SlideShare uma empresa Scribd logo

Beyond takeover: stories from a hacked account

Imperva
Imperva

In this presentation, Imperva researchers explore the dynamics of credential theft. The team reversed a phishing hook to hack and track phishers using the same methods that phishers use on their victims. The presentation explores questions such as how long it takes from takeover to exploitation, what the attacker looks for in the hacked account, which decoys attract their attention, and what security practices they use to cover their tracks. Check out the slides and read the report to learn about real-world takeover stories and best practices for breach detection and remediation to protect your data. Read the full report: https://www.imperva.com/DefenseCenter/HackerIntelligenceReports

Software
1 de 60
© 2017 Imperva, Inc. All rights reserved. Beyond Takeover Stories from a Hacked Account Itsik Mantin, Luda Lazar July 2017
© 2017 Imperva, Inc. All rights reserved. • Itsik Mantin • Director of Security Research at Imperva • 16 years experience in the security industry • Holds an M.Sc. in Applied Math and Computer Science • Luda Lazar • Cyber Threat Researcher • 4 years of industry experience, mostly reverse engineering and security technology • Holds B. Sc. in Computer Science Speakers
© 2017 Imperva, Inc. All rights reserved. Acknowledgments • Tammer Ghattas • Jwana Yakub • Thinkst (providers of Canarytokens)
© 2017 Imperva, Inc. All rights reserved. Phishing 1
© 2017 Imperva, Inc. All rights reserved. Social Attacks • 43% of breaches involved social attacks
© 2017 Imperva, Inc. All rights reserved. Phishing • 80% of finance-motivated breaches involve phishing • 5-15% click-rate (varying between industries) Click-rate (per vertical)
© 2017 Imperva, Inc. All rights reserved. Phishing Objectives • Identity theft • Fraudulent transactionsFraud • Steal secret data • Espionage • Steal contacts Data theft • Spamming/phishing • Malware distribution • Site/person promotion Account abuse
© 2017 Imperva, Inc. All rights reserved. Phishing Phishing mail Fake website Credential stealing Malware download
© 2017 Imperva, Inc. All rights reserved. The Phishing Ecosystem Home- made Do-it- yourself Managed services Fraud Data theftAccount abuse
© 2017 Imperva, Inc. All rights reserved. Research Objectives Credential theft and account takeover Relation to breaches Dynamics of phishing attack Attackers’ practices Setup and maintenance of accounts Account monitoring Credentials leakage Collection and analysis of data Disclosing the accounts’ credentials to phishing campaigns Maintain personal online accounts Use Canarytokens to track attackers’ activity in the accounts Collect and analyze results
© 2017 Imperva, Inc. All rights reserved. The Research 11 2
© 2017 Imperva, Inc. All rights reserved. Our “Bait” Network Management Account 30 Groups of accounts 60 Singular email accounts
© 2017 Imperva, Inc. All rights reserved. Make Accounts Authentic
© 2017 Imperva, Inc. All rights reserved. Account Monitoring Activity
© 2017 Imperva, Inc. All rights reserved. Trace Login Attempts
© 2017 Imperva, Inc. All rights reserved. Tracking Account Activity Activity
© 2017 Imperva, Inc. All rights reserved. Canarytokens • Canarytokens toolkit created by Thinkst Applied Research • Decoys – documents and services that trigger alerts when accessed
© 2017 Imperva, Inc. All rights reserved. • Web bugs (URLs) – alert when URL is requested • Microsoft Word Documents – alert when a document is opened • Windows folders (ZIP archives) – alert when someone browsed a folder in File Explorer Canarytokens - Decoys Types
© 2017 Imperva, Inc. All rights reserved.
© 2017 Imperva, Inc. All rights reserved. Credentials Leakage • OpenPhish feed and PhishTank database - sources for zero-day phishing sites • We invite attackers by leaking our accounts credentials to phishing campaigns
© 2017 Imperva, Inc. All rights reserved. Leakage Rounds Credentials Leakage Round .. Credentials Leakage Round 3 Credentials Leakage Round 2 Credentials Leakage Round 1 Round Steps
© 2017 Imperva, Inc. All rights reserved. From Takeover to Exploitation 3
© 2017 Imperva, Inc. All rights reserved. 1 44% Not Penetrated 56% Account Penetration Statistics Repeated penetration 34%One-time penetration 66% One time/Repetitive penetration 1 23% 2 77% Access to data 88 from 200 credentials were used by the attackers 30 of 88 accounts were penetrated repeatedly (99 penetrations in total) 23% of penetrated accounts triggered 114 Canarytokens alerts 61% of Canarytokens triggered during repetitive penetration
© 2017 Imperva, Inc. All rights reserved. Takeover may not be Immediate
© 2017 Imperva, Inc. All rights reserved. Timely Detection Can Stop the Next Breach 56% of credentials were not exploited 54% exploitations happened after more than 24 hours
© 2017 Imperva, Inc. All rights reserved. 60%25% Exploration of a Hacked Account Time between login and last alert Login
© 2017 Imperva, Inc. All rights reserved. Password Reuse Practices Leak a lead account credentials All accounts in “bait” group have the same password Tracked the activity for all group accounts
© 2017 Imperva, Inc. All rights reserved. Propagation to other accounts 16% of attackers reused credentials to propagate to the other accounts
© 2017 Imperva, Inc. All rights reserved. 4 Attacker Practices
© 2017 Imperva, Inc. All rights reserved. Inside your Inbox
© 2017 Imperva, Inc. All rights reserved. What do attackers look for? 1 25% 2 75%
© 2017 Imperva, Inc. All rights reserved. Where did an Attacker Search for Information? 70% 18% 12%
© 2017 Imperva, Inc. All rights reserved. Effectiveness of Traps • Web bugs (URLs) – alert when URL is requested • Microsoft Word Documents – alert when a document is opened • Windows folders (ZIP archives) – alert when someone browsed a folder in File Explorer
© 2017 Imperva, Inc. All rights reserved. Account Abuse • 12% of accounts were used for further malicious activity
© 2017 Imperva, Inc. All rights reserved. Story Time - Full account takeover
© 2017 Imperva, Inc. All rights reserved. Manual or Automatic? Selective Data Access Discontinuous Access Quick First Access to Data 74% of primary Canarytokens triggered in first 3 minutes after login
© 2017 Imperva, Inc. All rights reserved. Covering Tracks
© 2017 Imperva, Inc. All rights reserved. Covering the tracks – Attackers’ Practices 17% 15% 13% 3% 2% Covered tracks Delete sign-in alerts from the Inbox Delete sent emails and failure notice messages Mark messages as unread Delete sign-in alert permanently
© 2017 Imperva, Inc. All rights reserved. Spotting Attackers 5
© 2017 Imperva, Inc. All rights reserved. Spotting Attackers – Anonymous Access 39… Tor, proxies or hosting services • 187 logins from 167 IP addresses and 18 countries
© 2017 Imperva, Inc. All rights reserved. Geographic Distribution of Attackers All accesses Excluding anonymous accesses
© 2017 Imperva, Inc. All rights reserved. Stories from the Hacked Account 6
© 2017 Imperva, Inc. All rights reserved. First Story: Launch Spear Phishing Attack One of the world's largest telecommunications operators
© 2017 Imperva, Inc. All rights reserved. Investigating Incident • Something is wrong…
© 2017 Imperva, Inc. All rights reserved. Investigating Incident • Step 1: Search evidences
© 2017 Imperva, Inc. All rights reserved. Investigating incident • Step 2: Analysis of evidences
© 2017 Imperva, Inc. All rights reserved. Investigating incident pedro……@yahoo.com
© 2017 Imperva, Inc. All rights reserved. Our Investigation • Step 3: Attribution pedro……@yahoo.com
© 2017 Imperva, Inc. All rights reserved. Second Story: In the Crosshairs of Inheritance Scammers Ms. Judith Chan Emma (Our Account)
© 2017 Imperva, Inc. All rights reserved. “…an opportunity like this only comes once in a lifetime” Ms. Judith Chan
© 2017 Imperva, Inc. All rights reserved. Judith Chan The Strategy 51
© 2017 Imperva, Inc. All rights reserved. What next? Agreement Letter
© 2017 Imperva, Inc. All rights reserved. The End of the Scam
© 2017 Imperva, Inc. All rights reserved. Summary and Conclusion 7
© 2017 Imperva, Inc. All rights reserved. Summary When credentials leak, takeover does not always happen (44% only) When it does, it is not always immediate (46% of hacked accounts) of attackers searched for sensitive data inside the honey accounts of the attacks were used for launching further attacks Password reuse was detected in (only) 16% of the attacks Of the attacks seem to use automation
© 2017 Imperva, Inc. All rights reserved. Conclusions • The Phishing threat is here to stay • Large numbers of stolen credentials + manual labor  attackers don’t even use them all (automation?) • Quick detection and mitigation of credential theft can reduce the account hacking probability by 54% • Attackers are sometimes as sloppy as their victims (or they don’t care about being identified) • Password reuse is less reused by attackers than what is commonly believed
© 2017 Imperva, Inc. All rights reserved. Human is Human Attackers • Fell into our phishing scams… • Left clear tracks in most accounts • Were sloppy and left hints for their identity Users • Security training and education is important but people will continue make mistakes, fall into social engineering and give the attackers the road in • Users will continue being the weakest and least predictable part of the organization
© 2017 Imperva, Inc. All rights reserved. CISO Takeaways • Password reuse is dangerous and might provide the attacker’s road to within the organization • Attackers are after data. Credentials, financial data, business data • Assume credentials of users are stolen For applications • Deploy phishing detection solution to detect credentials theft in time • Deploy account takeover protection For the enterprise network • Assume attackers are already in • Protect your business critical data as close as possible to the data
© 2017 Imperva, Inc. All rights reserved. Get the Report Read the full research report “Beyond Takeover - Stories from a Hacked Account” here: https://www.imperva.com/DefenseCenter/HackerIntelligenceReports
Beyond takeover: stories from a hacked account

