2,000 reactions to a malware attack - accidental study

Presented at VB2019, Oct. 4, 2019, 9:30 a.m. (30 minutes)

Being a cybercrime journalist and researcher has some accidental side-effects, like being targeted by cybercriminals themselves. A few months ago, some malware spammers described previously on my blog decided to manifest their gratitude by putting my private email address in the "reply-to" field of a malware email campaign. As a result, I got about 2,000 unsolicited answers from campaign targets, mostly unaware that they were not contacting the real sender of those malicious messages. Many of them were actually totally unaware that the message they had received was fake and contained malware. Some even asked me to resend the malware as it was blocked by their AV product. Despite dealing with cybercrime victims daily for the last seven years I was surprised by most of the reactions and realized how little we, as the security industry, know about the average Internet user's ability (or rather inability) to identify threats online. I read those 2,000 messages, analysed and classified victims' answers and wanted to share my findings. The key takeaway - we have to train users, but at the same time we shouldn't count on them properly reacting to Internet threats. We need to build solutions that will protect the users, without their knowledge, sometimes against their will, from their ability to hurt themselves in the worst possible way.


Presenters:

  • Adam HaertlĂ© - BadCyber.com / ZaufanaTrzeciaStrona.pl   as Adam Haertle
    Adam Haertle Until recently CSO of a large polish telecommunications company, currently Editor in Chief of an infosec portal, journalist, researcher, lecturer and trainer. Spends multiple hours every day reading all infosec news and trying to explain security to regular people and those in the industry who do not have the time or patience to read the lengthy reports. Obscure papers and blog entries in forgotten languages. Favourite Google query: "how to quit vi".

Links:

Similar Presentations: