phishing
6 TopicsSMTP Smugglers Blues
The SMTP protocol has been vulnerable to email smuggling for decades. Many of the mail servers out there have mitigations in place to handle this vulnerability but not all of them, especially the quick libraries and add-ons you can find on web sites. Protecting your server from these attacks is simple with F5 BIG-IP Advanced WAF and our SMTP Protocol Security profiles. Read to learn how to give those bad actors the “Smugglers Blues”393Views2likes2CommentsDon’t Take the Impostor’s Bait
Phishing has been around since the dawn of the internet. The term was first used in an AOL Usenet group back in 1996 but it wasn’t until 2003 when many baited hooks and lures started dropping. Popular transaction destinations like PayPal and eBay were some of the early victims of these spoofed sites asking customers to update their personal and credit card information. By 2004, it was a full-fledged ‘get rich quick scheme’ with many financial institutions – and their customers – as targets. Oxford Dictionary defines Phishing as, ‘The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.’ You’ve seen it, the almost perfect looking email with actual logos, images and links to a reputable company only to have it go to a slick looking replica complete with a login form. If you aren’t paying attention and do enter your credentials, you’ve just given a crook access to your money. The Anti-Phishing Working Group (APWG) reports a 250 percent jump in the number of detected phishing websites between October 2015 and March 2016. More than in any other three-month span since it began tracking back in 2004. That’s around 230,000 unique phishing campaigns a month. And as recent as last week, American Express users were hit with a phishing email offering anti-phishing protection. Go figure. If you clicked the link, you were taken to a bogus Amex login page which asks for all the important stuff: SSN, DoB, mother’s maiden, AMEX number plus security code and a few other vitals. When complete, you’ll be redirected to the authentic site so you think you’ve been there all along. That’s how they work their magic. A very similar domain URL and all the bells of the original, including the real customer service 800 number. You can combat it however. F5’s WebSafe Web Fraud Protection can secure your organization (and your customers) against the evolving online fraud and you do not need any special client to detect it. WebSafe inserts an obfuscated JavaScript code which can detect malware like bait, mandatory words or if the fake was loaded from a different domain. It can validate source integrity like comparing fields for multiple users and detect threats like automatic transactions. Alerts are sent to an on premise dashboard and can also be forwarded to F5’s Security Operations Center (SOC). If you are configuring malware protection for the login and transaction pages for a financial application, it’s as simple as adding an Anti-Fraud profile to your VIP. First, you create an anti-fraud profile: Then indicate which URL should be watched and the action: Then enable Phishing detection: And when a phishing attach occurs, both the domain and the username of the victim get reported to the dashboard: The code that’s inserted is a little piece of JavaScript added to your website to detect the malicious activity. No action is needed on the part of the user since everything is handled within BIG-IP. This tiny piece of code will dramatically reduce fraud loss and retain the most important asset in business—customer confidence. Don't get fooled by a faker. ps Related: Security Sidebar: Spear Phishing Still Happens…A Personal Story Phishing you say, well that’s not my problem Getting Started with WebSafe Phishing Activity Trends Report (pdf)319Views0likes1CommentLightboard Lessons: What is Phishing and how can I guard against it?
Phishing has been around for years, but it is still a very relevant and dangerous attack.These attacks are a major source of profit for cyber criminals, and they can be very difficult to defend. So, why is there so much phishing still going on? The reason is simple: it’s easy and it works. Attackers don’t have to worry about hacking through a firewall, finding a zero-day exploit, deciphering encryption, etc. The hardest part of these attacks is creating a good email to get people to click on, and a fake website for the victims to land on. In this video, we explore the details of phishing and also talk about how you can defend yourself (or your organization) against these attacks. F5 Labs Phishing and Fraud Report (Note: it's a safe link to click on...I promise!!)310Views0likes0Comments“Phishing you say, well that’s not my problem.”
