Upload
others
View
4
Download
2
Embed Size (px)
Citation preview
DETECT MONITORING SERVICE AND THE ART OF RAPIDLY DETECTING AND ELIMINATING PHISHING THREATS
Summary As it is often stated, time is money, and this is above all true when it comes to online fraud. It is no secret that the longer a phishing attack stays live the more losses accumulate, often exponentially. Therefore, it is a business imperative to quickly identify and eliminate these threats. As phishing attacks become more sophisticated, it has never been more important to employ solutions that have proven track records of preventing fraud. Detect Monitoring Service (DMS) from Easy Solutions is a product that has consistently, year over year, detected and eliminated phishing attacks at industry leading rates, saving businesses time, but most importantly money.
TABLE OF CONTENTS
The Costly Progression of Phishing Attacks
The Evolution of Phishing Attacks
Approaches to Combat Phishing
1
2
3
4
w w w . e a s y s o l . n e t2
Detect Monitoring Service from Easy Solutions: An Innovative Approach to Proactively Eliminate Phishing Attacks
Phishing attacks escalate exponentially, attempting to rapidly trick as many users as possible before
takedown. It is critical to quickly detect and eliminate threats before losses accumulate.
Phishing has a rich history dating back to AOL in the 1990s, however it is now a much more
sophisticated process. In addition to top brands, phishers have branched out to include school
districts, hospitals, insurance companies, governments, and even online security vendors as
potential targets.
An analysis of the current anti-phishing solution landscape, which includes email filters, spam feeds,
domain registration monitoring, internet scanning, education, and browsing tools.
An introduction to Detect Monitoring Service (DMS) from Easy Solutions. Discover the methodology
of DMS along with its proven historical results, established Return on Investment (ROI), and new
extended features such as Brand Intelligence and Website Defacement Monitoring.
5 About Easy Solutions
Easy Solutions is the only security vendor focused on the comprehensive detection and prevention
of electronic fraud across all devices, channel and clouds.
$0
$5.000
$10.000
$15.000
$20.000
$25.000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
1
2
3
4
5
6
7
9
8
10
0
Total Victims Cumulative CostThe Costly Progression of a Phishing Attack
HOURS
w w w . e a s y s o l . n e t3
1
Time orders events from the past through the present into the future. Every day, businesses use the concept of
time in defining revenue growth. Time is money.
While the time is money dynamic governs businesses, it also dictates the art of phishing. Phishers, just like any
of us, have 24 hours in a day to operate. They identify target brands and unleash swift and prolific attacks to earn
their paychecks. They are acutely aware that the more time their virtual assaults stay active on the net, the
more money they stand to gain.
THE COSTLY PROGRESSIONOF PHISHING ATTACKS
Total email addresses targeted
100,000
% of emails filtered to spam
95% 5000 Reach Inbox
% who open email
50%
2500
% who read email and click
1%
25
Of those who click, % who falls for attack
45%
11.25
Total Victims 11
Average cost per compromised account $ 1,800.00
Personnel costs at institution per hour $ 200.00
-
-
Graph Figures and Assumptions
w w w . e a s y s o l . n e t4
2THE EVOLUTIONOF PHISHING ATTACKS
Phishing has been around since the 1990s and the AOL “You've Got Mail” days. Using the AOL Instant
Messenger and email system, phishers posed as employees and requested that users verify billing information.
Even though these first attacks contained egregious grammatical and spelling errors, many proved successful
because Internet users were so naive at the time. Why wouldn't they be? This was a whole new ballgame.
Fast forward to today and let's examine how the phishing landscape has evolved. While many of the same AOL
principles apply, phishing has become a much more targeted, streamlined and lucrative craft. In fact, there is
now a whole list of specialized phishing attacks.
Spear Phishing Directed at specific individuals or companies
Clone Phishing Uses previously sent legitimate emails but includes malicious attachment
Vishing Attack medium is phone calls
Smishing
Attack medium is text messages
Whaling Directed at senior executives and high profile individuals
Minnowing Directed at kids of senior executives
Pharming Practice of redirecting users to phishing websites
Man-in-the-Middle Active eavesdropping between user and business
Man-in-the-Browser Active content injection between user and host web application
Online criminals are still storming ISPs and email providers, but they are also honing in on financial services and
online shopping sites. This trend is obvious in the following table:
Phishing Terms
w w w . e a s y s o l . n e t5
2THE EVOLUTIONOF PHISHING ATTACKS
Financial Services WebMailers Online Shopping Sites
Company Phishing Websites Company Phishing Websites Company Phishing Websites
PayPal
18947 AOL 1475 Taobao 1691
Wells Fargo
2049
Yahoo
1349
EBay
504
Visa 1661 Hotmail 1205 Amazon 251
Citibank 1628 Gmail 1200 Alibaba 150
Bank of America 1477 Others 188 Littlewoods
MasterCard 968
Chase 656
Bancolombia 369
Natwest 324
Cielo 310
(SOURCE: TrendMicro)
Top Phishing Targeted Brands for December 2012
While the bigger enterprises absorb the main body blows, we have learned that any business is a potential
target. School districts, hospitals, insurance companies, governments, and even online security vendors have
all been victims. We also know that phishing attacks continue to increase, and that phishing attack subject lines
often use a security front to fluster email recipients.
APWG Attack Totals, 2009 - Presents
150.000
100.000
50.000
1H2009
2H2010
2H2009
1H2010
1H2011
2H2011
200.000
1H2012
Top Five Phishing Email Subject Lines
Your account has been accessed by a third party
(Bank Name) Internet Banking Customer Service Message
Security Measures
Verify your activity
Account security notification (Source Websense)
Reported Total Phished Brands in 1H 2012
150
100
50
300
250
200
350
400
450
Jan Feb Mar Apr May Jun
370
392 392
428
400390
w w w . e a s y s o l . n e t6
2THE EVOLUTIONOF PHISHING ATTACKS
Now more advanced phishing techniques are also employed, with cybercriminals using malware to redirect
unsuspecting users to phishing sites. Even when the correct web address is typed into the navigation bar, the
underlying IP address can be tampered with. These more advanced tactics are much more difficult to detect and
eliminate. One thing is certain, phishing attacks are here to stay and cybercriminal tactics will continue to
evolve.
SOURCE: APWG
Email Filters
What
Filter detects certain email characteristics (bulk sending, IP sources, fraudulent email addresses) and sends phishing emails to spam folder
Pros
Can filter high percentage of phishing attacks; easy to deploy
and manage at enterprise level
Cons
Can send
"good" email to spam folder; cannot filter all phishing attacks especially spearphishing; difficult to enforce at end user level
Spam Feeds
What
Vendors get access to and analyze spam folders to detect phishing attacks
Pros
Contain loads
of data and can detect many phishing attacks
Cons
Spam folders do not detect all phishing attacks, especially spearphishing; requires access to numerous spam feeds; may not be real-time
Domain Registration Monitoring
What
Monitors domain status, domain registrar, domain expiration dates and domain name server activity
Pros
Can sometimes anticipate phishing attacks when alerted of domain activity; real-time
Cons
Some phishing attacks targeting your brand may not resemble your domain and thus go unnoticed
Internet Scanning
What
Web crawler programs that methodically monitor the web
Pros
Automated process that covers a lot of ground quickly
Cons
Often low sensitivity levels; may not be performed in real-time due to sheer size of web
Education
What Social engineering assessments using mock phishing attack exercises
Pros Can reduce risk of employees falling victim to phishing attacks dramatically; addresses spearphishing targeting employees
Cons Does not protect end users and spearphishing always a threat
Browsing Tools
What Browser based security plug-in that monitors end user online session
Pros Goes beyond traditional anti-virus technologies; can alert user to phishing attacks in real-time
Cons Requires end user installation, often does not shut down attack which can still affect users without plug-in
w w w . e a s y s o l . n e t7
3APPROACHES TO COMBAT PHISHING
So what can be done? If you have ever
searched “anti-phishing service”, you
probably felt overwhelmed with the results.
Page after page, you see a diverse set of
vendors claiming to be phishing prevention
specialists looking to provoke a mouse click.
Much like many other searches conducted on
the Internet, a thorough analysis is a must to
get past the smoke and mirrors. Once the
dust settles, one will discover that anti-
phishing strategies range from email filtering
to education to Internet scanning. Solutions
come in the form of products or services.
Some vendors tackle phishing for internal employees while other companies address the end user level. Below
is a table that summarizes main strategies.
Strategies to Detect, Prevent and/or Mitigate Phishing Attacks
w w w . e a s y s o l . n e t8
No approach can guarantee a phisher will not hijack a brand, so stick with the golden rule that time is money.
