Phishing for Funds: Understanding Business Email Compromise

Presented at Black Hat Asia 2017, March 30, 2017, 11:45 a.m. (60 minutes)

Business Email Compromise (aka CEO fraud) is a rapidly expanding cybercrime in which reported cases jumped 1300% from 2015 to 2016. This financial fraud scheme can target any market segment or organization regardless of size. Thousands of organizations from more than 100 countries have reported losses. The reasons for this surge is simple - it makes money. Over 3 billion dollars in losses have been reported. It is reasonable to assume that the actual impact could be much larger.<br> <br> In most cases, Business Email Compromise is a highly targeted attack that starts with significant reconnaissance. Attackers take time to understand the target organization's people and processes. These precise email attacks often get past traditional spam filters and will have the look and feel of a legitimate correspondence. <br> <br> This talk will cover the attacker methodology and how to defend against the various techniques commonly used by attackers including: sender address spoofing and reply-to alteration, domain impersonation, account compromise, open email relay abuse and end point compromise. <br> <br> In order to be successful, this attack requires that security controls associated with people, processes and technology all fail. Keep any one of these strong and the likelihood of a successful attack drops significantly. Defenders can employee technical controls to stop certain types of fraudulent email, build robust business processes that interrupt the exploitation or raise user awareness, so they know when to raise an alarm.<br> <br> When something does get through, and it will, knowing how to respond can make all the difference and that will also be discussed.

Presenters:

• Keith Turpin - Chief Information Security Officer (CISO), Universal Weather and Aviation
  Keith Turpin is the Chief Information Security Officer (CISO) at Universal Weather and Aviation, a billion dollar, international aviation services company that operates 50 locations in 20 countries. He oversees all aspects of information security including strategy, policy, risk management, incidence response, vulnerability analysis, access management and security training. He also leads global IT infrastructure services including: Networking, Telecommunications, Server Infrastructure and Endpoint Management. Prior to Universal Weather and Aviation, Keith served as a cyber security Technical Fellow at The Boeing Company where he led Application Security Assessments, International IT Security Operations and Supply Chain Security. Keith has made several industry contributions including serving as a United States delegate to the International Standards Organization's (ISO) Cyber Security Sub-Committee, creating best practices as a contributor to the Open Trusted Technology Provider Framework (O-TTPF™), and leading the OWASP Secure Coding Practices project. Keith holds a MS in Computer Systems and a BS in Mechanical Engineering.

Links:

• https://www.blackhat.com/asia-17/briefings/schedule/#phishing-for-funds-understanding-business-email-compromise-5255
• https://www.youtube.com/watch?v=_gk4i33lriY

Similar Presentations:

• Still Hacking Anyway (SHA2017) / Parkour communications: How you can communicate, free running style, using nothing but the 'fixtures' of the Internet.
• Black Hat Asia 2021 Virtual / Threat Hunting in Active Directory Environment
• Black Hat USA 2020 Virtual / You have No Idea Who Sent that Email: 18 Attacks on Email Sender Authentication