Yes, I heard this at a meeting with the CISO of a well-known establishment just the other day. This was a commonly held belief, just a few years ago, and by many that are now eating crow. When do you recognize that Phishing is ‘Your’ problem and could be a costly one at that to ignore? Efforts to help customers and employees learn how to self-protect and not become victims of deception are important, but not nearly enough. Google did some research that showed 45% of folks are still fooled by the best phishing scams – having their accounts hacked within 30 minutes. According to the report, even the least successful of phishing scams, with success rates of around 3%, can be very dangerous when targeting millions with phishing emails. Protecting your brand from the results of phishing threats (i.e., costly data breaches, wide-spread system infiltration, and unauthorized transactions) bears a greater responsibility. It requires an ongoing effort to identify and overtake attackers, and shutdown malicious services before you suffer what could be crippling losses. It is certain that phishing attacks have played a key role in attributing to the vast number of credentials (over 300 million), banking information and personal (or corporate) identities for sale on the underground internet. Although keylogging, form grabbing and other spyware are commonly used tactics, there is an increase use in fake phishing website designed to look like a legitimate log in pages. These fraudulent websites successfully attract unsuspecting users into volunteering information. Supplemented by email or social media lures, phishing tactics have become a weapon of choice by many attackers and is also used to deploy malware packages to not only gather valuable information, but to ensure the success of larger exploits by controlling devices, evading detection, and gaining access to protected, high valued information and assets and executing a transaction or full attack on a specific application. Verizon estimates that two-thirds of Cyber espionage has a phishing component. Given what was reported about the Sony attacks, a phishing attack may have been instrumental in one of the prominent data breaches of all time – resulting in a loss estimated to have reached 15 million dollars. The point, however, is that guarding against phishing threats (and client-side credential theft) should be an area of focus for companies, institutions and agencies alike. Attackers are monetizing credentials, seeking high-valued information, and are seizing the assets of businesses of all sizes and types. Don’t hold off protecting your users against threats that target them in order to breach your systems or execute fraudulent transactions. Here are 4 best practices that can protect your customers, employees, and brand Protect your customers, employees and your brand 1. Obfuscate form fields: Slow the progress of attacker by obscuring form fields on internet facing login pages and other forms where users input confidential information -- making such fields ambiguous or unknown to attackers 2. Encrypt information at rest in the browser: Protect information while users type within form fields, even before information is submitted then transmitted via SSL 3. Protect against client-side malware: Identify at-risk devices that have been unlocked, are considered vulnerable or which contain malware 4. Identify phishing sites before emails go out: Be informed when your website has been copied, uploaded to spoofed host servers, and when your customers have fallen victim to related phishing lures. Give serious thought to this and don’t wait until price tag to resolve such matters reaches $15,000,000.00. Consider taking the above actions to improve your overall security posture and to protect against phishing threats and credential theft. You cannot expect employees or customers to always make the right choice when exploring the web. Additionally your security strategy and its effectiveness should not be dependent upon your users, nor require their involvement. Put measures in place to provide a degree of confidence that the information behind the internet facing apps your customers and employees use is protected against attackers that may target them to gain access. Visit https://f5.com/products/modules/websafe for more information about F5 solutions that extend application security to the client299Views0likes0CommentsIs Your DNS Vulnerable?
This article originally appeared on F5.com on 7.29.15. A recent report from The Infoblox DNS Threat Index (in conjunction with Internet Identity) shows that phishing attacks has raised the DNS threat level to a record high of 133 for second quarter of 2015, up 58% from the same time last year. The biggest factor for the jump is the creation of malicious domains for phishing attacks. Malicious domains are all those very believable but fake sites that are used to mimic real sites to get you to enter sensitive details. You get a phishing email, you click the link and get sent to a financial site that looks and operates just like your real bank site. If you're fooled and enter your credentials or other personal information, you could be giving the bad guys direct access to your money. These sites can also pretend to be corporate portals to gather employee credentials for future attacks. Along with the malicious domains, demand for exploit kits also helped propel the DNS threat. Exploit kits are those wonderful packaged software that can run, hidden, on websites and load nasty controls and sniffers on your computer without you even knowing. The Infoblox DNS Threat Index has a baseline of 100, which is essentially the quarterly averages over 2013 and 2014. In the first quarter 2015, the threat index jumped to 122 and then another 11 ticks for Q2 2015, hitting the high mark. Phishing was up by 74% in the second quarter and Rod Rasmussen, CTO at IID, noted that they saw a lot of phishing domains put up in the second quarter. You'd think after all these years this old trick would die but it is still very successful for criminals and with domain names costing less than $20 and available in minutes, it is a cheap investment for a potentially that big score. DNS is what translates the names we type into a browser (or mobile app, etc.) into an IP address so that the resource can be found on the internet. It is one of the most important components to a functioning internet and as I've noted on several occasions, something you really do not think about until it isn't working...or is hacked. Second to http, DNS is one of the most targeted protocols and is often the source of many attacks. This year alone, the St. Louis Federal Reserve suffered a DNS breach, Malaysia Airlines' DNS was hacked, and Lenovo.com to name a few. In addition, new exploits are surfacing targeting vulnerable home network routers to divert people to fake websites and DNS DDoS is always a favorite for riff-raff. Just yesterday 3 people were sent to prison in the DNS Changer Case. With more insecure IoT devices coming on line and relying on DNS for resolution, this could be the beginning of a wave of DNS related incidents. But it doesn't have to be. DNS will become even more critical as additional IoT devices are connected and we want to find them by name. F5 DNS Solutions, especially DNSSEC solutions, can help you manage this rapid growth with complete solutions that increase the speed, availability, scalability, overall security and intelligently manages global app traffic. At F5 we are so passionate about DNS hyperscale and security that we are now even more focused with our new BIG-IP DNS (formerly BIG-IP GTM) solution. ps @psilvas Related: Phishing Attacks Drive Spike In DNS Threat The growing threat of DDoS attacks on DNS Infoblox DNS Threat Index Hits Record High in Second Quarter Due to Surge in Phishing Attacks Infoblox DNS Threat Index Eight Internet of Things Security Fails Intelligent DNS Animated Whiteboard (Video) CloudExpo 2014: The DNS of Things (Video) DNS Doldrums Technorati Tags: breach,dns,f5,phishing,securitymalware,threats,silva Connect with Peter: Connect with F5:261Views0likes0CommentsHow Malware Evades Detection
Malware loves encryption since it can sneak around undetected. F5Labs 2018 Phishing & Fraud Report explains how malware tricks users and evades detection. With the cloning of legitimate emails from well-known companies, the quality of phishing emails is improving and fooling more unsuspecting victims. Attackers disguise the malware installed during phishing attacks from traditional traffic inspection devices by phoning home to encrypted sites. Let's light up how evasion happens & get your F5 Labs 2018 Phishing & Fraud Report today. ps242Views0likes0Comments