#### BC Security Day 2019 ###### November 2019 ----- ### Agenda ##### • Proofpoint/Change Champions – Who Are We? • Latest Global Threat Landscape Overview • Mr. Potato Head!!! • What Do They Want From Me? • Recommendations To Stay Safe ----- ## Overview ###### The leader in protecting people from advanced threats and compliance risk The most trusted Seamless integration partner to protect the with other next gen leading threat vector leaders # #1 ###### Most deployed solution Gartner Leader 128 of 144 for the Fortune 100 Sim &Training Global ISP’s # #1 ###### Most deployed solution for the Fortune 1000 Consumer Unparalled visibility into Phishing Threats Email visibility # #1 ###### Most deployed solution for the Global 2000 ----- ## Security Awareness Programs ###### Award-winning programs Our cybersecurity awareness programs have received awards and are used by some of Canada’s and the world’s leading organizations. Experts in change. We are a team of change managers, communication experts, organizational psychologists, and trainers with a particular interest in IT security. Behavioral change is where we live. ###### Customization that works We know that each client is unique, which is why we tailor our program to meet the different needs of your organization. Proven approach and cost-effective option. Our repeatable approach and experience allow us to onboard fast and have your program off the ground in a matter of weeks and with less than one FTE of effort. ----- ## Global Threat Trends ----- ##### Global Threat Landscape ----- ##### Email Threat Landscape by Actor ----- ##### Email Threat Landscape by Exploit Type ----- ##### Attacks increasingly target people, not infrastructure ###### THREATS USE SOCIAL ENGINEERING, NOT VULNERABILITIES #### 99%+ ###### Malware attacks rely on user to run malicious code #### 300%+ ###### Increase in corporate credential phishing Source: Proofpoint Threat Data. ###### SHIFT TO CLOUD CREATES NEW THREAT VECTORS, DATA EXPOSURE Account takeover of cloud apps is a growing problem Orgs exposed to targeted attacks #### 63% ###### Orgs detected successful breach #### 37% Source: Proofpoint Threat Data. ###### EMAIL FRAUD IS A BOARD-LEVEL ISSUE #### $12.5B+ ###### Direct losses worldwide (Oct 2013–May 2018) #### 78,617 ###### Incidents worldwide Source: FBI. ----- ## Attack Structures…. ----- ----- ###### Attachment ###### Script Exploit File Download ###### Email ###### Link Malicious Website ###### Stolen Credentials Malware ----- ###### Attachment ###### Script Exploit File Download ###### Email ###### Link Malicious Website ###### Stolen Credentials Malware ----- ###### Attachment ###### Script Exploit File Download ###### Email ###### Link Malicious Website ###### Stolen Credentials Malware ----- ###### Attachment ###### Script Exploit File Download ###### Email ###### Link Malicious Website ###### Stolen Credentials Malware ----- ###### Attachment ###### Script Exploit File Download ###### Email ###### Link Malicious Website ###### Stolen Credentials Malware ----- ###### Attachment ###### Script Exploit File Download ###### Email ###### Link Malicious Website ###### Stolen Credentials Malware ----- ###### Attachment ###### Script Exploit File Download ###### Email ###### Link Malicious Website ###### Stolen Credentials Malware ----- ###### Attachment ###### Script Exploit File Download ###### Email ###### Link Malicious Website ###### Stolen Credentials Malware ----- ----- ## What do they want…. ----- ##### Canada Targeting ###### • Actors Targeting Canada – TA516 [SmokingDro] - Very diverse actor who uses a variety of malware with pretty rudimentary tactics - Has recently been delivering Remocs - Exclusively using Password Protected docs since Augus – TA564 [Captain Cha] - Originally found them targeting Poland, its been all Canada since March - Performs Geogating - Delivered Nymaim to Poland and Danabot to Canada – TA543 [Sagrid] - General Spammer/Trafficker - Deals in Ransomwares, Bankers, Loaders – TA545 [AirCanada] - Mainly targets Canada, sometimes Australia - Mainly delivers Stealers ZeroEvil and ARS this year – Seen delivering Meterpreter, QuesarRAT, AZORult, Panda Banker ###### • Targeted Brands – AirCanada – Bank of Montreal – Canada Post – Coast Capital Savings – Interac – Royal Bank of Canada – Government of Canada ----- ##### TA564 ----- ##### Credential harvesting ###### • A single employee disclosing username and password was enough to spread the attack​ • With access to our customer’s user accounts, the attackers sent several massive phishing attacks from the compromised accounts​ making it harder for employees to recognize the attack since it was coming from a “real” email address​ • The attack then spread through our environment ----- ##### Spear-phishing ###### • Targeted phishing attempt carefully designed to trick the regional VP Finance to execute on a payment from on behalf of customer “CEO”​ • Customer domain spoofed to look very similar to customer email address and use of real emails • Invoice had accurate details and email chain created a compelling story • Attack could have costed our customer USD 292,000 ----- ##### Payroll scam ###### • Attempt to get payroll at customer to change “employee” direct deposit account • Email sent from “employee’s” personal email to HR manager and, indirectly, to payroll administrator • Employee happened to be a general manager ----- ## Recommendations ----- ##### Be cyber-aware ###### • Security is no longer just about technology • We all have an important role in securing our personal and work-related data ----- ##### Protect your inbox ###### • Beware of senders you don’t know • Hover over links before clicking • Don’t open attachments • Report suspicious email ----- ##### Protect your identity ###### • Make your password difficult to guess – passphrases are a great option • Consider a password manager (LastPass, Password Safe, and KeePass are some options) • Enable multifactor authentication ----- ##### Protect your information ###### • Don’t use USBs or other external devices • Leverage cloud storage solutions when possible • Manage permissions and expiration date ----- ##### Protect your device ###### • Check with your internet provider for free firewall and antivirus • Ensure all software is up to date • Limit data tracking • Back up your data ----- -----