Make Email Great Again – Lessons Learned from a Year of Malicious Emails

Presented at Wild West Hackin' Fest 2017, Oct. 28, 2017, 2:20 p.m. (45 minutes).

Email is a large threat vector for many organizations. This is an area that could allow any outside entity to communicate directly with employees. Two of the most common attacks are phishing and malicious content delivery. Phishing is an attempt to capture a victim’s credentials or information that could lead to a system compromise or data leakage. Malicious content delivery, on the other hand, is a way for an attacker to send the victim an email with a malicious email attachment or link that could potentially compromise the victim’s system. In an effort to combat this attack vector a process was designed to annihilate emails that contained such threats. Emails that get reported are analyzed to determine which comprise of threats. Emails containing threats are eradicated, whereas benign emails are silently disregarded. The whole process and life cycle of the malicious emails were documented in way to show the efficiency of the process and are detailed to get a full understanding of this attack vector. The metrics that will be mentioned are from reported malicious emails, which is a good start to understanding how defenses could be implemented or improved against the email threat vector. The talk will emphasize the whole process from emails that get reported, to the analysis, and to the remediation of threats. This talk will also mention the various techniques to prevent compromises from malicious office documents and other dangerous attachments.


Presenters:

  • Nicholas Penning - BIT SD
    Born and raised in Hulett, Wyoming. Dakota State University Graduate (B.S. Computer and Network Security, M.S. Information Assurance [Cyber Security Spec]). Employed at State of South Dakota Bureau of Information and Telecommunications as a Security Technology Engineer. Typically wear multiple hats that range from malware/threat analysis to engineering effective security controls. Enjoys long distance running and competing in 5K-Marathon races.

Links:

Similar Presentations: