Upload
return-path
View
186
Download
0
Embed Size (px)
DESCRIPTION
Return Path presentation from eCrime Congress London 2014. This presentation explores: - Defining the “phishing” problem accurately using previously unavailable data & insights. - Understanding the full, enterprise-wide impact of these threats: it is not just a concern for security professionals. - Breaking ties with historical assumptions & solutions: a paradigm shift that will deliver both top- and bottom-line returns. - Making significant leaps forward in combatting email-borne threats at an enterprise-wide level.
Citation preview
The impact of email-borne threats
Why companies should recognise and embrace the need for change.
Phishing Attacks per Year
Source: RSA (2014)
135,426 161,112
205,575
279,580
445,004 448,126
-‐
50,000
100,000
150,000
200,000
250,000
300,000
350,000
400,000
450,000
500,000
2008 2009 2010 2011 2012 2013
Phishing a4acks detected by RSA An?-‐Fraud Command Center
Phishing Campaigns per Year
Source: APWG (2013)
273,831
322,228
383,343
-‐
50,000
100,000
150,000
200,000
250,000
300,000
350,000
400,000
450,000
Year to Sep 2011 Year to Sep 2012 Year to Sep 2013
Phishing campaigns reported by An?-‐Phishing Working Group
Reality Check
Source: APWG (2013)
-‐
10,000
20,000
30,000
40,000
50,000
60,000
70,000
Jan-‐11 Apr-‐11 Jul-‐11 Oct-‐11 Jan-‐12 Apr-‐12 Jul-‐12 Oct-‐12 Jan-‐13 Apr-‐13 Jul-‐13
Unique phishing campaigns (APWG)
Change in measurement methodology
300% increase
Phishing sites reported to associaCon or vendor
Phishing sites reported to other bodies
Phishing sites not reported
Phishing emails sent
Other email-‐borne threats
The Thin End of the Wedge
Why is Accurate Measurement Important?
“To measure is to know… If you cannot measure it, you cannot improve it.”
Lord Kelvin
New measurement
Upstream ISPs
Getting Upstream for Accurate Measurement
Current measurement
Downstream vendors
Data filters
Fuller picture
Upstream insights
Full Spectrum of Email Threats
Unaffiliated Domain Threats
Direct Domain Threats
Look-a-like Domains
Subdomains of Another Domain
Different Brands’ Domains
Unaffiliated Domains
Generic Domains
Active Emailing Domains
Non-Sending Domains
Defensively Registered Domains
• 3 dimensions of email threats: • Nature of threat • Size of attack • Efficacy
• Combinations determine impact • All data points available
upstream
3D Vision
Nature of threat
Size of attack Efficacy
1st Dimension: Nature of Threat
Phishing (Direct Domain Threat)
419 (Unaffiliated Domain Threat)
1st Dimension: Nature of Threat
Malware (Direct or Unaffiliated Domain Threat?)
Malware (Direct Domain Threat)
1st Dimension: Nature of Threat
Credit score spam (Direct Domain Threat)
Pharma spam (Unaffiliated Domain Threat)
• Different scams will concern different departments • Prioritise based on impact to organisation • Different threats have different remedies
1st Dimension: Why Differentiate?
2nd Dimension: Attack Size
• Getting upstream enables us to see how many emails were sent in a given attack
• Quantify risks • Prioritise risks • Justify the right investments • Measure ROI
2nd Dimension: Why Measure Attack Size?
3rd Dimension: Efficacy
Users decide what is good and what is bad, but don’t always get it right…
ISPs decide what is good and what is bad, but don’t always get it right…
Phishing
Phishing
Legitimate
Phishing
Phishing
3rd Dimension: Efficacy
Lots of inbox noise on a daily basis What happens today will affect what happens tomorrow
• Quantify impact • Prioritise risks • Justify the right investments • Measure ROI
3rd Dimension: Why Measure Efficacy?
• Upstream data enables accurate risk assessment • Downstream metrics are inadequate:
• No visibility into size of attack • No visibility into efficacy
The Benefits of 3D Vision
• Upstream data enables us to see true impact
Nature of threat
Size of attack Efficacy
• Fraud losses • Call centre support • Remediation:
• Site shutdown • Reset accounts • Credential recovery • Investigation & reporting
• Malware à secondary losses • Negative publicity
Impact of Attack: Security Perspective
Impact of Attack: Reduced ROI of Email Program
40
50
60
70
80
90
100
11-‐Nov 12-‐Nov 13-‐Nov 14-‐Nov 15-‐Nov 16-‐Nov 17-‐Nov 18-‐Nov 19-‐Nov 20-‐Nov 21-‐Nov 22-‐Nov
Inbox rates for "good" emails sent from hijacked brand (%)
Attack start Attack end
90% average
58% low
32% drop
What can you do …
• Build partnership plan between Security and Marketing • Gain visibility into full spectrum of email threats • Leverage latest technologies to:
• Develop a holistic view of detection • Proactively block fraudulent messages • Increase the ROI on existing solutions
3-Step Plan to Effectively Manage Risk
Conclusions …
• Old metrics are inadequate and incomplete • New technologies offer “3D vision” • It is not just a security concern … it must be enterprise-wide • New technologies:
• Reduce fraud • Improve performance of email programs
Conclusions
Ken Takahashi General Manager, Anti-Phishing Solutions Return Path [email protected] www.returnpath.com/security +44 (0)845 002 0006
Thank you