email trust issues? · b. how it professionals can help make email more secure problem areas of...

Email Trust Issues? Find out what you can do to help

Upload: others

Post on 03-Oct-2020

0 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Email Trust Issues?

Find out what you can do to help

Email Trust Issues?

Key Concepts:A. What UW-Madison is doing to improve email securityB. How IT Professionals can help make email more secure

Problem Areas of Focus:1. Attacks - Credentials are stolen and the email service is

under constant attack.2. Authenticity - Domains are being spoofed and that

undermines the trust in our email.

Page 3: Email Trust Issues? · B. How IT Professionals can help make email more secure Problem Areas of Focus: 1. Attacks - Credentials are stolen and the email service is under constant

Compromised Credentials Caught Abusing UW-Madison Email Services

* May 2018

Page 4: Email Trust Issues? · B. How IT Professionals can help make email more secure Problem Areas of Focus: 1. Attacks - Credentials are stolen and the email service is under constant

Attackers Are HumanHumans Leave Patterns

Page 5: Email Trust Issues? · B. How IT Professionals can help make email more secure Problem Areas of Focus: 1. Attacks - Credentials are stolen and the email service is under constant

Attacks - Automated Mitigation

# Auto Disabled

Page 6: Email Trust Issues? · B. How IT Professionals can help make email more secure Problem Areas of Focus: 1. Attacks - Credentials are stolen and the email service is under constant

Attacks - What can people do?

Multi-Factor Auth → Assume your password is already compromised

Password Manager → Use unique passwords& never type into web pages

DMARC→ Build trust in email & help stop email spoofing

Page 7: Email Trust Issues? · B. How IT Professionals can help make email more secure Problem Areas of Focus: 1. Attacks - Credentials are stolen and the email service is under constant

Email Authentication

go.wisc.edu/email-authenticity

DMARC - Domain-based Message Authentication, Reporting & Conformance

http://go.wisc.edu/email-authenticity

Page 8: Email Trust Issues? · B. How IT Professionals can help make email more secure Problem Areas of Focus: 1. Attacks - Credentials are stolen and the email service is under constant

DMARC protects the domain in the “From:” which users can see

dmarc.org

https://dmarc.org

Page 9: Email Trust Issues? · B. How IT Professionals can help make email more secure Problem Areas of Focus: 1. Attacks - Credentials are stolen and the email service is under constant

Testing DMARC Is Easy - Just Send A Message to Gmail

Authentication-Results:dkim=pass [email protected]=passheader.from=dept.wisc.edu

Page 10: Email Trust Issues? · B. How IT Professionals can help make email more secure Problem Areas of Focus: 1. Attacks - Credentials are stolen and the email service is under constant

Enhancing Email Authenticity at UW

Today

Too many email senders spoof wisc.edu

Lots of sub domains aren't protected

Future

Publish a secure DMARC policy for wisc.edu

Help subdomain owners to adopt DMARC

Page 11: Email Trust Issues? · B. How IT Professionals can help make email more secure Problem Areas of Focus: 1. Attacks - Credentials are stolen and the email service is under constant

Systems that can’t authorize the user to their own address can’t use @wisc.edu

Don't

Don't use @wisc.edu

Don't spoof the From header to “prevent replies”

Don't spoof any domain (even your own)

Use @subdomain.wisc.edu

Ensure the From header matches the SMTP From

Ensure your messages pass DMARC with SPF or DKIM

Page 12: Email Trust Issues? · B. How IT Professionals can help make email more secure Problem Areas of Focus: 1. Attacks - Credentials are stolen and the email service is under constant

DMARC Challenges

Mailing lists and forwarding → Need to rewrite the From headerhttps://kb.wisc.edu/81107

DNS lookup limit for SPF → Requires more subdomainshttps://tools.wordtothewise.com/spf/check/uwosh.edu

Inbound enforcement → Rewrite or block inbound [email protected]

Vendors don’t really understand DKIM or domain alignment and assume spoofing is OK

https://kb.wisc.edu/page.php?id=81107

https://tools.wordtothewise.com/spf/check/uwosh.edu

mailto:[email protected]

Page 13: Email Trust Issues? · B. How IT Professionals can help make email more secure Problem Areas of Focus: 1. Attacks - Credentials are stolen and the email service is under constant

Other things to think about

Take an adversarial perspective to messages you send

How do users know your message isn’t a threat?

Is email even necessary for your application?

Can email content be mirrored to the web so IT staff can verify?

