Saravana Venkatesh

advertisement
Saravana Venkatesh Chellam
42323088
Supervisor : Josef Pieprzyk
Roadmap :
 Aim
 Significance
 Introduction to phishing & its attacks
 Overview of phishing techniques
 Countermeasures of phishing techniques.
 Conclusion and future scope.
Aim:
 To understand phishing and its impacts in different
industries.
 To Identify the phishing techniques.
 To provide the counter measures of anti-phishing techniques.
 To provide recommendation and identify future scope of
phishing.
Project significance:
 Few important aspects: loss of privacy by clients, identity of clients
is compromised, stolen client credentials can be abused (sold on
black market, used to commit computer crimes, etc.)
 Due to the scale of the attacks, there is the potential for huge
financial loses(average theft of $4000 USD per attack)
 Customers of financial institutions, retail companies, social
networking sites and internet service providers were frequent
targets.
Project significance:
 In 2010, RSA witnessed a total of 203,985 phishing attacks
launched(RSA online Fraud, 2010)
 As compared to the total in 2009, this marks a 27 percent
increase in the phishing attack volume over the previous year
(RSA online Fraud, 2010)
Project significance:
APWG(Anti-phishing group) - 2010
Project significance:
Results of an phishing attack: (Simon Whitehouse,
2007)
 5% Get To The End User – 100,000 (APWG)
 5% Click On The Phishing Link – 5,000 (APWG)
 60% of banks suffered from Phishing attacks against their
brands – (Gartner)
 2% Enter Data Into The Phishing Site –100 (Gartner)
Introduction:
 Phishing is a form of identity theft that aims to steal sensitive
information from user such as password and credit card
information.
 Mediums include:Emails,Websites,IM.
 The Goal is to extract information from a target.
Introduction:
 The Major driver of phishing is –Money Money Money !!!
 With organisations becoming more aware phishers had to come
up with advanced methods.
 Phishing attacks nowadays use pre packaged toolkits and
advanced spam techniques to ensure maximum exposure.
Phishing attack representation:
Stan Hegt - May 2008 - Analysis of
phishing attacks
Overview of Phishing techniques
Phishing delivery modes:
 E-mail and Spam
 Web-based Delivery
 IRC and Instant Messaging
 Trojaned Hosts.
Phishing methods:
Gunter 2007 - The Phishing Guide
Phishing techniques:
Email techniques :•
•
•
•
Attachments to e-mails –
Use of font differences –
Hyperlinks to similar domain namesFilling forms .
Web –based techniques:• Fake banner advertising.
• IM .
• Fake websites(having similar domain names).
• Browser vulnerabilities,Spyware,malware.
Phishing techniques:
Spoofed mails:
 A formal email request is sent to the user to send back sensitive
information.
 Some scams are like winning notifications which ask for credit card
number and other information.
Spoofed websites:
 Here fake websites of financial organisation etc are crafted by
attackers similar to the legitimate site.
 Mostly these websites are http enabled not https .
Some tricks:
To reduce suspicion and increase authenticity:
The URLs might be obfuscated to look like the legitimate site.
Example :http://privatebanking.mybank.com as
http://privatebanking.mybank.com.ch
http://mybank.privatebanking.com
http://privatebanking.mybonk.com
 It uses real logos and corporate identity elements in the spoofed
website.
Typical attack:
 Attacker sends a large number of people of spoofed emails(that
act like to be coming from a legitimate organisation) to users.
 The emails have hyperlink to spoofed websites wherein the users
are directed to.
 The victims are then asked to enter their sensitive information.
Phishing techniques:
Instant messenger:

As IM clients allow for embedded dynamic content (such as graphics,
URLs, multimedia includes, etc.) to be sent by channel participants.
 Usage of bots (automated programs that listen and participate in group
discussions) in many of the popular channels, means that it is very easy
for a phisher to anonymously send semi-relevant links and fake
information to would-be victims.
Phishing techniques
Web based- Phishing attacks :
 Client-side Vulnerability Exploitation
Browser vulnerabilities – Add-ons , plugins etc
 Observing Customer Data
key-loggers and screen-grabbers
Phishing Techniques:
Observing customer data:
Keylogger,screengrabbers
 The purpose of key loggers is to observe and record all key
presses by the customers.
 Some sophisticated phishing attacks make use of code designed
to take a screen shot of data that has been entered into a webbased application
Countermeasure against phishing
The defensive mechanisms to counter the phishing technique
threats.
 The Client-side – this includes the user’s PC and desktop.
 The Server-side – this includes the business’ Internet visible
systems and custom applications.
 Enterprise Level – distributed technologies and third-party
management services.
Client side :
At the client-side, protection against phishing can be afforded by:
 Desktop protection technologies
 User application-level monitoring solutions
 Locking-down browser capabilities
 Digital signing and validation of email
 General security awareness
Server side:
 Improving customer awareness
 Providing validation information for official communications
 Ensuring that the Internet web application is securely developed and
doesn’t include easily exploitable attack vectors.
 Using strong token-based authentication systems
 Keeping naming(domain name) systems simple and understandable
Enterprise level:
 Automatic validation of sending e-mail server addresses
 Digital signing of e-mail services
 Monitoring of corporate domains and notification of “similar”
registrations
 Perimeter or gateway protection agents
 Third-party managed services
Checklist for prevention:
Recommendation
Consumer
Business
Email attachments from emails(open only trusted Yes
people emails)
Awareness when receiving emails that ask for account Yes
details.
Avoid clicking on hyperlink in emails.
Yes
Yes
Report suspicious emails to the authorities.
Yes
Yes
To be upto date on all information related to phishing. Yes
Yes
Usage of latest browsers versions and installation of Yes
security patches.
Install update
and maintain firewalls(including Yes
malware, spyware security )
Consistently monitor logs of firewalls,DNS servers Yes
and intrusion detection systems(to check for
infected systems etc)
Ensuring only approved third party devices can
connect to the network.
Yes
Yes
Yes
Yes
Yes
Yes
Future scope of phishing:
 We expect that the future of scope of phishing is expected to rise
especially in the mobile environment.
 The mobile operating systems and browsers lack the security
indicators,as a result the users cannot always check if they are in the
correct site .
 Android phones could be more vulnerable to phishing .
(Free market phishy apps online)
Conclusion:
 The driver of phishing is money and phishing is expected to rise in
future !!!
 Awareness and education among users and businesses
 Usage of technology to fight phishing.
 The combat the phishing techniques we need sound anti- phishing
policies, measures(defense) and law enforcement.
Download