Recomendados

Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised InsiderImperva
 
The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatImperva
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringImperva
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricRahul Neel Mani
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Informationjenkoon
 

Recomendados

Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised InsiderImperva
 
The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatImperva
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringImperva
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricRahul Neel Mani
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Informationjenkoon
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
The State of Ransomware 2020
The State of Ransomware 2020The State of Ransomware 2020
The State of Ransomware 2020Netpluz Asia Pte Ltd
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudGGV Capital
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018Greg Foss
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
Cyber Security Predictions 2016
Cyber Security Predictions 2016Cyber Security Predictions 2016
Cyber Security Predictions 2016Quick Heal Technologies Ltd.
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Greg Foss
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceAdvanced Technology Consulting (ATC)
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeCristian Garcia G.
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
The Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the ServerThe Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the ServerRahul Neel Mani
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101Cloudflare
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 
Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Kevin Murphy
 
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the HumanPhishLabs
 

Mais conteúdo relacionado

Mais procurados

Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudGGV Capital
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018Greg Foss
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Greg Foss
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeCristian Garcia G.
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
The Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the ServerThe Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the ServerRahul Neel Mani
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101Cloudflare
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 

Mais procurados (20)

Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
The State of Ransomware 2020
The State of Ransomware 2020The State of Ransomware 2020
The State of Ransomware 2020
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
 
Cyber Security Predictions 2016
Cyber Security Predictions 2016Cyber Security Predictions 2016
Cyber Security Predictions 2016
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and Compliance
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nube
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
The Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the ServerThe Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the Server
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 

Semelhante a Beyond takeover: stories from a hacked account

Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Kevin Murphy
 
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the HumanPhishLabs
 
Bay Area Cyber Security Meetup - How To Stay Safe Online
Bay Area Cyber Security Meetup - How To Stay Safe OnlineBay Area Cyber Security Meetup - How To Stay Safe Online
Bay Area Cyber Security Meetup - How To Stay Safe OnlineDavid Dowling
 
The Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your ToolkitThe Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your ToolkitDawn Yankeelov
 
Jisc cyber security posture survey
Jisc cyber security posture surveyJisc cyber security posture survey
Jisc cyber security posture surveyJisc
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxAfsanaMumal2
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017Doug Copley
 
