1©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved. Proprietary and Confidential. This document and the contents therein are the sole property of CYREN and may not be transmitted or reproduced without CYREN’s express written permission.

A Deep Dive on Phishing, Today's #1 Business Threat An Update from the Aug 2016 ReportAvi Turiel, Andrey Maevsky

2©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

Phishing 101 Phishing as a Service AdWords for phishing leads Phishing site lifetime Browser protection Most phished brands Q2 Cyberthreat data

Agenda

3© 2014 CYREN Confidential and Proprietary 3©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

1

Amount lost to corporations in the last 3 years due to whaling attacks

4© 2014 CYREN Confidential and Proprietary 4©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

2

5© 2014 CYREN Confidential and Proprietary 5©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

3

6© 2014 CYREN Confidential and Proprietary 6©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

4

7© 2014 CYREN Confidential and Proprietary 7©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

5

8©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

• Specific type of Spear phishing • Focused on senior corporate executives or high-profile individuals

Whaling

9©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

• Have there been any whaling attacks on your organization?• Yes• Not that I am aware of• No

Poll: Whaling attacks

10©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

• iCloud and Find my iPhone block stolen/lost phone

• Unlocking stolen iPhone – need iCloud credentials

• Even after reset

• “lost” message provides info to contact owner of phone

Phishing as a Service for iPhone data

11©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

• iPhone thief pays PhaaS to obtain iCloud info• PhaaS send SMS with phishing link to owner • Owner logs into phishing page

• PhaaS collects iCloud info

• PhaaS provides iCloud info to iPhone thief• Phone unlocked

• PhaaS owns www.icloudset.com and 30 similar domains

• Also used for large-scale phishing attacks

Phishing as a Service (PhaaS) for iPhone data

12©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

• Blockchain used in bitcoin transaction• AdWords with misleading URL• “blockchain” -vs- “bioklchain”• response to searches for “blockchain”

• Google blocked 7,000 phishing sites using AdWords in 2015

Bitcoin phishing using AdWords

13©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

Bitcoin phishing using AdWords

14©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

• How quickly website owners/web hosting responded to hacked sites

• Nearly 20% of sites are gone within three hours.

• Half are gone within a day.• Of the remaining 50%,

over 40% stuck around for over two days.

How long do phishing sites last?

15©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

• Browsers include phishing site blocking

• IE/Edge include smartscreenfilter

• Detects mismatch between URL and content

Browser phishing protection

16©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

• Have you ever been blocked from accessing a site by a browser warning?

• Yes• No

Poll: Browser protection

17© 2014 CYREN Confidential and Proprietary 17©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

*compared to CYREN zero-hour detection time

Browser protection is not enough

18©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

• Financial sites• Potential for fraud/theft

• Online services• Attack platform• Same credentials• Target related contacts

• Shopping websites• User information

Trusted brands exploited for phishingTop 11 for Q2 2016

19©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

Improving phishing protection

• Password management• Encourage stronger passwords• Different for each site• Wont autofill illegitimate site

• 2-Factor authentication• Anti-phishing/Web security

• With zero-hour detection

• Education• Including simulated phishing attacks

20©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

• Have you/your company ever had phishing training/simulation?• Yes• Not that I am aware of• No

Poll: Phishing Education

21© 2014 CYREN Confidential and Proprietary 21©2016. CYREN Ltd. All Rights Reserved

22© 2014 CYREN Confidential and Proprietary 22©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

23© 2014 CYREN Confidential and Proprietary 23©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

24© 2014 CYREN Confidential and Proprietary 24©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

25©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

The World’s Largest Security Cloud

500K+ Threat collection points

600M+Users protected

17B+Daily transactions

130M+Threats blocked

26©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved©2016. CYREN Ltd. All Rights Reserved

CYREN’s 100% cloud security services

SaaS Secure Web Gateway protects users from cyber-

threats, monitors and controls web usage, and protect users both on and off the network.

SaaS Secure Email Gateway protects users from spam,

phishing attacks, viruses and zero-hour malware with a

seamless end-user experience.

Cloud-powered threat feeds and SDKs allow technology vendors

and service providers to detect a broad set of cyber-threats,

including malicious websites, phishing attacks, malware,

botnets, and spam.

Enterprise OEM

27©2014. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.©2016. CYREN Ltd. All Rights Reserved

You can also find us here:

www.CYREN.com

twitter.com/cyreninc

linkedin.com/company/cyren

©2016. CYREN Ltd. All Rights Reserved. Proprietary and Confidential.

Thank You. Any Questions or Thoughts?