Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Going After the Big Phish

coffeefueled
January 30, 2019
Technology
0
2.7k

Going After the Big Phish

A short (fifteen minute or less) presentation covering the basics of executive-targeted cybercrime.

coffeefueled

January 30, 2019
Tweet

More Decks by coffeefueled

See All by coffeefueled
Measuring Security Uncertainty
coffeefueled
0
33
No Network is an Island
coffeefueled
0
110
Reducing Cyber Uncertainty
coffeefueled
0
32
Changing Perspectives
coffeefueled
0
23
What's Behind Door Number 1
coffeefueled
0
13
Why Work in Cyber Security?
coffeefueled
0
1.3k

Other Decks in Technology

See All in Technology
現代CSSフレームワークの内部実装とその仕組み
poteboy
8
3.6k
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
1.3k
Next'24 事例セッションの紹介とクラウド資格を活用したキャリア形成について語りMuscle
yasumuusan
1
440
サーバー間 GraphQL と webmock-graphql の話 / server-to-server graphql and webmock-graphql
qsona
2
180
長期間TiDBを使ってきた話 @ 私たちはなぜNewSQLを使うのかTiDB選定5社が語る選定理由と活用LT / Experiences with TiDB Over Time
chibiegg
2
890
ChatworkのSRE部って実は 半分くらいPlatform Engineering部かもしれない
saramune
0
160
よく聞くけど使ったことないソフトウェアNo.1 KafkaとSnowflake
foursue
4
350
APIファーストなプロダクトマネジメントの実践 〜SaaSus Platformでの例〜 / "Practicing API-First Product Management - An Example with SaaSus Platform
oztick139
0
100
Meta Quest 3 で動く桜マシマシ WebXR アプリを IBM Cloud Code Engine と Babylon.js で作った話
1ftseabass
PRO
0
120
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
2.1k
プラットフォームってつくることより計測することが重要なんじゃないかという話 / Platform Engineering Meetup #8
taishin
1
350
VSCodeの拡張機能を作っている話
ebarakazuhiro
1
360

Featured

See All Featured
YesSQL, Process and Tooling at Scale
rocio
164
13k
Creatively Recalculating Your Daily Design Routine
revolveconf
210
11k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
Raft: Consensus for Rubyists
vanstee
132
6.3k
Ruby is Unlike a Banana
tanoku
96
10k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
78
42k
No one is an island. Learnings from fostering a developers community.
thoeni
16
2.1k
Happy Clients
brianwarren
92
6.4k
What’s in a name? Adding method to the madness
productmarketing
PRO
16
2.6k
Thoughts on Productivity
jonyablonski
58
3.8k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
221
21k

Transcript

  1. GOING AFTER THE BIG PHISH WHAT TO DO ABOUT WHALING?

  2. WHAT IS WHALING?

  3. HOW BAD IS IT? £38 million • Spoofed email from

    the CEO to the CFO • Wiped out profits for the year • Overall loss of £17 million for the year • Lost 17% of share value • Both CEO and CFO replaced £62 million • CEO’s account compromised or spoofed • Staff asked to transfer funds • Loss was only discovered during an internal audit £77+ million • Facebook and Google are believed to be two of the victims of a sophisticated attack • The attacker registered fake companies with names matching established suppliers • Possibly the most sophisticated known attack yet in terms of planning and recon These are the most basic form of attack. More sophisticated forms directly targeting executives or senior employees to steal IP are rarely disclosed publicly and have to be inferred from other information.

  4. DARKHOTEL  Organised criminal enterprise targeting senior business travellers and

    politicians  Intercept information by impersonating hotel WiFi  May have deployed Stingrays to intercept mobile phone data and communications  Use their MitM approach to deploy malware to devices for later use  Operating since at least 2007, still known to be active

  5. IS THERE A DEFENCE? Education Execs and staff need to

    be aware of the warning signs of whaling attacks Execs and senior staff need to understand and follow basic cybersecurity practices Execs must be aware of the value of their own identities and the information they have access to Technology Always using secure, trusted VPNs when travelling provides a lot of protection Tools exist to ensure digital signatures and encryption of e-mails and messages and should be used Some good password management tools exist, they must be chosen carefully and used effectively Any device an attacker can gain secretive physical access to is no longer something to be trusted Discretion Be careful about any information shared on social media, even to ‘private’ groups Modern secure comms tools are free and simple, and should be used by default Security by obscurity is not a solution, but that does not mean everything should be shared by default

  6. THERE IS A LOT MORE