intelligent phishing defense · phishing defense in action 11:48 spear phishing attack launched...
TRANSCRIPT
![Page 1: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/1.jpg)
INTELLIGENT PHISHING DEFENSE
Sławomir Karpiński – CONNECT DISTRIBUTIONRupert Collier - Cofense
![Page 2: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/2.jpg)
“Phishing and pretexting
represent 98% of social
incidents and 93% of
breaches. Email continues
to be the most common
vector (96%).”
Source: 2018 Verizon DBIR
![Page 3: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/3.jpg)
Executives& CISO
SecurityOperations
SecurityAwareness
EndUsers
PHISHING DEFENSE A COMMON OBJECTIVE
![Page 4: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/4.jpg)
No matter how
good your
perimeter security,
malicious emails
still reach the
inbox
UNCOMFORTABLE TRUTH
![Page 5: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/5.jpg)
Large Scale Attacks
Highly Targeted Attacks
1A 1B 1C 1D 1E 1F
2A 2B 2C 2D 2E 2F
Morphing Attacks
Malware:Ransomware,Trojans, Hybrids
CredentialPhishing
Business EmailCompromise
PHISHING THREAT LANDSCAPE
![Page 6: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/6.jpg)
DEFEATING NEXT-GEN DEFENCES
P
P
P
SPF
DKIM
DMARC
Organisation A Supplier B
Next-Gen SEG, AI, ML, Threat Intel,
Sandbox, UEBA etc
!!
www.organisation-a.com
![Page 7: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/7.jpg)
You cannot defend
against attacks
you cannot see
UNCOMFORTABLE TRUTH
![Page 8: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/8.jpg)
✓ Threats observed in the wild
✓ Threats observed by other organizations
✓ Threats that have reached the inbox
Threats
OUTSIDE
the network
Threats
INSIDE
the network
VISIBILITY THROUGH TWO LENSES
![Page 9: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/9.jpg)
1 in 7emails reported by ~2m end users to the Cofense Phishing Defense Centercontain malicious content
VISIBILITY IN ACTION
Remember – the PDC only sees threats because users identified them
after technology didn’t
![Page 10: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/10.jpg)
55,404
27,501
4,152
Credential HarvestingAttacks
Campaigns delivering malicious attachments – including abuse of filesharing services
Business EmailCompromise Attacks
2018 – Cofense Phishing Defense Center
WHAT GOT THROUGH?
![Page 11: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/11.jpg)
The best security
awareness
program in the
world will never
deliver a zero click
rate
UNCOMFORTABLE TRUTH
![Page 12: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/12.jpg)
CLICK RATE FLATTENING
Aggregated data of >70m simulation emails sent per year by >2,000 Enterprise customers
![Page 13: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/13.jpg)
Most organizations
are unable to
effectively respond
to phishing attacks
UNCOMFORTABLE TRUTH
![Page 14: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/14.jpg)
✓ Empowered & trusted as part of phishing defense
✓ Demonstrable evidence of contribution to improvement of security posture
✓ Increased user engagement in security awareness activities
✓ Visibility of attacks that have reached the inbox
✓ Shared phishing threat intelligence✓ Disrupt active phishing attacks with
greater speed and efficiency✓ Security awareness activities relevant
to real organizational threats
✓ Understanding of organizational risk posture
✓ Resources focused on biggest risks
Executives& CISO
SecurityOperations
SecurityAwareness
EndUsers
IntelligentPhishing Defense
PHISHING DEFENSE BENEFITS
![Page 15: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/15.jpg)
COLLECTIVE PHISHING DEFENSE
Benefit from shared phishing threat intelligence to identify and shut
down phishing attacks faster.
Leverage intelligence from:
Global Enterprise & Industry peers
Cofense Phishing Defense Center
Cofense Intelligence
![Page 16: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/16.jpg)
PHISHING RESPONSE CAPABILITIES
V I S I B I L I T Y AC H I E V E D
![Page 17: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/17.jpg)
CASE STUDIES
![Page 18: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/18.jpg)
PHISHING DEFENSE IN ACTION
11:48 Spear phishing attack launched
11:49 Users begin reporting the attack to the PDC
PDC begins analysis
12:00 Analysis escalated following initial analysis and further reports
Large scale attack identified
12:07 Analysis completed.