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCanSecWest
 
Preventing ATO in a post Equifax breach world
Preventing ATO in a post Equifax breach worldPreventing ATO in a post Equifax breach world
Preventing ATO in a post Equifax breach worldLaurent Pacalin
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxsanap6
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxinstaeditz009
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingCyren, Inc
 
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware ExplosionPhishLabs
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defensecentralohioissa
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseJason Luttrell, CISSP, CISM
 
Cybersecurity Awareness Overview- BSBXCS402.pptx
Cybersecurity Awareness Overview- BSBXCS402.pptxCybersecurity Awareness Overview- BSBXCS402.pptx
Cybersecurity Awareness Overview- BSBXCS402.pptxitsamuamit11
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgEric Vanderburg
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 

Semelhante a Beyond takeover: stories from a hacked account (20)

Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017
 
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human
 
Bay Area Cyber Security Meetup - How To Stay Safe Online
Bay Area Cyber Security Meetup - How To Stay Safe OnlineBay Area Cyber Security Meetup - How To Stay Safe Online
Bay Area Cyber Security Meetup - How To Stay Safe Online
 
HACKING
HACKINGHACKING
HACKING
 
The Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your ToolkitThe Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your Toolkit
 
Jisc cyber security posture survey
Jisc cyber security posture surveyJisc cyber security posture survey
Jisc cyber security posture survey
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptx
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
 
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
 
Preventing ATO in a post Equifax breach world
Preventing ATO in a post Equifax breach worldPreventing ATO in a post Equifax breach world
Preventing ATO in a post Equifax breach world
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptx
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptx
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
 
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
 
Cybersecurity Awareness Overview- BSBXCS402.pptx
Cybersecurity Awareness Overview- BSBXCS402.pptxCybersecurity Awareness Overview- BSBXCS402.pptx
Cybersecurity Awareness Overview- BSBXCS402.pptx
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
 

Mais de Imperva

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged VendorsImperva
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet SophisticationImperva
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made EasyImperva
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceImperva
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyImperva
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR PlanImperva
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataImperva
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityImperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarImperva
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 

Mais de Imperva (20)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall Webinar
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public Cloud
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 

Último

Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecturerahul_net
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfYashikaSharma391629
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 

Último (20)

Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 

Beyond takeover: stories from a hacked account

  • 1. © 2017 Imperva, Inc. All rights reserved. Beyond Takeover Stories from a Hacked Account Itsik Mantin, Luda Lazar July 2017
  • 2. © 2017 Imperva, Inc. All rights reserved. • Itsik Mantin • Director of Security Research at Imperva • 16 years experience in the security industry • Holds an M.Sc. in Applied Math and Computer Science • Luda Lazar • Cyber Threat Researcher • 4 years of industry experience, mostly reverse engineering and security technology • Holds B. Sc. in Computer Science Speakers
  • 3. © 2017 Imperva, Inc. All rights reserved. Acknowledgments • Tammer Ghattas • Jwana Yakub • Thinkst (providers of Canarytokens)
  • 4. © 2017 Imperva, Inc. All rights reserved. Phishing 1
  • 5. © 2017 Imperva, Inc. All rights reserved. Social Attacks • 43% of breaches involved social attacks
  • 6. © 2017 Imperva, Inc. All rights reserved. Phishing • 80% of finance-motivated breaches involve phishing • 5-15% click-rate (varying between industries) Click-rate (per vertical)
  • 7. © 2017 Imperva, Inc. All rights reserved. Phishing Objectives • Identity theft • Fraudulent transactionsFraud • Steal secret data • Espionage • Steal contacts Data theft • Spamming/phishing • Malware distribution • Site/person promotion Account abuse
  • 8. © 2017 Imperva, Inc. All rights reserved. Phishing Phishing mail Fake website Credential stealing Malware download
  • 9. © 2017 Imperva, Inc. All rights reserved. The Phishing Ecosystem Home- made Do-it- yourself Managed services Fraud Data theftAccount abuse
  • 10. © 2017 Imperva, Inc. All rights reserved. Research Objectives Credential theft and account takeover Relation to breaches Dynamics of phishing attack Attackers’ practices Setup and maintenance of accounts Account monitoring Credentials leakage Collection and analysis of data Disclosing the accounts’ credentials to phishing campaigns Maintain personal online accounts Use Canarytokens to track attackers’ activity in the accounts Collect and analyze results
  • 11. © 2017 Imperva, Inc. All rights reserved. The Research 11 2
  • 12. © 2017 Imperva, Inc. All rights reserved. Our “Bait” Network Management Account 30 Groups of accounts 60 Singular email accounts
  • 13. © 2017 Imperva, Inc. All rights reserved. Make Accounts Authentic
  • 14. © 2017 Imperva, Inc. All rights reserved. Account Monitoring Activity
  • 15. © 2017 Imperva, Inc. All rights reserved. Trace Login Attempts
  • 16. © 2017 Imperva, Inc. All rights reserved. Tracking Account Activity Activity
  • 17. © 2017 Imperva, Inc. All rights reserved. Canarytokens • Canarytokens toolkit created by Thinkst Applied Research • Decoys – documents and services that trigger alerts when accessed
  • 18. © 2017 Imperva, Inc. All rights reserved. • Web bugs (URLs) – alert when URL is requested • Microsoft Word Documents – alert when a document is opened • Windows folders (ZIP archives) – alert when someone browsed a folder in File Explorer Canarytokens - Decoys Types
  • 19. © 2017 Imperva, Inc. All rights reserved.
  • 20. © 2017 Imperva, Inc. All rights reserved. Credentials Leakage • OpenPhish feed and PhishTank database - sources for zero-day phishing sites • We invite attackers by leaking our accounts credentials to phishing campaigns
  • 21. © 2017 Imperva, Inc. All rights reserved. Leakage Rounds Credentials Leakage Round .. Credentials Leakage Round 3 Credentials Leakage Round 2 Credentials Leakage Round 1 Round Steps
  • 22. © 2017 Imperva, Inc. All rights reserved. From Takeover to Exploitation 3
  • 23. © 2017 Imperva, Inc. All rights reserved. 1 44% Not Penetrated 56% Account Penetration Statistics Repeated penetration 34%One-time penetration 66% One time/Repetitive penetration 1 23% 2 77% Access to data 88 from 200 credentials were used by the attackers 30 of 88 accounts were penetrated repeatedly (99 penetrations in total) 23% of penetrated accounts triggered 114 Canarytokens alerts 61% of Canarytokens triggered during repetitive penetration
  • 24. © 2017 Imperva, Inc. All rights reserved. Takeover may not be Immediate
  • 25. © 2017 Imperva, Inc. All rights reserved. Timely Detection Can Stop the Next Breach 56% of credentials were not exploited 54% exploitations happened after more than 24 hours
  • 26. © 2017 Imperva, Inc. All rights reserved. 60%25% Exploration of a Hacked Account Time between login and last alert Login
  • 27. © 2017 Imperva, Inc. All rights reserved. Password Reuse Practices Leak a lead account credentials All accounts in “bait” group have the same password Tracked the activity for all group accounts
  • 28. © 2017 Imperva, Inc. All rights reserved. Propagation to other accounts 16% of attackers reused credentials to propagate to the other accounts
  • 29. © 2017 Imperva, Inc. All rights reserved. 4 Attacker Practices
  • 30. © 2017 Imperva, Inc. All rights reserved. Inside your Inbox
