The Phenomenon of Phishing Attacks

1
The Phenomenon of Phishing Attacks

• How to Protect Yourself

2
Introduction

• Phishing attacks are nothing new and a stalwart
  of the hacker repertoire. The proliferation of
  phishing attacks both simple and sophisticated
  continues to frustrate security professionals
  across the globe. Earlier this year, one of these
  phishing attacks came en masse in the form of
  fake Google Docs invites. As word of the phishing
  scheme spread, the need for a fast, orchestrated
  response was made clear.

3
What Is Phishing ?

• In short, a phishing attack is an attempt to
  steal a persons private information (such as
  their social security numbers, credit card
  information or bank accounts) through a
  duplicitous email or other online communication.
  Although Google claims the attack only impacted
  less than 0.1 of Gmail users, the events
  catapulted a barrage of alerts and subsequently,
  dropped them on the doorstep of cybersecurity
  analysts and experts worldwide.

4
From Manual to Automated and Back

• A typical mid to large enterprise is triaging
  dozens and often hundreds of phishing emails a
  day. The starting point to triage these attacks
  typically begins with the email itself or an
  alert from a Security Awareness tool (Phishme,
  etc.) or via a public phishing mailbox.

5
Manual Process When Attack Strikes

• Once an attack strikes, typically an organization
  goes through this tedious, manual process
  involving the following steps
• Log/tool queries
• Assessing file reputation
• Checking web intelligence of source IP
• Checking file attachment validity
• Blacklisting/Blocking confirmed phishing attacks
• Manually opening updating ticketing systems
  throughout the process
• Scrubbing email servers

6
Manual Process For Security Automation

• Manual process steps are naturally suited for
  security automation. But it doesnt end there.
  To confidently address the full scope of Phishing
  attacks a broader Orchestrated response is
  essential. Consider an actual use-case where one
  of our customers experienced a rising volume of
  Phishing email attempts.

7
Sample Phishing Attack Use-Case
8
Manual Process For Security Automation

• This approach combines the best of both worlds.
  Accelerating response through automation, yet
  interjects the analyst where need be, with fully
  contextualized cases, to confidently address all
  types of attacks. Organizations with an
  established protocol in place might be
  comfortable with relying on fully automated
  workflows for the majority or alerts and cases,
  while those who show more trepidation or would
  like analyst supervision can selectively
  semi-automate response based on rules or other
  integrations such as ticketing involvement

9
Orchestrate

• For high profile organizations and companies that
  collect and store sensitive information, this
  surge of phishing attacks is wildly
  disconcerting. In this case, your best response
  is full fledged security orchestration and
  automation. You simply cannot rely on one method
  of cyber defense to protect you from the
  intricacy of todays phishing attacks.

10
Contextualize

• Phishing attacks are known to be evasive for the
  reason that theyre transmitted through email
  accounts, and host content that appears to be
  genuine. Pictures and images in a phishing scam
  may be hardly discernible from an ordinary,
  harmless email. As well, when delivered through a
  popup ad, a phishing attack can strike from the
  user experience of the website youre visiting,
  meaning it may appear to be asking for pertinent
  and relevant information.

11
Conclusion

• The premier fake Google doc phishing attack has
  only validated the FBIs April warning of email
  scams while putting the collective cybersecurity
  world on edge. This semi-automated approach which
  combines automation with full lifecycle case
  management within a broader orchestration
  solution arms security teams with the best of
  both worlds to address the growing volume of
  Phishing attacks.