Phishing: Swiming with the sharks

Phishing: Swimming with the Sharks By Nalneesh Gaur InfoSecurity New York Oct 24, 2006

Outline ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

What Is Phishing? Phishing uses both social engineering and technical ploy to steal personal information for financial gain ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Technical ploys range from simple to sophisticated

Example Attacks (Fraudulent Link) The link in the phishing attack will take you to a look-alike site source: The Anti-phishing group

Example Attacks (Fraudulent Link) Criminals capitalize on global events Global events such as a tsunami, crisis in the middle-east or Michael Jackson trial are all exploited to trick the user into submitting personal information. source: The Anti-phishing group

Example Attacks (Trojan Crimeware) Users are tricked into installing Trojans that capture personal information ,[object Object]

Example Attacks (Trojan Crimeware) Trojan Crimeware are capable of key stroke and screen capture, redirection, and more ,[object Object],source: The Anti-phishing group

Example Attacks (Forms in Email) HTML enabled emails will deliver the phish within the body of the email The email requests the victim for personal information within the email message itself. source: The Anti-phishing group

Example Attacks (Address Bar Forgery) Address bar forgery succeeds because it relies on default desktop settings After the initial splash screen the phish proceeds to request personal information. Phished address bar Phished address bar again

Example Attack (Address Bar Forgery) Address bar forgery will even trick the user who relies on the site address to detect a phish source: The Anti-phishing group The unsuspecting user may not be able to detect that they are dealing with a phish. Address bar forgery again

An Example Attack (Out-of-band Reply) Even savvy users may be tricked when asked to provide a response over phone ,[object Object],Dear Customer, We've noticed that you experienced trouble logging into Santa Barbara Bank & Trust Online Banking. After three unsuccessful attempts to access your account, your Santa Barbara Bank & Trust Online Profile has been locked. This has been done to secure your accounts and to protect your private information. Santa Barbara Bank & Trust is committed to make sure that your online transactions are secure. Call this phone number ( 1-805-214-4801 ) to verify your account and your identity. Sincerely, Santa Barbara Bank & Trust Inc. Online Customer Service source: Gary Warner, The Anti-phishing group

Pharming Pharming attacks are difficult to detect because they target infrastructure elements ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Phishing Attack Lifecycle The crime syndicates are highly organized source: The FSTC Counter-phishing solution survey The phishers distribute automated tools and kits over the Internet to speed up each step in the lifecycle.

Phishing Kits Phishing kits contain the necessary content to launch a phishing attack Phishing kits are easily available on the Internet for as little as $150. The particular phishing kit shown below can be used to target up to 20 institutions.

Trojan Crimeware Kits Crimeware kits distribute and administer Trojans and collect personal information. Source: Enrique Gonzalez, Panda Software

Crimeware Tools Crimeware tools are sophisticated and easy to use

Crimeware is for Real Sophisticated screen scrappers bypass anti-keylogging mechanisms Source: Hispasec Sistemas/virustotal.com

Crimeware Evades Detection Anti-Virus tools are unable to detect Crimeware Trojans

After The Phish Phishers use the captured information for money laundering and to commit financial fraud ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Credit Cards/ Personal Information Carders Phishing Mules e b a y Paypal Financial Gain Money Laundering Carders and Phishing Mules are the means to commit financial fraud.

The Carders The Carders trade or deal in stolen credit card information ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Forging a magnetic card is easy The equipment and card stock to forge magnetic cards can be obtained for under $1000 Track one is 210 bits per inch (bpi), and holds 79 6-bit plus parity bit read-only characters. Track two is 75 bpi, and holds 40 4-bit plus parity bit characters. Track three is 210 bpi, and holds 107 4-bit plus parity bit characters. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],1 ,[object Object],[object Object],[object Object],3 ,[object Object],[object Object],[object Object],[object Object],2

Phishing Mules Phishers recruits “mules” to launder money using a ploy ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Trends – Rise in Crimeware Financial Institutions are clearly the target and use of crimeware is increasing source: The Anti-phishing group

Trends and Implications Crimeware will improve in sophistication and increasingly exploit new vulnerabilities. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Enterprise Preventative Measures Strong Authentication will defeat credential capture ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Enterprise Preventative Measures Digitally Signed Email authenticate the sender ,[object Object],[object Object],[object Object],[object Object],[object Object]

Enterprise Preventative Measures Sender Email Server Authentication ensures that email sender is verified ,[object Object],[object Object],[object Object],[object Object],[object Object]

Enterprise Preventative Measures Improving user awareness is effective when done properly but should not be the only solution ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Enterprise Preventative Measures Use of personalization features act as a shared secret between the user and the Institution ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Enterprise Preventative Measures Improving web application security will minimize the exposures available to phishers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Enterprise Preventative Measures Maintaining consistent URL’s will help users who rely on them to detect phish ,[object Object],[object Object],[object Object],[object Object]

Enterprise Preventative Measures Improving Infrastructure security will thwart pharming attacks ,[object Object],[object Object],[object Object],[object Object],[object Object]

Enterprise Detective/Corrective Measures A holistic solution should incorporate detective and corrective features ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Solution Categories Approximately 200 vendors seek to provide solution to phishing Vendors Matrix for each category available at the Antiphishing members only site - https://antiphishing.kavi.com/members, Solution Evaluation/Trial group

Solutions For The Individual The individual user needs to be vigilant and exercise caution ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

The Statistics ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Resources ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Resources Cont. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Phishing: Swiming with the sharks

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Phishing: Swiming with the sharks

Similar to Phishing: Swiming with the sharks (20)

Phishing: Swiming with the sharks