Link to a website for your subdomain (WiscWeb, Google Sites)

Page 14: Email Trust Issues? · B. How IT Professionals can help make email more secure Problem Areas of Focus: 1. Attacks - Credentials are stolen and the email service is under constant

Questions? [email protected]

mailto:[email protected]

Interim IT Committee NDUS IT Security Update appendices/17... · 2016. 8. 8. · • Problems/Risks • 95% of breaches involve the exploitation of stolen credentials (2015 Verizon

Security Analytics and More...attacks, stolen access credentials, infected mobile devices, a vulnerable business partner, or other tactics. Security success is not just about keeping

credentials.€¦ · credentials. If you have not received your credentials email, please contact . [email protected] Immediately to get your login info. Simply Voting. 3

Cybercrime and the Deep Web - Trend Micro underground, it primarily sells fake/stolen documents and credentials (fake driver’s licenses and passports, stolen credit card and other

CS475: Lecture 1 Computer and Network Securitygreenie/cs475/CS475-13-01.pdfThe Malware Economy • Revenue sources: SPAM, phishing, stolen data (credentials, game items) • Revenue

Credentials - 4.imimg.com4.imimg.com/data4/HL/UI/MY-19123830/btl-activation-services.pdf · Credentials Contact:-Ph- 9990571558, 8802994488 Email- [email protected] E 119 GF

EMAIL VULNERABILITY IN HEALTHCARE - Evolve IP · stolen email credentials — typically including user’s corporate email address and passwords — are being openly shared and sold

Stolen Identity

Stolen Art

Using biometrics for password reset. - Fujitsu · 2018-04-05 · and over 500 million email adresses were amassed by hackers in one of the largest known collections of stolen credentials

“The FIDO Alliance Today: status and news” November 20 ... · “76% of 2012 network intrusions exploited weak or stolen credentials” 2013 Data Breach Investigations Report

Stolen girls

Hotels - Amadeustraining.amadeus.in/may/Amadeus-Hotels-Plus-(Multi... · DOTW will then send you your credentials by email 4. Enter your credentials on the registration panel and

Digital Credentials for Micro-Credentials

SHARK20385...2018 Groupsense.io [email protected] +1.877.469.7226 11 SHARK20385 A look into automated weaponization of stolen credentials and the impact to Internet forum and social

Stolen Legacy: Greek Philosophy is Stolen Egyptian Philosophy

Challenges of Coordinated Linux & Android Intrusions › imf2014 › docs › Casey-IMF2014.pdf · Stolen Credentials & Getting Root • Rely on users re-using keys/passwords o Try

· Web viewEnter your email and password credentials as shown below, and then click the green “Login” button

Sarah Edwards | @iamevltwin | [email protected] | …...Email: Apple ID Numeric: iCloud “Person ID” Vetted Account Aliases Email Addresses Phone Numbers Credentials Password Two-factor

MEDICAL MARIJUANA USE REGISTRY PHYSICIAN’S · PDF fileusing your medical credentials, receive your initial logon credentials via email, and then update

Secure, Empower, Protect: Preventing attacks and breaches...Data Breach • Stolen credentials, Malware • Access online or on‐premise systems • Conduct additional attacks or

Stolen Moments

Moving from Reactive to Proactive Securitysfisaca.org/images/FC14Presentations/S11.pdfMost Breaches Involve Stolen Credentials. 5. Verizon Breach Report 2012. 2014 Fall Conference

How Credential Phishing is Changing and How to Stop It · They use social engineering to create convincing, ... others use the stolen credentials to make fraudulent financial transactions

ISA Newsletter Template · 10/10/2016 · pwned.com, which takes your email address and compares it against a list of stolen credentials, often being shopped around ... virtually

Summer School Application— Candidate View Log-in with your CPS credentials—same as email

PA WITS Login/Prevention Forms/PA WITS Ba… · credentials and a new link will be emailed to you. Account Created Email • Locate User ID Reset Credentials Email ... screens, and

Management Mobile Email - VMware · n Protecting sensitive information from third-party apps. n Restricting email access from unauthorized, lost, or stolen devices. n Preventing email

Credential Management (CREDMGMT) Overview · Why We Need CREDMGMT Over 60% of confirmed data breaches involved weak, default, or stolen passwords. The use of stolen credentials targeting

INTRODUCTION TO FIDO AUTHENTICATION€¦ · “95% of these incidents involve harvesting credentials stolen from customer devices, then logging into web applications with them.”

Parent Canvas Accountsbuckalew.conroeisd.net/.../Parent-Canvas-Documentation.pdfIOS App for Canvas Enter your login credentials (Parent Access credentials): 1, Enter email 2. Enter

Avopix!!! [Stolen!]

Email Security Awareness - csirt.bppt.go.id · Email Security Awareness? TujuanEmail Security Awareness iniadalahuntukmeningkatkankepedulian terhadapkerahasiaandata email, data credentials

Learning More about the Underground Economy: A …...keylogger authenticate using account # / password access with stolen credentials Victim dropzone V2 Victim V3 Webmail P2 c 2 2

Kestler&wolf credentials feb2013 email