  • 31. © 2017 Imperva, Inc. All rights reserved. What do attackers look for? 1 25% 2 75%
  • 32. © 2017 Imperva, Inc. All rights reserved. Where did an Attacker Search for Information? 70% 18% 12%
  • 33. © 2017 Imperva, Inc. All rights reserved. Effectiveness of Traps • Web bugs (URLs) – alert when URL is requested • Microsoft Word Documents – alert when a document is opened • Windows folders (ZIP archives) – alert when someone browsed a folder in File Explorer
  • 34. © 2017 Imperva, Inc. All rights reserved. Account Abuse • 12% of accounts were used for further malicious activity
  • 35. © 2017 Imperva, Inc. All rights reserved. Story Time - Full account takeover
  • 36. © 2017 Imperva, Inc. All rights reserved. Manual or Automatic? Selective Data Access Discontinuous Access Quick First Access to Data 74% of primary Canarytokens triggered in first 3 minutes after login
  • 37. © 2017 Imperva, Inc. All rights reserved. Covering Tracks
  • 38. © 2017 Imperva, Inc. All rights reserved. Covering the tracks – Attackers’ Practices 17% 15% 13% 3% 2% Covered tracks Delete sign-in alerts from the Inbox Delete sent emails and failure notice messages Mark messages as unread Delete sign-in alert permanently
  • 39. © 2017 Imperva, Inc. All rights reserved. Spotting Attackers 5
  • 40. © 2017 Imperva, Inc. All rights reserved. Spotting Attackers – Anonymous Access 39… Tor, proxies or hosting services • 187 logins from 167 IP addresses and 18 countries
  • 41. © 2017 Imperva, Inc. All rights reserved. Geographic Distribution of Attackers All accesses Excluding anonymous accesses
  • 42. © 2017 Imperva, Inc. All rights reserved. Stories from the Hacked Account 6
  • 43. © 2017 Imperva, Inc. All rights reserved. First Story: Launch Spear Phishing Attack One of the world's largest telecommunications operators
  • 44. © 2017 Imperva, Inc. All rights reserved. Investigating Incident • Something is wrong…
  • 45. © 2017 Imperva, Inc. All rights reserved. Investigating Incident • Step 1: Search evidences
  • 46. © 2017 Imperva, Inc. All rights reserved. Investigating incident • Step 2: Analysis of evidences
  • 47. © 2017 Imperva, Inc. All rights reserved. Investigating incident pedro……@yahoo.com
  • 48. © 2017 Imperva, Inc. All rights reserved. Our Investigation • Step 3: Attribution pedro……@yahoo.com
  • 49. © 2017 Imperva, Inc. All rights reserved. Second Story: In the Crosshairs of Inheritance Scammers Ms. Judith Chan Emma (Our Account)
  • 50. © 2017 Imperva, Inc. All rights reserved. “…an opportunity like this only comes once in a lifetime” Ms. Judith Chan
  • 51. © 2017 Imperva, Inc. All rights reserved. Judith Chan The Strategy 51
  • 52. © 2017 Imperva, Inc. All rights reserved. What next? Agreement Letter
  • 53. © 2017 Imperva, Inc. All rights reserved. The End of the Scam
  • 54. © 2017 Imperva, Inc. All rights reserved. Summary and Conclusion 7
  • 55. © 2017 Imperva, Inc. All rights reserved. Summary When credentials leak, takeover does not always happen (44% only) When it does, it is not always immediate (46% of hacked accounts) of attackers searched for sensitive data inside the honey accounts of the attacks were used for launching further attacks Password reuse was detected in (only) 16% of the attacks Of the attacks seem to use automation
  • 56. © 2017 Imperva, Inc. All rights reserved. Conclusions • The Phishing threat is here to stay • Large numbers of stolen credentials + manual labor  attackers don’t even use them all (automation?) • Quick detection and mitigation of credential theft can reduce the account hacking probability by 54% • Attackers are sometimes as sloppy as their victims (or they don’t care about being identified) • Password reuse is less reused by attackers than what is commonly believed
  • 57. © 2017 Imperva, Inc. All rights reserved. Human is Human Attackers • Fell into our phishing scams… • Left clear tracks in most accounts • Were sloppy and left hints for their identity Users • Security training and education is important but people will continue make mistakes, fall into social engineering and give the attackers the road in • Users will continue being the weakest and least predictable part of the organization
  • 58. © 2017 Imperva, Inc. All rights reserved. CISO Takeaways • Password reuse is dangerous and might provide the attacker’s road to within the organization • Attackers are after data. Credentials, financial data, business data • Assume credentials of users are stolen For applications • Deploy phishing detection solution to detect credentials theft in time • Deploy account takeover protection For the enterprise network • Assume attackers are already in • Protect your business critical data as close as possible to the data
  • 59. © 2017 Imperva, Inc. All rights reserved. Get the Report Read the full research report “Beyond Takeover - Stories from a Hacked Account” here: https://www.imperva.com/DefenseCenter/HackerIntelligenceReports