webinar: a deep dive on phishing, today's #1 business threat
TRANSCRIPT
1©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. This document and the contents therein are the sole property of CYREN and may not be transmitted or reproduced without CYREN’s express written permission.
A Deep Dive on Phishing, Today's #1 Business Threat An Update from the Aug 2016 ReportAvi Turiel, Andrey Maevsky
2©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
Phishing 101 Phishing as a Service AdWords for phishing leads Phishing site lifetime Browser protection Most phished brands Q2 Cyberthreat data
Agenda
3© 2014 CYREN Confidential and Proprietary 3©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
1
Amount lost to corporations in the last 3 years due to whaling attacks
4© 2014 CYREN Confidential and Proprietary 4©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
2
5© 2014 CYREN Confidential and Proprietary 5©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
3
6© 2014 CYREN Confidential and Proprietary 6©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
4
7© 2014 CYREN Confidential and Proprietary 7©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
5
8©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
• Specific type of Spear phishing • Focused on senior corporate executives or high-profile individuals
Whaling
9©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
• Have there been any whaling attacks on your organization?• Yes• Not that I am aware of• No
Poll: Whaling attacks
10©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
• iCloud and Find my iPhone block stolen/lost phone
• Unlocking stolen iPhone – need iCloud credentials
• Even after reset
• “lost” message provides info to contact owner of phone
Phishing as a Service for iPhone data
11©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
• iPhone thief pays PhaaS to obtain iCloud info• PhaaS send SMS with phishing link to owner • Owner logs into phishing page
• PhaaS collects iCloud info
• PhaaS provides iCloud info to iPhone thief• Phone unlocked
• PhaaS owns www.icloudset.com and 30 similar domains
• Also used for large-scale phishing attacks
Phishing as a Service (PhaaS) for iPhone data
12©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
• Blockchain used in bitcoin transaction• AdWords with misleading URL• “blockchain” -vs- “bioklchain”• response to searches for “blockchain”
• Google blocked 7,000 phishing sites using AdWords in 2015
Bitcoin phishing using AdWords
13©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
Bitcoin phishing using AdWords
14©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
• How quickly website owners/web hosting responded to hacked sites
• Nearly 20% of sites are gone within three hours.
• Half are gone within a day.• Of the remaining 50%,
over 40% stuck around for over two days.
How long do phishing sites last?
15©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
• Browsers include phishing site blocking
• IE/Edge include smartscreenfilter
• Detects mismatch between URL and content
Browser phishing protection
16©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
• Have you ever been blocked from accessing a site by a browser warning?
• Yes• No
Poll: Browser protection
17© 2014 CYREN Confidential and Proprietary 17©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
*compared to CYREN zero-hour detection time
Browser protection is not enough
18©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
• Financial sites• Potential for fraud/theft
• Online services• Attack platform• Same credentials• Target related contacts
• Shopping websites• User information
Trusted brands exploited for phishingTop 11 for Q2 2016
19©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
Improving phishing protection
• Password management• Encourage stronger passwords• Different for each site• Wont autofill illegitimate site
• 2-Factor authentication• Anti-phishing/Web security
• With zero-hour detection
• Education• Including simulated phishing attacks
20©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
• Have you/your company ever had phishing training/simulation?• Yes• Not that I am aware of• No
Poll: Phishing Education
21© 2014 CYREN Confidential and Proprietary 21©2016. CYREN Ltd. All Rights Reserved
22© 2014 CYREN Confidential and Proprietary 22©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
23© 2014 CYREN Confidential and Proprietary 23©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
24© 2014 CYREN Confidential and Proprietary 24©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
25©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
The World’s Largest Security Cloud
500K+ Threat collection points
600M+Users protected
17B+Daily transactions
130M+Threats blocked
26©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved
CYREN’s 100% cloud security services
SaaS Secure Web Gateway protects users from cyber-
threats, monitors and controls web usage, and protect users both on and off the network.
SaaS Secure Email Gateway protects users from spam,
phishing attacks, viruses and zero-hour malware with a
seamless end-user experience.
Cloud-powered threat feeds and SDKs allow technology vendors
and service providers to detect a broad set of cyber-threats,
including malicious websites, phishing attacks, malware,
botnets, and spam.
Enterprise OEM
27©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved
You can also find us here:
www.CYREN.com
twitter.com/cyreninc
linkedin.com/company/cyren
©2016. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.
Thank You. Any Questions or Thoughts?