1 / 15

Automated Targeted Attacks

ITU Workshop on “ Countering and Combating Spam ” (Durban, South Africa, 8 July 2013). Automated Targeted Attacks. Alexandru Catalin Cosoi, Chief Security Strategist, Bitdefender acosoi@bitdefender.com. Spam Breakdown by Type. Attachments Breakdown by Type. MiniDuke attack.

gerd
Download Presentation

Automated Targeted Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITU Workshop on “Countering and Combating Spam” (Durban, South Africa, 8 July 2013) Automated Targeted Attacks Alexandru Catalin Cosoi, Chief Security Strategist, Bitdefender acosoi@bitdefender.com

  2. Spam Breakdown by Type

  3. Attachments Breakdown by Type

  4. MiniDuke attack

  5. Antispam Tech Maturity

  6. Questions • What is your name or nickname? • What are your interests? • Who do you work for? • Who are your friends/colleagues? • What is you job title? • Who is you manager/CEO/director? • Who are your family members? • Are you married? With whom?

  7. Our Online Identity

  8. Google Search

  9. 123people.com search

  10. Pipl.com search

  11. After 3 searches • Name: Alexandru Catalin Cosoi • Company: Bitdefender • Job Title: Chief Security Strategist • Email: acosoi@bitdefender.com • Social media accounts: all, including LinkedIn profile and foursquare checkins • Wife’s email address

  12. Example Dear Alexandru Cosoi, We tried contacting your wife Carmen in regard to participation to the 19th Annual Conference of [whatever]. Is [wife’s email] her correct email address? Can you please forward the attached PDF with the official invite?

  13. Conclusions • Social engineering works. • Social engineering can be automated • We need to understand the addiction to social networks and the fact that users will post information about themselves online • Education can work. It’s our duty to educate both users and employees about social engineering and how their own data can turn against them.

  14. More Conclusions • Spam content will become personal and unique • Content filtering technologies will start having a hard time detecting all samples • Users might consider antispam filters when detecting highly social engineered spam messages

  15. Questions? www.bitdefender.com acosoi@bitdefender.com

More Related