Over 90 percent of cyber attacks start the same way: with a phishing message. Attackers slip all manner of malware into your organization just by convincing users -- even admin-level users in the IT department -- to click on a link. Fraudsters carrying out business email compromise attacks are even more clever, forgoing malware and malicious links altogether, and scamming companies out of $47 million, $75 million and more, simply by asking for it the right way. Social engineering is, at the very least, how attackers get their foot in the door, and at worst, how they get away with your crown jewels. In this session, learn about attackers' new twists on the oldest tricks in the book, and how to protect your organization against them.
24. • Business Working with a Foreign Supplier
• Business Executive Receiving or Initiating a Request for a Wire
Transfer
• Business Contacts Receiving Fraudulent Correspondence
through Compromised E-mail
• Data Theft
• Business Executive and Attorney Impersonation
https://www.ic3.gov/media/2017/170504.aspx
Most Common BEC Scenarios
25.
26. • Business Working with a Foreign Supplier
• Business Executive Receiving or Initiating a Request for a Wire
Transfer
• Business Contacts Receiving Fraudulent Correspondence
through Compromised E-mail
• Data Theft
• Business Executive and Attorney Impersonation
https://www.ic3.gov/media/2017/170504.aspx
Most Common BEC Scenarios
27.
28. • Clearly-defined process for financial transactions
• Out-of-band verification for transactions beyond a threshold
• Multi-factor authentication
Mitigation Strategies
74. Tailored
Incident Response Plan
• Identify the most common threats facing your company
• Define and enforce incident response plans for these threats
85. Revert to Known-
Good Backup
• Getting around persistence is hard and not
worth it
• Difficult to tell if its actually eradicated
86. Burn Payload
Infrastructure
• Break Command and Control channels
• Blacklist server IP addresses and DNS names
• Buy time to respond
• Make attackers spend money
90. Any questions ?
You can find us at:
• @bishopfox
• facebook.com/bishopfoxconsulting
• linkedin.com/company/bishop-fox
• google.com/+bishopfox
Thanks!