The Art of Phishing : What you should know Arvind Vishwakarma - - PowerPoint PPT Presentation

the art of phishing what you should know
SMART_READER_LITE
LIVE PREVIEW

The Art of Phishing : What you should know Arvind Vishwakarma - - PowerPoint PPT Presentation

Oct 04, 2023 236 likes •483 views

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing In a Nutshell 2. Phishing Types & Techniques 3. Phishing Stats & Modern Trends 4. Case-Study 5. Stay Safe 2 Speaker ABOUT ME

slide-1
SLIDE 1

The Art of Phishing : What you should know

Arvind Vishwakarma

05/24/2019

slide-2
SLIDE 2

Agenda

2

  • 1. Phishing – In a Nutshell
  • 2. Phishing – Types & Techniques
  • 3. Phishing – Stats & Modern Trends
  • 4. Case-Study
  • 5. Stay Safe
slide-3
SLIDE 3

3

Speaker

Arvind Vishwakarma

Penetration Tester

Insert speaker image here ABOUT ME

  • Penetration Tester with 7 years of Experience
  • Currently working with Rapid7 - Singapore

KEY AREAS OF INTEREST

  • Penetration Testing (Network & Web Apps)
  • Social Engineering (Electronic)
  • Internet of Things

BLOGS & PUBLICATIONS

  • http://resources.infosecinstitute.com/author/arvindvishwakarma

TWITTER

  • Find_Arvind
slide-4
SLIDE 4

4

Phishing - In a Nutshell

*Image Source: cio.com

slide-5
SLIDE 5

Types of Phishing Attacks

5

Spear Phishing ★Targeting specific group of individuals & companies. ★General background information is collected to make emails specific. ★Example: EPF Attack (https://www.eff.org/deeplinks/2015/08/new-spear-

phishing-campaign-pretends-be-eff)

Whale Phishing ★Targeting specific Individuals. ★Intensive research is done to collect specific information related to individuals

roles.

★Example: SnapChat Attack

(https://searchsecurity.techtarget.com/definition/whaling)

Clone Phishing ★Cloning legitimate emails received by the victims ★Legitimate links and attachments are replaced with malicious one’s

slide-6
SLIDE 6

Common Phishing Techniques

6

★Making a malicious URL appear as an authentic

URL.

★Example:

Authentic URL thelegitbank.com vs. Shady URL theleg1tbank.com

Link Spoofing

★Spoofing a website to make it appear as

legitimate, authentic site using javascript and flash.

★Examples: Spoofed websites msfirefox.com &

msfirefox.net

Website Spoofing

★Forcibly redirecting users to attacker controlled

websites.

★Examples: Compromising websites and placing

code in them to redirect to malicious sites.

Malicious Redirects

slide-7
SLIDE 7

Phishing - Stats

7

Sources: Verizon DBR-2018, PhishMe Stats, CSO Online, Check-Point Research, Rapid7 QTR

90% of Security Incident breaches include a phishing elements 92% of Malware spreads through Phishing 98% Social Media ATO are through Phishing 76% Org’s reported they experienced phishing attacks 91% Cyberattacks start with Phishing

slide-8
SLIDE 8

Phishing – Modern Trends

8

Image Source: https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/

Phishing sites now use legitimate HTTPS

slide-9
SLIDE 9

Phishing – Modern Trends

9

SAAS Providers are now targeted for Phishing

slide-10
SLIDE 10

Phishing – Modern Trends

10

Image source: https://www.forbes.com/sites/forbestechcouncil/2019/01/10/four-phishing-attack-trends-to-look-out- for-in-2019/#3a106a824ec2

File-less Phishing attacks

slide-11
SLIDE 11

Phishing – Modern Trends

11

Image Source: https://www.microsoft.com/security/blog/2017/01/26/phishers-unleash-simple-but-effective-social- engineering-techniques-using-pdf-attachments/

Phishing inside Shared Folders.

slide-12
SLIDE 12

Phishing – Modern Trends

12

Source: https://www.channelnewsasia.com/news/singapore/phishing-scam-dbs-posb-customers-fake-sms- police-10957456

SMS-Phishing – Using cell phone text messages to deliver the bait to induce people

slide-13
SLIDE 13

Phishing – Modern Trends

13

Image source: http://www.carmelowalsh.com/2015/07/phishing-and-vishing-attacks-are-up/

Vishing – Voice Phishing carried

  • ut through phone-

calls

slide-14
SLIDE 14

14

Phishing Attacks : Case Study

14

Study the Target Select Phishing Site Create Phishing Email Sent Phishing Email Capture Credentials / Execute Code

slide-15
SLIDE 15

15

Phishing Attacks : Case Study

Step 1: Attacker studies the Target Organization (Eg: Rapid7)

  • Public Facing Domains
  • Looks for Corporate Website, Webmail, VPN Login Pages, Customer Portals, File Transfer Portals

etc.

  • Gathers Information about the Domain he chooses to target.
  • Employee Data
  • Gathers Employee Email-ids (through LinkedIn, Hunter.io, Data.com etc.)
  • Generates a list of Email-Ids for the attack.

15

slide-16
SLIDE 16

16

Phishing Attacks : Case Study

Step 2: Selects the Target Domain

  • Attacker chooses a File Transfer Portal

(insight.rapid7.com)

  • Registers fake domain –

(insight-rapid7.com)

  • Categorizes the Domains to bypass

filtering

16

slide-17
SLIDE 17

17

Phishing Attacks : Case Study

Step 3: Attacker creates Phishing Email (Pretext)

Pretexting is the process of using the collected information to craft a realistic communication to the target that is believable enough to get them to act upon it.

  • Builds the pretext around the public facing file transfer portal.
  • For example: Sending an email that an invoice has been submitted through the File transfer portal.
  • Employee Appraisal Letters, Compensation letters, Tax Letters.
  • Creating a sense of urgency or fear.
  • Personalizing the Pretext

17

slide-18
SLIDE 18

18

Phishing Attacks : Case Study

Step 4 - Phishing Email Sent

18

Phishing mail with the phishing link.

slide-19
SLIDE 19

19

Phishing Attacks : Case Study

Step 5: Capturing Credentials

Victim clicks on the phishing link and is redirected to the login portal

19

Attacker captures Credentials

slide-20
SLIDE 20

20

Phishing Attacks : Case Study

Attacker sets up Phishing Redirection

  • Capturing the Credentials
  • Clones the Original file transfer portal to capture user credentials
  • Redirects to the payload hosted on the domain after capturing the user credentials
  • Executing the Payload
  • Payloads drops on the systems and executes.
  • Attacker gets a connection back from the payload on his CC Server.

20

slide-21
SLIDE 21

21

Phishing Attacks : Case Study

Step 5: Payload drops on the target system

21

slide-22
SLIDE 22

22

Phishing Attacks : Case Study

A Word on Payloads

Delivering a malicious payload via a phishing email is the most and direct reliable way to get attackers code executed on a victims machine.

  • Malicious payloads are sent as attachments (For example: HTA, Clikckonce, LNK)
  • Payloads are embedded in form of macros in office documents.
  • Attackers are making stealthier payloads using obfuscation techniques, adding

sandbox checks etc.

  • Tools like unicorn, sharpshooter, veil etc. all aid in making good payloads

22

slide-23
SLIDE 23

Phishing – Stay Safe

23

Be Proactive – Educate yourself Think twice before giving PII or Financial Info Enable 2 Factor Authentication Report Phishing Emails Conduct Awareness Training Conduct Phishing Simulations

slide-24
SLIDE 24

Thank You.

Email apacsales@rapid7.com Visit http://rapid7.com