2013 Yahoo – 500 million-2014, 1 Billion-2016*
• largest in history Home Depot – 53+ million UC Davis – 15,000 - Phishing
2018 Breaches Identified by ITRC as of: 4/23/2018•Total Breaches: 319 (93 – 29.2%) (2nd behind Business)•Total Records Exposed: 11,285,403 (980,136– 8.7%)
•Business related – 8,414,651– 74.6%•Identity Theft Resource Center Healthcare related•http://www.idtheftcenter.org
![Page 15: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/15.jpg)
- WannaCry- NotPetya-Crytolocker-CryptoWall-CryptoDefense-Torrent Locker-Darkleech-Locky – Sam Sam (HP)
![Page 16: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/16.jpg)
http://www.marketwatch.com/story/short-seller-muddy-waters-renews-claims-of-st-jude-medical-cyber-vulnerabilities-2016-10-19
Ethical Short Sell?
Carson Block
![Page 17: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/17.jpg)
![Page 18: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/18.jpg)
Ransomware Worm
1-Day 230,000 Computers, 153 Countries
Exploit of Windows Server Message Block Vulnerability
known as EternalBlueUsed by NSA for offensive purposes
@MalwareTech -Marcus Hutchins
327 payments totaling $130,634.77
National Health ServiceHospitals England and Scotland
700,000 devices
Turn Away Non-Critical Emergencies and Diverted
Ambulances
May-12-2017
![Page 19: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/19.jpg)
*Symantechttps://www.symantec.com/connect/blogs/petya-ransomware-outbreak-here-s-what-you-need-know
Ukraine
Thou
sand
s of I
nfec
tions
Symantec
![Page 20: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/20.jpg)
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Malware-Exploit KitsDridex EK Neutrino EKMagnitude EKSweet Orange EKFiesta EKAngler EK
Applications – Java, Flash, WordpressWeb Browsers -- IE, Firefox, ChromeServersOperating Systems
![Page 21: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/21.jpg)
Vulnerability Scanning
Port Scans – Open ports Wordpress, Joomla, Java, Flash, Open SSL Infrastructure Building Automation Industrial Control Systems Programmable Logic Controllers
![Page 22: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/22.jpg)
Zero Day and Other Vulnerabilities OpenSSL/Heartbleed
• Old vulnerability• Allows more data than allowed to be read• Website vulnerability• Banks took rap unfairly
GNU Bash/Shellshock• Old vulnerability 1994• Unix based: Linux, Apple Mac OX• Went public Wednesday 9/24• Exploits and scanning seen almost immediately
![Page 23: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/23.jpg)
Krebs Online 2012-13 Op Ababil Las Vegas – Gaming Industry Op Pharma DD4BC Mirai Botnet – DYN attack
Op FunKill
![Page 24: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/24.jpg)
• Court Notice• Credential Resets• Invoice/Statement• Shipping Themes: DHL,
Fedex, UPS• EZ Pass• Bank Phish – Swift
Transfer
• LinkedIn• eFax• Salesforce• Reward themes • Airlines• WhatsApp – You’ve
got a voicemail
![Page 25: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/25.jpg)
![Page 26: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/26.jpg)
BEC Types• The Bogus Invoice Scheme• CEO Fraud
• Account Compromise• Attorney Impersonation
• Data Theft – (Major Healthcare Concern)• Newest Trend ... Computer intrusion
Malicious linksRemote accessRansomware
![Page 27: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/27.jpg)
![Page 28: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/28.jpg)
$5.3 Billion globally since 2013
-IC3 FBI Report
![Page 29: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/29.jpg)
• Subject lines carry a sense of urgency, requiring immediate action Attempting to coerce the recipient to act quickly
• The top subject lines are:1. Payment (18.9%)2. Urgent (10.3%)3. Request (8.6%)
• Goals of BEC scams:• Financial gain• Exfiltrate sensitive data such as tax information
BEC Scams Succeeding Due to Social Engineering
Source: Internet Security Threat Report: Email Threats 2017
![Page 30: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/30.jpg)
• What is Typosquatting? Domains that look similar to official domain emails they impersonate Often known as ‘cousin’ or ‘lookalike’ domains
• Other Forms Use a different domain Add words to the domain
• Examples: Amce_inc.com instead of acme_inc.com Symanlec.com instead of symantec.com Acme_inc_sales.com instead of acme_inc.com
BEC Scammers Are Using Typosquatting to Trick Users
4,000Typosquatted domains for just 100 customers over 90 days
Source: Internet Security Threat Report: Email Threats 2017
![Page 31: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/31.jpg)
• Malicious emails using social engineering in subject lines & message bodies to trick users
• The top themes are:1. Billing or Invoices2. Package Delivery3. Scanned Documents
• Attackers using downloaders to deliver malware. Why?
Downloading a payload separately helps evade email security
C&C server can send localized or no payloads Easy to change the final payload in case of detection
Attackers Distributing Malicious Attachments Via Email
74%Of malicious emails contained attachments
53%Of attachments were scripts or Office files with macros
Source: Internet Security Threat Report: Email Threats 2017
![Page 32: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/32.jpg)
Copyright 2017, Symantec Corporation
Building Malicious Email: Social Engineering
2017 Internet Security Threat Report | Volume 22 32
![Page 33: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/33.jpg)
Business Email Compromise Scams Are Preying on Users
Difficult to Block
Low volume emails with generic content
and no malicious code or links
Large Financial Losses
Belgian Bank lost $76M due to Business
Email Compromise
Simple Concept
Email sent from CEO requesting large money
transfer or sensitive data
Source: FBI Public Service Announcement, I-050417-PSA (May 4, 2017)
2400% Increase in BEC attacks since 2015
![Page 34: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/34.jpg)
Anatomy of a Business Email Compromise Scam
From: [email protected]: Finance, Accounting or HR userSubject Line: RequestI need you to process a wire transfer today. Please confirm so that I can forward you the instructions.
