SlideShare a Scribd company logo

Creating New Models To Combat Business Email Compromise

Priyanka Aash
Priyanka Aash

Creating New Models To Combat Business Email Compromise. We Know How to Deal with Phishing Websites There’s a Process to Deal with Malware

Technology
1 of 22
Download to read offline
© Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. Creating New Models To Combat Business Email Compromise Patrick Peterson, CEO & Founder November, 2020
© Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. We Know How to Deal with Phishing Websites 2
© Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. There’s a Process to Deal with Malware 3 • Report Binary • Analyze Binary • Update A/V signatures • Identify Command and Control • Shutdown (or Seize) C&C servers • Poison P2P C&C servers
© Copyright 2020 Agari. All rights reserved. Confidential and Proprietary.4 BEC: A Rapidly Growing Threat BEC is a million per month problem! Source: 2017 FBI IC3 Alert $139$228 Source: 2018 FBI IC3 Alert $302 Source: 2019 FinCEN Report $708 Source: 2019 FBI IC3 Alert
© Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. What is Business Email Compromise (BEC) 5 Financially motivated email-based identity deception BEC uses numerous cash out methods: Wire, SWIFT, Payroll, gift card Same techniques used for information theft Email-based Domain spoofing From: Patrick Peterson Friendly Name From: Patrick Peterson Domain imitation From: Patrick Peterson Email compromise From: Patrick Peterson Email + Telephony based <chiefexcutiveoofficer@gmail.com> <ppeterson@aqari.com> <ppeterson@agari.com> <ppeterson@agari.com>
© Copyright 2020 Agari. All rights reserved. Confidential and Proprietary.6 Our First Experiment How Does the CEO Scam Work? How Can We Make the Attack Less Cost Effective?
© Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. BEC Email to Agari From: Patrick Peterson To: rlim@agari.com Subject: Invoice Payment Are you in the office? Patrick Peterson Sent from my U.S. Cellular® Smartphone <chiefexcutiveoofficer@gmail.com> An “Incident” in our parlance
© Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. BEC ”Baiting” Response From: Raymond Lin To: Patrick Peterson Subject: Re: Invoice Payment Yes. What do you need? Raymond <rlim@agari.com> <chiefexcutiveoofficer@gmail.com> Engaging the Fraudster
© Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. Criminal Requests Wire, Reveals Valuable Asset From: Patrick Peterson To: Raymond Lim Subject: Re: Invoice Payment Process a wire transfer in the amount of $44,960 with the wire instructions below. Bank : JP Morgan Chase Bank Bank Address : 6861 Bernardo Center Drive, San Diego CA 92128-2503 Beneficiary : M*****n W****s Account Number : 86******88 Route Number : 322271627 Let me know once wire transfer is completed. Regards, Patrick Peterson A Mule Account in our parlance <chiefexcutiveoofficer@gmail.com>
© Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. LATHER RINSE REPEAT
© Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. Why is BEC Such a Problem? Traditional defenses focus on technical threats BEC has a higher ROI than other cyber attacks Social engineering is extremely effective
© Copyright 2020 Agari. All rights reserved. Confidential and Proprietary.12 Active Defense: A New Model to Combat BEC
© 2020 Agari. All rights reserved. Confidential and Proprietary. What if the solution was as simple as…
© 2020 Agari. All rights reserved. Confidential and Proprietary. LATHER RINSE REPEAT
© 2020 Agari. All rights reserved. Confidential and Proprietary. Manual baiting does not address the problem
© Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. Active Defense Uses Low Impact Gray Zone 16 From: George Washington University Center for Cyber & Homeland Security “Into the Gray Zone: Active Defense by the Private Sector against Cyber Threats”
© 2020 Agari. All rights reserved. Confidential and Proprietary. Pick a Gang …. Any Gang…. Masterconmann London Blue Geozic Group Invisible Landlord
© 2020 Agari. All rights reserved. Confidential and Proprietary. Kelvin Utuedor aka ___ ___
© 2020 Agari. All rights reserved. Confidential and Proprietary. Why “London Blue”?
© 2020 Agari. All rights reserved. Confidential and Proprietary. Criminal Targeting Database – 50,000 Finance Executives CFO 71% Finance Director/Manager 12% Controller 9% Accounting 6% EA 2% Top Titles Targeted
© 2020 Agari. All rights reserved. Confidential and Proprietary. The leading component for BEC
• ACID: Agari Cyber Intelligence Division • Visit acid.agari.com for research reports • Email acid@agari.com to learn more • Close relationships with industry and law enforcement partners Agari develops industry-leading insights from live engagements with threat actors on behalf of customers

Recommended

Kin (Bright Policy)
Kin (Bright Policy)Kin (Bright Policy)
Kin (Bright Policy)Daniel Rosen
 
Same day ach bec fraud detection prevention webinar 3 1-18
Same day ach bec fraud detection prevention webinar 3 1-18 Same day ach bec fraud detection prevention webinar 3 1-18
Same day ach bec fraud detection prevention webinar 3 1-18 Laurent Pacalin
 
Preventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel ApproachPreventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel ApproachLaurent Pacalin
 
GDPR - heads up!
GDPR - heads up!GDPR - heads up!
GDPR - heads up!Joe Mbaya
 
General Data Protection Regulations (GDPR) & Impact on Your Business
General Data Protection Regulations (GDPR) & Impact on Your Business General Data Protection Regulations (GDPR) & Impact on Your Business
General Data Protection Regulations (GDPR) & Impact on Your Business EquiCorp Associates
 
