GOING AFTER THE BIG PHISH WHAT TO DO ABOUT WHALING?

WHAT IS WHALING?

HOW BAD IS IT? £38 million • Spoofed email from the CEO to the CFO • Wiped out profits for the year • Overall loss of £17 million for the year • Lost 17% of share value • Both CEO and CFO replaced £62 million • CEO’s account compromised or spoofed • Staff asked to transfer funds • Loss was only discovered during an internal audit £77+ million • Facebook and Google are believed to be two of the victims of a sophisticated attack • The attacker registered fake companies with names matching established suppliers • Possibly the most sophisticated known attack yet in terms of planning and recon These are the most basic form of attack. More sophisticated forms directly targeting executives or senior employees to steal IP are rarely disclosed publicly and have to be inferred from other information.

DARKHOTEL  Organised criminal enterprise targeting senior business travellers and politicians  Intercept information by impersonating hotel WiFi  May have deployed Stingrays to intercept mobile phone data and communications  Use their MitM approach to deploy malware to devices for later use  Operating since at least 2007, still known to be active

IS THERE A DEFENCE? Education Execs and staff need to be aware of the warning signs of whaling attacks Execs and senior staff need to understand and follow basic cybersecurity practices Execs must be aware of the value of their own identities and the information they have access to Technology Always using secure, trusted VPNs when travelling provides a lot of protection Tools exist to ensure digital signatures and encryption of e-mails and messages and should be used Some good password management tools exist, they must be chosen carefully and used effectively Any device an attacker can gain secretive physical access to is no longer something to be trusted Discretion Be careful about any information shared on social media, even to ‘private’ groups Modern secure comms tools are free and simple, and should be used by default Security by obscurity is not a solution, but that does not mean everything should be shared by default

THERE IS A LOT MORE