topics in email security is&t all staff meeting tuesday, april 7, 2011 brian allen, cissp...
TRANSCRIPT
![Page 1: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/1.jpg)
Topics in Email Security
IS&T All Staff MeetingTuesday, April 7, 2011
Brian Allen, [email protected]
Network Security Analyst,Washington University in St. Louis
http://nso.wustl.edu/presentations/
![Page 2: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/2.jpg)
Email Security Tip #1
• Do not click on links in emails
![Page 3: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/3.jpg)
Email Security Tip #2
• See Tip #1 (Thanks Barb!)
![Page 4: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/4.jpg)
Spam Product Supplier
Seller 1 Seller 2 Seller 3
Accountant
Spammer3
Spammer2Spammer1
Spammer1
Spammer2
Spammer3
Spammer1
Spammer2
Spammer3
![Page 5: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/5.jpg)
Where Does Spam Originate?Why Do We Care?
• Spam = Bots (Large armys of infected machines sending out spam)
• Bots = Sophisticated Malware• Sophisticated Malware = Organized Crime• More than 89% of all email messages were
spam in 2010 - Symantec
![Page 6: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/6.jpg)
Spam is Big Business
• Rates for one million email addresses: $25 to $50 http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
• 10,000 malware installations: $300–$80• Sending 100 million emails per day: $10,000
per month http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
• Cutwail’s profit for providing spam services: $1.7 - $4.2 million since June 2009 – Aug 2010
• How much do the spammers gross per day? $7000 http://www.wired.com/magazine/2011/02/st_equation_spamprofits/
![Page 7: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/7.jpg)
Underground Economy
• Spammers also are involved in:– CAPTCHA solving– Email harvesting– Custom software– Bulletproof hosting– Proxys
![Page 8: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/8.jpg)
Spam Volume
• From Jul 30 - Aug 25, 2010 security researchers infiltrated the Cutwail spam network and discovered 87.7 billion emails were successfully sent
![Page 9: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/9.jpg)
Spam Content
• Pornography• Online pharmacies• Phishing• Money mule recruitment• Malware• The malware (Zeus banking Trojan) typically includes:
– Greeting card– Resume– Invitation– Mail delivery failure– Receipt for a recent purchase.
![Page 10: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/10.jpg)
Spam Blacklisting• Only about 12% of bots are blacklisted after an
hour when they come online• The rate reaches 90% after a period of about
18 hours
http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
![Page 11: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/11.jpg)
Spam Volume on WUSTL Ironports -
Feb 2011
![Page 12: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/12.jpg)
Phishing Email
![Page 13: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/13.jpg)
Spear Phishing Example
<http://michaelkellett com/ez/wustl.html>
![Page 14: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/14.jpg)
Phishing Example??
![Page 15: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/15.jpg)
![Page 16: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/16.jpg)
Social Security Number Email 1
From: BOB [[email protected]]Sent: Friday, April 01, 2011 12:54 PMTo: ALICE [[email protected]]Subject: Registration Request ALICE:Couldn't remember if I had already sent this request or not.Please register CHARLIE ( 111-11-1111 ) for the session Thank youBOB
![Page 17: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/17.jpg)
Social Security Number Email 2
From: BOB [[email protected]]Subject: FW: University talkTo: [email protected], [email protected]: Monday, April 4, 2011, 12:57 PM Dear Ms. ALICE and CHARLIE,I sent this e-mail a couple of weeks, but I haven't heard back from you
yet, so I thought that I would send it again.Also, my SSN is 222-22-2222 and my home address is: 1234 Oak Ave.St. Louis, MO 63130
![Page 18: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/18.jpg)
Emails, Like Postcards, Are Not Encrypted
Contact me to discuss encryption options for storing or sending
sensitive information
![Page 19: Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University](https://reader033.vdocuments.net/reader033/viewer/2022052913/56649ccf5503460f9499af22/html5/thumbnails/19.jpg)
Thanks!
http://nso.wustl.edu