RegardsJoe CEOChief Executive Officer
Sent from my iPad
Impersonated User
Simple Subject LineUrgent Request
Social Engineering
Impersonated DomainTargeted User
No Attachment or Link
![Page 35: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/35.jpg)
Real World Example
35
![Page 36: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/36.jpg)
Anatomy of a Targeted Phishing Attack
o The branding looks consistent (Google logo, shield logo)
o The email is addressed to the recipient (not “Dear Sir”)
o The English is not broken
36
![Page 37: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/37.jpg)
http://bitly.com/gblgook
myaccount.google.com-securitysettingpage.tk
37
Anatomy of a Targeted Phishing Attack
![Page 38: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/38.jpg)
Anatomy of a Targeted Phishing Attack
o The login page looks identical to the actual login page (HTML was cloned)
o Once the user submits the username/password combination, it doesn’t matter what happens next
- Typically, the phishing page redirects users back to Google.com
38
![Page 39: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/39.jpg)
Anatomy of a Targeted Phishing Attack
39
John needs to change his password immediately, and ensure that two-factor authentication is turned on his account.
He can go to this link: https://myaccount.google.com/security to do both. It is absolutely imperative that this be done ASAP.
This is a legitimate email.
![Page 40: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/40.jpg)
TLP: WHITE
• From CEO or Senior Executive…by name
• To someone in finance department… by name
• Advanced Social Engineering• Sense of urgency• Abrupt text normal for
an email from a phone• Proper language for
entity being emailed
BEC: CEO Compromise
Are you available? Wire transfer needs to go out.Also what is the balance of General Funding Account? Let me know when you are ready.Reply as soon as possible.
Sent from my iPhone
Date: FROM: CEOTO: Finance DepartmentSUBJECT: Question
![Page 41: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/41.jpg)
BEC Scenario
• It’s Friday late afternoon and you receive an urgent email from the C-Suite
It looks like this…..
![Page 42: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/42.jpg)
Your organization Has Been Hit By BEC!
• The Controller immediately prepares a payment to be made via wire transfer. The CEO has urgently asked for the payment and the Controller is eager to please…..
• $500,000 is wired to an account in China.
What Do You Do?
![Page 43: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/43.jpg)
Who do you call?....Options for recovery of the wire?
Would you stand up a crisis management team after BEC occurs?
Who is on the team?
If BEC does happen…do you report it? Even if it is a failed attempt?
If you do report it, where do you go to do this? FBI, IC3, etc.
Internally – Legal, Public Relations?
If you are a part of NH-ISAC, do you report it to NH-ISAC?
Will cyber insurance cover this situation?
Key Questions - What Are Your Next Steps?
![Page 44: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/44.jpg)
Do you have somewhere to send suspicious emails for research?
Do you keep log data…with timestamps? External email notification system (specific
name?) Actually let LE send money to capture account
data Do you have a third party provider….retainer?
Key Questions - Forensics
![Page 45: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/45.jpg)
When the press gets a hold of the story, what do you do?
When do you tell your constituents/clients?
Staff?
Do you do any kind of awareness training for BEC?
Spoofing email addresses
Phishing training
Exercises?
Who do you feel is liable/held accountable when BEC occurs?
Key Questions - Communications
![Page 46: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/46.jpg)
• Use strong email security to block email impersonation attempts• Train your users to recognize BEC attacks through awareness & education• Register and protect your email domains as well as typosquatted domains
Leverage sender authentication typosquatted domains. Prohibit emails that use these domains via SPF hardfail and DMARC reject policies
• Flag external messages Drawbacks: When every message is being flagged, users may stop paying
attention to these alerts• Use two-factor authentication for initiating wire transfers – or data• Leverage DLP capabilities to prevent sensitive data from being shared over
email with unauthorized users (i.e. W2 information sent to scammers)
Best Practices for IT & IT Security
![Page 47: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/47.jpg)
Question any emails requesting actions that seem unusual…not normal procedures
Do not reply to emails that seem suspicious.Obtain sender’s address from corporate address
book and ask them about the message…verbal? Report suspicious or obviously bogus emails to proper
authorities
Best Practices for Users
![Page 48: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/48.jpg)
Wrap-Up Considerations - Prevention• AV updated/firewall updated/email filtering • Social Engineering Detection Training• Contacts with Law Enforcement bank/financial institutions• Flag external emails with a warning banner• Policy for verifying and issuing transfers of data or monies• Policy for reporting attempts• Ask your cyber insurance provider
You are a target !
![Page 49: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/49.jpg)
![Page 50: Threat Landscape &BEC · 2018-12-02 · security. ̶. C&C server can send localized or no payloads. ̶. Easy to change the final payload in case of detection. Attackers Distributing](https://reader033.vdocument.in/reader033/viewer/2022060418/5f15d707a3312b692210ed7e/html5/thumbnails/50.jpg)
Edward Brennan – Operations [email protected]