Limit attack uptime and you reduce funds out the door. A service that lauds a fast deactivation time might sound
tempting, but this number refers to the time it takes to shut down a phishing site AFTER it is detected. What
about the time it takes to detect an attack? Take for example an incident that goes unnoticed for the first 60
hours. After detection, it takes 5 hours to deactivate. Easy math shows that the attack had a lifespan of 65 hours.
And while no one is holding a stopwatch once an attack goes live, it is imperative to select a solution that can
demonstrate early detection.
Most of the previously mentioned approaches are reactive, meaning that they spring into action after a
cybercriminal has already formulated and launched an attack. Take for example email filters, sure they do a
great job at filtering most unsophisticated phishing emails to spam, but the fact remains that by the time a
cybercriminal has sent those emails the target website has already been scraped and a counterfeit website is
live online. Spam feeds are another great tool, but again they are reacting to a problem not proactively seeking
out a solution. By the time a phishing email reaches a spam folder, security professionals are already a step
behind.
3APPROACHES TO COMBAT PHISHING
.:: Takedown is Only Part of the Equation
Simply reacting to phishing attacks is a passive approach to combating fraud, and most security executives are
sick of feeling exposed. “A lot of CISO's are tired of always playing defense in the sense of I'm stuck, I'm
vulnerable, I'm visible, and everyone can take shots from me from any direction,” says John Muir managing
director of the Security Innovation Network. Security executives should instead seek out solutions that are
truly proactive, solutions that give them a clear indication of when they are being probed for a possible attack - a
solution like Easy Solutions' Detect Monitoring Service, the most comprehensive monitoring service in the
landscape of online fraud.
.:: Controlling the Field of Attack
Eric Chabrow, “Deciding What Wares to Buy and From Whom,” Bank Information Security, November 8, 2012, <http://www.bankinfosecurity.com/deciding-
what-wares-to-buy-from-whom-a-5275/op-1>
1
1
w w w . e a s y s o l . n e t9
4DETECT MONITORING SERVICE FROM EASY SOLUTIONS:
AN INNOVATIVE APPROACH TO PROACTIVELY ELIMINATE PHISHING ATTACKS
Understanding that time is money for our clients, Easy Solutions' Detect Monitoring Service (DMS) uses a novel,
proactive approach to detect phishing attacks. While DMS utilizes traditional detection avenues such as domain
watching, 3rd party data feeds and secure browsing for evidence of new attacks, it also tactically monitors the
protected client's website. The continuous scrutiny of the protected website is what distances DMS from other
solutions.
DMS monitors every incoming visitor connection to the protected site in real time. A powerful proprietary
statistical correlation engine then qualifies each connection, searching for suspicious activity. Why does this
matter? Because phishers themselves browse websites during the early phase of an attack lifecycle, and DMS
agents are immediately notified. That's right; phishers must first identify brands to target, gather intelligence
and scrape websites before they can launch full-blown attacks. DMS expertly takes advantage of this fact, and
sends alerts when suspicious patterns are detected.
.:: DMS Website Monitoring – How it Works
DMS monitors the website's pulse
Generated Alerts
MonitoredConnections
Mechanisms engaged in DMS website monitoring account for 65% of all attacks detected. What this
underscores is that DMS website monitoring plays a critical role in curbing attacks. In 2012, the DMS team was
able to proactively detect 71% of phishing attacks, meaning they found them before a client or their customers
were even aware an attack existed. Once an attack is detected, DMS averages an industry best 3.6 hours to shut
it down. Only by optimizing both detection and shutdown times will phishers be deterred from attacking your
brand. In the perennial tug of war battle, enterprises with DMS start to pull away while phishers surrender and
find easier replacement targets.
w w w . e a s y s o l . n e t10
When the DMS agents receive alerts, they instantly investigate and track ensuing activity. When and if an attack
actually goes live, prepared agents work 24x7x365 to quickly shut it down. All steps of the pursuit - from initial
detection to final shutdown - are detailed in the cloud-based customer portal. Executive, technical and incident
reports are all available.