Customer alerted and mitigation actions implemented
Attack disrupted
Customer Industry: Healthcare
Location: US Headquartered
Number of Employees >70,000
Employees of a healthcare company were going about their day. The usual mundane emails piled up in their inboxes. So when they received a message from their CEO, employees paid attention. It wasn’t the typical meeting invite or question from a colleague.The email asked them to read and agree to a company policy. Simple. Just click on a link, which took them to a login page—from there, they’d enter their credentials and go to the policy page.But the sender wasn’t the CEO. He was a talented fraudster. The attacker aimed to harvest passwords, gain file system access, and reroute electronic payroll deposits. And he almost succeeded. Perimeter defenses did not stop this attack. Despite layered security controls, and mature and ongoing awareness activities, users still took the bait, clicked the link and gave up their credentials. The attack was mitigated because users were conditioned to recognise and report the attack, which provided visibility to security teams who were able to respond.
THE NET RESULTDespite layers of perimeter controls, a large-scale targeted attack spoofing the organization’s CEO made it to thousands of user inboxes, and many users gave up their credentials.Well conditioned users identified the attack, and reported it to the CofensePhishing Defense Center who were able to rapidly provide actionable intelligence to enable security teams to disrupt the attack in 19 minutes.
STOPPING A LARGE SCALE TARGETED ATTACK IN 19 MINUTES WITH COFENSE PHISHING DEFENSE CENTER
![Page 19: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/19.jpg)
PRODUCTS
![Page 20: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/20.jpg)
Cofense PhishMe
✓ Ongoing conditioning of users to recognize suspicious emails through ongoing intelligence-driven phishing simulation
✓ Drive reporting culture to get visibility of threats that have made it to the inbox
✓ Keep the risks of phishing front and center in users’ minds
ENABLING BEST PRACTICE
![Page 21: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/21.jpg)
Cofense Reporter
✓ Provide simple quick-click method for users to report suspicious emails across desktop, web and mobile clients
✓ Promote high reporting engagement and augment phishing awareness activities by delivering feedback to users during simulations
✓ Enable enhanced metrics for phishing awareness program effectiveness
✓ Consistent format of reported emails preserving all information required for effective analysis, and reported simulations supressed avoiding distractions to the SOC
ENABLING BEST PRACTICE
![Page 22: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/22.jpg)
Cofense Triage
✓ Speed and efficiency in phishing incident response
✓ Understand and process threat campaigns through clustering
✓ Create Playbooks to automate incident response actions
✓ Quickly identify and quantify risk – leverage reporter reputation and status to identify zero-day threats
✓ Maintain high reporting engagement through automated user feedback on what they reported, every time they report
ENABLING BEST PRACTICE
![Page 23: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/23.jpg)
Cofense Vision
✓ Quickly identify all recipients of complex phishing attacks
✓ Single click quarantine to remove threat from all mailboxes
✓ Proactively hunt for unreported threats
✓ Transparent audit and governance of mitigation actions
ENABLING BEST PRACTICE
![Page 24: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/24.jpg)
Cofense Intelligence
✓ Provide human-vetted phishing threat intelligence to drive and underpin phishing awareness and defence activities
✓ Machine readable IOCs inform decisions on what to block
✓ Rapid and accurate identification of malicious content
✓ Insight into emerging TTPs to help shape investment decisions for ongoing defense
ENABLING BEST PRACTICE
![Page 25: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/25.jpg)
Cofense Managed Outcomes
✓ Fully Managed Services: phishing simulations and analysis
✓ Highly trained anti-phishing Specialists
✓ Experienced malware analysts utilizing best-of-breed Threat
Analysis Tooling
✓ Static & Dynamic Threat Analysis with a Global Perspective
✓ Customized scenario strategy: condition users to recognize
current threats
• Increased Phishing Resiliency
• Actionable Threat Intelligence
• Real-Time Threat Sharing
ENABLING BEST PRACTICE
![Page 26: INTELLIGENT PHISHING DEFENSE · PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users begin reporting the attack to the PDC PDC begins analysis 12:00 Analysis](https://reader035.vdocuments.mx/reader035/viewer/2022062917/5ed17ec1acd931308b513225/html5/thumbnails/26.jpg)
Sławomir Karpiński – CONNECT DISTRIBUTIONRupert Collier - Cofense
CONNECT DISTRIBUTION Sp. z [email protected]
www.connectdistribution.pl+48 22 400 1234