cybersecurity phishing and mfa for vpn
play

Cybersecurity, Phishing, and MFA for VPN Irwin Gaines Report to UEC - PowerPoint PPT Presentation

Jan 18, 2023 •530 likes •911 views

Cybersecurity, Phishing, and MFA for VPN Irwin Gaines Report to UEC Dec 7 2018 Rebranding of former computer security team We are now the Cybersecurity team All communication to cybersecurity@fnal.gov (including incident reports,

  1. Cybersecurity, Phishing, and MFA for VPN Irwin Gaines Report to UEC Dec 7 2018

  2. “Rebranding” of former computer security team We are now the Cybersecurity team All communication to cybersecurity@fnal.gov (including incident reports, phishing reports or questions, other cybersecurity questions, etc.) new web page at http://securityawareness.fnal.gov Emphasis on partnership between cybersecurity team, management, and employees 2 1/14/2019 Phishing Report - Irwin Gaines

  3. 3 1/14/2019 Phishing Report - Irwin Gaines

  4. Outline • Cybersecurity is everyone’s responsibility • Phishing: Forged email trying to induce the recipient to click on a link which will either download malicious software to their computer (or mobile device) or take the user to a seemingly legitimate website to “phish” for user credentials or other personal information. – Why phishing exercises – What were the exercises – Results of the exercises – Consequences: moving forward (Proofpoint) • MFA and VTC – MFA already in use at Fermi but primarily for privileged access to enterprise systems and any access to business and HR systems; scientists and user community not impacted – New threats require additional use, in particular VPN which will impact scientists and users 4 1/14/2019 Phishing Report - Irwin Gaines

  5. Why phishing exercises • Statistically, phishing remains as one of the primary means to compromise an individual or company – According to a study done by Google, phishing poses the biggest threat to your online security [1] – 91% of cyber attacks (from 2015 to 2016) start with a phishing email [2] – Notable compromises have been accomplished via phishing – a handful of examples include: PNNL/ORNL [3], Sony [4], and DNC [5]. – Phishing combined with password reuse leads to further possible compromises via credential stuffing • Fermilab has implemented anti-phishing training and incorporated phishing assessment as part of its security awareness training – There previously hasn’t existed means to actually test the effectiveness of this training 5 1/14/2019 Phishing Report - Irwin Gaines

  6. Why phishing exercises (2) • We have not done phishing exercises in the past, partly because of my (now proved to be mistaken) belief that our employees and users would not click on malicious links in email • But with the increasing prevalence of phishing and with the frequent breaches of government systems because of responses to phishing, the government and DOE are requiring such exercises • Seeing the handwriting on the wall, we began regular exercises last summer (shortly before we were told to do them) 6 1/14/2019 Phishing Report - Irwin Gaines

  7. Initial Flood of Phishing Reports • On Tuesday, June 26, 2018 (starting at 8:50am), a flood of reports (over 40) came into Fermi’s Incident Response (FIR) Team • Link was blocked within five minutes by FIR • Looking into the email, it appeared that the sender’s account was compromised 7 1/14/2019 Art Lee | User Compromise Involving Lab Director Phishing Emails

  8. Phishing exercise details • A number of different campaigns have been run – these were all based on real- world scenarios and had different goals to assess awareness with Fermi users (those with mailboxes). All had a variety of clues indicating they were not legitimate • July 2017 – The first campaign was a package delivery phish which simulated a UPS delivery notification – its intent was to look slightly “genuine” – The second campaign was a password reset phish which was based on a real password reset email – its intent was to see the response rate for garden variety phishing • Aug 2017 – The first campaign was a password reset phish modeled after a real email reported to CST last month • This included a link to a website (hosted on by the testing provider) that simulated a web- based password reset form – The second campaign was a scam phish requesting a user to send money as an investment to receive more money • This was based on real (and frequent) scam emails, however has been modified for context 8 1/14/2019 Phishing Report - Irwin Gaines