.:: What Happens Next
4DETECT MONITORING SERVICE FROM EASY SOLUTIONS:
AN INNOVATIVE APPROACH TO PROACTIVELY ELIMINATE PHISHING ATTACKS
*Anti-Phishing Working Group 2H 2010
Average Time to Shutdown Phishing Site
EasySolutions 3.6 Hours
Global*
23.2 Hours
5 10 20 30
*APWG - 1H 2012
.:: Proven Results and ROI
Number of Phishing Attacks per Month
Jan
150
100
50
Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
300
250
200
350
w w w . e a s y s o l . n e t11
Example of a new DMS client's attack profile. Phishing attacks dramatically reduce throughout the
year due to optimized detection and shutdown times. Phishers become frustrated with brief attack
lifespans and move to other targets.
4DETECT MONITORING SERVICE FROM EASY SOLUTIONS:
AN INNOVATIVE APPROACH TO PROACTIVELY ELIMINATE PHISHING ATTACKS
w w w . e a s y s o l . n e t12
$0
$5.000
$10.000
$15.000
$20.000
$25.000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
1
2
3
4
5
6
7
9
8
10
0
Total Vicitms Cumulative CostDetect Monitoring Service ROI
HOURS
Aside from phishing, DMS is stacked with additional layers of protection. DMS monitors the website for
defacement, availability and DDoS attacks. Both the SSL Certificate and DNS are continuously watched and
validated. Branding alerts are generated when the protected business is mentioned in social media such as
forums, blogs and Twitter. All of these features are managed in the cloud based portal and make DMS the most
powerful fraud mitigation service in the industry.
.:: Detect Monitoring Service Extended Features
4DETECT MONITORING SERVICE FROM EASY SOLUTIONS:
AN INNOVATIVE APPROACH TO PROACTIVELY ELIMINATE PHISHING ATTACKS
Industry average to shutdown attack is 23 hoursDMS saves $17K on
average per attack
DMS shuts down attack in 3.6 hours
w w w . e a s y s o l . n e t13
The days of wasting time before reacting to phishing attacks are over. DMS provides security professionals a
powerful tool to monitor their website and transactional pages for suspicious activity in real time. This ability
coupled with industry leading attack takedown times all managed from an easy to access cloud based portal
clearly make DMS the strongest fraud monitoring tool available. DMS is a powerful component in the Easy
Solutions Total Fraud Protection® strategy: A multi-layered approach which posits that there is no one single
silver bullet solution for all electronic fraud problems, but rather a variety of solutions that seek to
systematically thwart fraud across different transactional channels and at any stage of a fraud incident. This
cutting-edge, holistic strategy includes different products offering services related to phishing and pharming
prevention, multi-factor authentication, and the detection of anomalous transactions.
.:: Detect Monitoring Service in Total Fraud Protection®
4DETECT MONITORING SERVICE FROM EASY SOLUTIONS:
AN INNOVATIVE APPROACH TO PROACTIVELY ELIMINATE PHISHING ATTACKS
Social
DMS Cloud-Based Monitoring and Management
SSL DDoS &Defacement Mobile App
Phishing Pharming/DNS Malware
ABOUT
EASY SOLUTIONS
5
w w w . e a s y s o l . n e t14
Copyright ©2013 Easy Solutions, Inc. All rights reserved worldwide. Easy Solutions, the Easy Solutions logo, DetectID, DetectID in the Cloud, DetectID in the Cloud for SugarCRM , DetecTA, DetectCA, DetectID Web Authenticator, Total Fraud Protection, Detect Safe Browsing, Detect ATM, Detect Monitoring Service, Detect Vulnerability Scanning Service, Detect Social Engineering Assessment, Protect Your Business and Detect Professional Services are either registered trademarks or trademarks of Easy Solutions, Inc. All other trademarks are property of their respective owners. Specifications and content in this document are subject to change without notice.
Easy Solutions in the only security vendor focused on the comprehensive detection and prevention of electronic fraud across all devices, channels and clouds. Our Total Fraud Protection® platform protects against phishing, pharming, malware, man-in-the-middle and man-in-the-browser attacks, and delivers multifactor authentication and transaction anomaly detection.
The online activities of 24 million customers of 80 leading financial services companies, security firms, retailers, airlines and other entities in the United States and abroad are protected by Easy Solutions fraud prevention systems. Easy Solutions offers a one-stop shop for multiple fraud prevention services.
Headquarters:
Latin America:
1401 Sawgrass Corporate Parkway, Sunrise, FL 33323 – Tel. +1-866-5244782
Cra. 13A No. 98 – 21 Of. 401 Bogotá, Colombia – Tel. +57 1- [email protected]
www.easysol.net