I Spy a Spy: Degrading Advanced Phishing Campaigns Against Your Organization and Clients

Presented at ShmooCon 2023, Jan. 21, 2023, 5 p.m. (30 minutes)

Modern phishing attackers, using frameworks such as Evilginx2, Ex-Robotos, and Kr3pto, are defeating multi-factor authentication implementations. Defenders are stuck in a reactive mode, spending cycles resetting accounts, writing emails to lawyers hoping for takedowns, and praying for IT to update conditional access policies.

In this session, I will outline defensive techniques utilizing honey data and standard logging to detect and minimize the effects of these modern phishing attacks. These techniques will be shown in four phases and have applicability to large and small organizations. I will also detail the metrics for success that can be used to show degradation of phishing campaigns against not only your enterprise but to your clients, vendors, and potential consumers.

Presenters:

• Joe Oney
  Joe Oney (@JoeOney) serves as an intelligence consultant with Nisos where he conducts technical research on adversaries targeting F500 enterprise and public sector entities. The threats range from nation-state adversaries, fraud, disinformation, and threats to executives. Prior to Nisos he led security operations for the global law firm Hogan Lovells and UPS where he focused on detection engineering, intrusion prevention, and controls based on intelligence requirements. Joe has also served in the military since 2003 as a weatherman, cryptologic analyst, and Russian linguist.

Similar Presentations:

• THOTCON 0x5 (2014) / Phishing Frenzy: 7 seconds from hook to sinker
• DerbyCon 3.0 All in the Family (2013) / Phishing Like The Pros
• DerbyCon 3.0 All in the Family (2013) / Phishing Frenzy: 7 seconds from hook to sinker