Phishing -Single Biggest Threat

harshaun , ,

phish_24Have you or any of your client have received a suspicious,phishing , scam or a malicious email.The answer would be YES .Today no matter who you are or what you manage , Phishing is the single biggest threat to internet.It has brought big Organizations,Governments down and has always been linked to Ransomware and Data infiltration and what not.In this article we would be covering on how to effectively respond to a phishing threat/incident ,what procedures can be adopted and what open source intelligence can be used so as to enhance your cyber security incident response so as to effectively respond to this threat.We would be discussing about what the Threat Actors are after,What is important to them and what you can do to stop the chain of events.We would not dwell more into definition but into how to respond to them and what tactics can be applied.

What is this Threat?– Phishing is misrepresentation where the criminal uses social engineering to appear as a trusted identity.Phishing can basically result to Credential Theft and normally act as an initial point or entry point for further attacks which result to Brand Damage , Malware attacks and data ex filtration using RAT’S and all.

How to spot a phishanatomy_of_phishingFraudulent emails typically asks to Open an attachment or Click on a suspicious link ,Hence redirecting you to a malicious site and Asking to input personal information or emails too good to be true for example you have won a lottery or you have won a jackpot or a threat email to pay ransom.

 

Need of the hour-Defense in Depth-We can never rely on a single tool or security control to tackle this issue.The moment an email hits the organization it should be going through various filters before reaching the end users including Spam Filters,Live scanning of files and malicious url’s ex-Performed by Fireeye ETP for detecting Zero day attacks Apart from various other controls such as office 365 spam filters Mcafee plugins for Microsoft office and etc. In order to contain the Phishing related incidents a human plays the most important role by acting as a human shield against the Threat Actors there by reporting the Suspicious emails to their cyber security teams.

Different Types of Block Controls that can be placed in an organization –

  1. Firewall URL Filtering-Next Generation Firewalls(PAN’S etc) Siteadvisor
  2. Plugins in Browser-Mcafee Site Advisor Enterprise and etc .
  3. Spam/Malicious Email Filters-To protect against spam mails, spam filters can be used. Generally, the filters assess the origin of the message, the software used to send the message, and the appearance of the message to determine if it’s spam. Occasionally, spam filters may even block emails from legitimate sources, so it isn’t always 100% accurate and should be analyzed.
  4. Banks and financial organizations use monitoring systems to prevent phishing. Individuals can report phishing to industry groups where legal actions can be taken against these fraudulent websites. Organizations should provide security awareness training to employees to recognize the risks.

How to Test the Attachments or Downloads-You can use online sandboxes for these kind of scenarios.They will provide the following artifacts-Registry changes/newly created,Network activity(cnc calls ,dns lookups),File created,Processes spawned and file Hashes.Some of the online sandboxes include Hybrid Analysis , Any Run or you can setup your own cuckoo sandbox.

Here i am sharing the links of some of the Open source intelligence resources which can help you while performing your analysis.Go through all of them in order to check various features and analysis being offered by them including Dynamic Malware analysis,url reputation check,Domain Health check and Email Header Analysis.