  9. Phishing exercise details (2) • Sep 2017 – The first campaign was a Facebook deactivation confirmation phish • This was based on real phishing emails not generally received by Fermi users; however these are very common – The second campaign was a scam phish impersonating a Charles Schwab email requesting a user to receive money • This was based on a real phishing email received by Fermi users • Oct 2017 – The first campaign was a FedEx delivery notification phis • This was based off a real FedEx delivery email. This is a followup to the UPS delivery notification phish from July of this year. – The second campaign was a scam phish noting that a foreign email address was added to a user’s Paypal account • This was based on a real phishing scheme – however this has not been reported to us from Fermi users. 9 1/14/2019 Phishing Report - Irwin Gaines

  10. Phishing exercise details (3) • Nov 2017 – The first campaign was a Netflix billing campaign • This was based off a real Netflix phishing scam. It was designed to trick users into thinking that their Netflix payment was not validated, resulting in a suspension of the account. – The second campaign was a USPS phish noting the delivery status of the shipment. • This was targeted specifically to repeat offenders that clicked on both the past UPS and FedEx package delivery phish campaigns. • Feb 2018 – The first campaign was a Microsoft security alert • This is an email from “Microsoft” stating that someone else may have accessed his/her account. If the user clicks the link to verify the account, a fake login page will be shown. The user may enter his/her credentials into this form. – The second campaign was a DropBox sharing notification • This is an email from “DropBox” stating that a person has shared a PDF regarding neutrinos with the user 10 1/14/2019 Phishing Report - Irwin Gaines

  11. UPS Quantum View campaign 11 1/14/2019 Phishing Report - Irwin Gaines

  12. ICT Service Desk campaign 12 1/14/2019 Phishing Report - Irwin Gaines

  13. Please reset your password campaign (1 of 2) 13 1/14/2019 Phishing Report - Irwin Gaines

  14. Please reset your password campaign (2 of 2) 14 1/14/2019 Phishing Report - Irwin Gaines

  15. LETTER FROM HOSPITAL campaign 15 1/14/2019 Phishing Report - Irwin Gaines

  16. Sorry to see you leave Facebook! campaign 16 1/14/2019 Phishing Report - Irwin Gaines

  17. Your Schwab Brokerage Deposit campaign 17 1/14/2019 Phishing Report - Irwin Gaines

  18. FedEx Tracking Email campaign 18 1/14/2019 Phishing Report - Irwin Gaines

  19. Paypal email address campaign 19 1/14/2019 Phishing Report - Irwin Gaines

  20. Netflix Billing Campaign 20 1/14/2019 Phishing Report - Irwin Gaines

  21. USPS Delivery Status 21 1/14/2019 Phishing Report - Irwin Gaines

  22. Microsoft Security Alert 22 1/14/2019 Phishing Report - Irwin Gaines

  23. Microsoft Security Alert 23 1/14/2019 Phishing Report - Irwin Gaines

  24. DropBox Sharing 24 1/14/2019 Phishing Report - Irwin Gaines

  25. Phish landing page 25 1/14/2019 Phishing Report - Irwin Gaines

  26. Phish landing page 26 1/14/2019 Phishing Report - Irwin Gaines

  27. Campaign # clicks % clicks # reports # repeats Results of Phishing Exercises UPS delivery 753 27% 38 ICT service desk 177 7% 52 Reset password 327/199 12%/8% 62 Letter from hospital 7 0.3% 25 Facebook deactivation 159 5.8% 54 Schwab brokerage 37 1.3% 44 FedEx tracking 345 13% 110 293 Paypal email addr 227 8% 122 206 Netflix 115 4% 84 164 USPS (only 137 users) 50 36% 1 50 Microsoft alert 57/10 2%/0.4% 166 96 Dropbox 115 4% 50 179 27 1/14/2019 Phishing Report - Irwin Gaines

  28. Overall lessons learned • Click rates are still higher than we would like, but overall performance is improving • Repeat offenders be a problem, considering 137 users fell for both the UPS and the FedEx shipping phishes, and 50 still fell for the USPS phish • Users reporting phishes has gone way up • Many users read the phish email from mobile devices and/or from outside of Fermilab (and so will not be protected by web blocks at the lab) – Note that first report of a new phish will have the landing site for that phish blocked in our web proxies, providing protection for anyone who is on site when they click 28 1/14/2019 Phishing Report - Irwin Gaines

  29. Going forward • Regular phishing campaigns will continue to be implemented – some will use varied attack vectors • There will be consequences to users when they repeatedly “fail” a phishing exercise – Currently 43 3-time offenders have had Remedial Phishing Training added to their ITPs • URL “defanging” service being implemented from ProofPoint – This will prepend links to ProofPoint’s servers to verify if a link is legitimate or not – Unlike controls like the proxy servers, this can mitigate risks outside of the lab – This can also mitigate risks regardless of platform (Windows, MacOS, iOS, Android, etc.) – Whitelisting and blacklisting will be possible for versatility • Still need to raise ongoing awareness with users – securityawareness.fnal.gov 29 1/14/2019 Phishing Report - Irwin Gaines

  30. 30 1/14/2019 Phishing Report - Irwin Gaines

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

7/17/2020 KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing Attacks Malware/Ransomware Hacking Imposter Scams 1 7/17/2020 KACo Cybersecurity Training BEWARE OF Phishing Phishing attacks

248 views • 6 slides
The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing In a Nutshell 2. Phishing Types & Techniques 3. Phishing Stats & Modern Trends 4. Case-Study 5. Stay Safe 2 Speaker ABOUT ME

478 views • 24 slides
Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. Phishing can be in the form of emails, social

530 views • 20 slides
Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

School of Fin ine Arts Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the attempt to obtain personal information such as passwords and logins for malicious purposes. By appearing to be legitimate the

255 views • 13 slides
VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

THE STATE OF PHISHING ATTACK VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of Phishing Counter Measures Reports on Phishing Isaac K. Acheampong Facilities Manager BSc IT, Dip. IT, Sec+ STATE OF

711 views • 34 slides
Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing? Phishing email messages, websites, and phone calls are designed to steal money or sensitive information. Cybercriminals can do this by installing

264 views • 24 slides
PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing 3.0 Phishing kit 4.0 Types of Phishing 5.0 Avoidance Techniques 6.0 Effect of Phishing on Businesses 7.0 Demos & Practical INTRODUCTION

565 views • 27 slides
Cybersecurity Update Dale Marroquin, CISSP Information Security Officer San Antonio Federal

Cybersecurity Update Dale Marroquin, CISSP Information Security Officer San Antonio Federal

Cybersecurity Update Dale Marroquin, CISSP Information Security Officer San Antonio Federal Credit Union Topics Cybersecurity news and headlines What are the threats and targets? Hackers and malware Email - Phishing

854 views • 50 slides
Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring: What is phishing? How phishing can damage a business What are the difgerent types of phishing? How to spot a phishing email What to do if

159 views • 12 slides
Phishing, CEO Fraud & Other Criminal Tactics Fe February 19t 19th,2 ,2020 Mat Matthe

Phishing, CEO Fraud & Other Criminal Tactics Fe February 19t 19th,2 ,2020 Mat Matthe

Phishing, CEO Fraud & Other Criminal Tactics Fe February 19t 19th,2 ,2020 Mat Matthe hew Ellis , Incident Management, UBC Cybersecurity FACTS At UBC, we are responsible for substantial amounts of personal information about

447 views • 33 slides
of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

PhishEye: Xiao Han Nizar Kheir Live Monitoring Davide Balzarotti of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results [APWG Phishing Activity Trends Report 2 nd Quarter 2016] All time high record

921 views • 59 slides
Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing 2. Strategic defense techniques 3. A new client based solution: DOMAntiPhish 4. Conclusions Nature of Phishing Statistics from the Anti

536 views • 31 slides
U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides
Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke

Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke

Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke Tian, Steve T.K. Jan , Hang Hu, Danfeng Yao, Gang Wang Computer Science, Virginia Tech Phishing is a Big Th Threat Phishing: fraudulent attempt

411 views • 30 slides
Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able

Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able

Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able to: Define phishing Identify signs of a potential phishing email Know where to report phishing emails to and how to report them

168 views • 15 slides
Yahoo-Yahoo Busted Cybersecurity Issues in FBI vs Invictus and 80 others Courtesy:

Yahoo-Yahoo Busted Cybersecurity Issues in FBI vs Invictus and 80 others Courtesy:

Yahoo-Yahoo Busted Cybersecurity Issues in FBI vs Invictus and 80 others Courtesy: https://www.fbi.gov/ In Invictus Obi i (O (OBINWANNE OKEKE) A spear phishing on CFO of Unatrac Holding Limited, UK Unatrac email account was hosted

144 views • 12 slides
Men Who Built the Beach: The Price Brothers Homes and Other Stories Adapted from a Talk for the

Men Who Built the Beach: The Price Brothers Homes and Other Stories Adapted from a Talk for the

Men Who Built the Beach: The Price Brothers Homes and Other Stories Adapted from a Talk for the Beach and East Toronto Historical Society On 22 October 2019 * Paul Warner * New information, from informed Beach residents and newly-found Price

769 views • 45 slides
Proof as a cl cluster co conce cept in in ma mathema matica ical pract ctice ice Keith

Proof as a cl cluster co conce cept in in ma mathema matica ical pract ctice ice Keith

Proof as a cl cluster co conce cept in in ma mathema matica ical pract ctice ice Keith Weber Rutgers University Approach ches for de defi finin ing g proof In the philosophy of mathematics, there are two approaches to

1.28k views • 60 slides
Solving (Quantified) Horn Constraints for Program Verification and Synthesis Andrey Rybalchenko

Solving (Quantified) Horn Constraints for Program Verification and Synthesis Andrey Rybalchenko

Solving (Quantified) Horn Constraints for Program Verification and Synthesis Andrey Rybalchenko (Microsoft Research) September 30, 2015 1 / 32 Programs vs/as Equations Execution of rule-based programs Solving of equations in form of

996 views • 44 slides
VIRTUAL CONFERENCE ictcm.com | #ICTCM Co-Requisites: How To Be The Fairy Godmother, Not The Evil

VIRTUAL CONFERENCE ictcm.com | #ICTCM Co-Requisites: How To Be The Fairy Godmother, Not The Evil

32 nd International Conference on Technology in Collegiate Mathematics VIRTUAL CONFERENCE ictcm.com | #ICTCM Co-Requisites: How To Be The Fairy Godmother, Not The Evil StepMother Tracy Zanolini tracy.zanolini@rccc.edu Kelly Lowman

572 views • 21 slides
Empirical Studies & Domain Experts Alark Joshi Visualization and Graphics Lab

Empirical Studies & Domain Experts Alark Joshi Visualization and Graphics Lab

Empirical Studies & Domain Experts Alark Joshi Visualization and Graphics Lab vgl.cs.usfca.edu Empirical Studies } Empirical - originating in or based on observation or experience } Share my experience of working with domain experts } Tool

314 views • 13 slides
Conflict of Interest When to Consider Antiarrhythmic Drugs vs Catheter Ablation Consultant:

Conflict of Interest When to Consider Antiarrhythmic Drugs vs Catheter Ablation Consultant:

8/9/2016 Conflict of Interest When to Consider Antiarrhythmic Drugs vs Catheter Ablation Consultant: Medtronic; Abbott EP; Stereotaxis; CardioNet Board of Directors: Stereotaxis Eric N Prystowsky, MD Director, Cardiac Arrhythmia

656 views • 7 slides
Updated 5/12/2020 Agenda & Panelists Panelists: Introductions Latest numbers Andrew

Updated 5/12/2020 Agenda & Panelists Panelists: Introductions Latest numbers Andrew

Coronavirus Updates for Virtua Health Affiliated Practices Webinar #12 Updated 5/12/2020 Agenda & Panelists Panelists: Introductions Latest numbers Andrew Cohen, MD Medical Director VPP, LHN Tarun Kapoor, MD President, VPP

398 views • 24 slides
IoT Planning and Deployment Workshop on Rapid Prototyping of Internet of Things Solutions for

IoT Planning and Deployment Workshop on Rapid Prototyping of Internet of Things Solutions for

IoT Planning and Deployment Workshop on Rapid Prototyping of Internet of Things Solutions for Science Trieste, Italy January 21- February 1, 2019 Ermanno Pietrosemoli Goals Provide some guidance on the many aspects to consider when

555 views • 53 slides

More recommend