Samples_CoreLogic
Samples_CoreLogicSamples_CoreLogic
Samples_CoreLogicKate McDonald
 
What is a Bot and why you should care
What is a Bot and why you should careWhat is a Bot and why you should care
What is a Bot and why you should careElisabeth Bitsch-Christensen
 
Slides: Using Analytics and Fraud Management To Increase Revenues and Differe...
Slides: Using Analytics and Fraud Management To Increase Revenues and Differe...Slides: Using Analytics and Fraud Management To Increase Revenues and Differe...
Slides: Using Analytics and Fraud Management To Increase Revenues and Differe...DATAVERSITY
 

Recommended

Kin (Bright Policy)
Kin (Bright Policy)Kin (Bright Policy)
Kin (Bright Policy)Daniel Rosen
 
Same day ach bec fraud detection prevention webinar 3 1-18
Same day ach bec fraud detection prevention webinar 3 1-18 Same day ach bec fraud detection prevention webinar 3 1-18
Same day ach bec fraud detection prevention webinar 3 1-18 Laurent Pacalin
 
Preventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel ApproachPreventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel ApproachLaurent Pacalin
 
GDPR - heads up!
GDPR - heads up!GDPR - heads up!
GDPR - heads up!Joe Mbaya
 
General Data Protection Regulations (GDPR) & Impact on Your Business
General Data Protection Regulations (GDPR) & Impact on Your Business General Data Protection Regulations (GDPR) & Impact on Your Business
General Data Protection Regulations (GDPR) & Impact on Your Business EquiCorp Associates
 
Samples_CoreLogic
Samples_CoreLogicSamples_CoreLogic
Samples_CoreLogicKate McDonald
 
What is a Bot and why you should care
What is a Bot and why you should careWhat is a Bot and why you should care
What is a Bot and why you should careElisabeth Bitsch-Christensen
 
Slides: Using Analytics and Fraud Management To Increase Revenues and Differe...
Slides: Using Analytics and Fraud Management To Increase Revenues and Differe...Slides: Using Analytics and Fraud Management To Increase Revenues and Differe...
Slides: Using Analytics and Fraud Management To Increase Revenues and Differe...DATAVERSITY
 
Aon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsAon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsCSNP
 
Chapter 2 virtual banking
Chapter 2 virtual bankingChapter 2 virtual banking
Chapter 2 virtual bankingQuan Risk
 
Citvy pitch deck (38)
Citvy pitch deck (38)Citvy pitch deck (38)
Citvy pitch deck (38)Rostislav Gogolauri
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
 
Protecting Against Payment Fraud in SAP S/4HANA
Protecting Against Payment Fraud in SAP S/4HANAProtecting Against Payment Fraud in SAP S/4HANA
Protecting Against Payment Fraud in SAP S/4HANAKyriba Corporation
 
The rise of account takeover
The rise of account takeoverThe rise of account takeover
The rise of account takeover4ndersonLin
 
Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Ins...
Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Ins...Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Ins...
Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Ins...Withum
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
Insights on ISO 20022 - Digging into the DNA of Faster Payments
Insights on ISO 20022 - Digging into the DNA of Faster PaymentsInsights on ISO 20022 - Digging into the DNA of Faster Payments
Insights on ISO 20022 - Digging into the DNA of Faster PaymentsNasreen Quibria
 
Preventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite GroupPreventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite GroupLaurent Pacalin
 
The Internet Report: Episode 7 Week of May 4 - May 10
The Internet Report: Episode 7 Week of May 4 - May 10The Internet Report: Episode 7 Week of May 4 - May 10
The Internet Report: Episode 7 Week of May 4 - May 10ThousandEyes
 
Chapter 5 the kyc utility
Chapter 5 the kyc utilityChapter 5 the kyc utility
Chapter 5 the kyc utilityQuan Risk
 
Corda for Corporates at Sibos 2019
Corda for Corporates at Sibos 2019Corda for Corporates at Sibos 2019
Corda for Corporates at Sibos 2019R3
 
BeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|IntroductionBeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|IntroductionBeingSign|區塊鏈線上簽署系統
 
Chapter 7 risk based approach
Chapter 7 risk based approachChapter 7 risk based approach
Chapter 7 risk based approachQuan Risk
 
Beware of Scam Artists - Recognize Them Before They Get You!
Beware of Scam Artists - Recognize Them Before They Get You!Beware of Scam Artists - Recognize Them Before They Get You!
Beware of Scam Artists - Recognize Them Before They Get You!Narayan Makaram
 
Fundamentals of Information Systems Security Lesson 2The I.docx
Fundamentals of Information Systems Security Lesson 2The I.docxFundamentals of Information Systems Security Lesson 2The I.docx
Fundamentals of Information Systems Security Lesson 2The I.docxshericehewat
 
Break Through the Noise: Find Your Audience with Data-Driven Advertising
Break Through the Noise: Find Your Audience with Data-Driven AdvertisingBreak Through the Noise: Find Your Audience with Data-Driven Advertising
Break Through the Noise: Find Your Audience with Data-Driven Advertising4Cinsights
 
2020 cyber threat forcast.
2020 cyber threat forcast.2020 cyber threat forcast.
2020 cyber threat forcast.Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
CWIN17 New-York / adopting a cloud first strategy to fuel growth
CWIN17 New-York / adopting a cloud first strategy to fuel growthCWIN17 New-York / adopting a cloud first strategy to fuel growth
CWIN17 New-York / adopting a cloud first strategy to fuel growthCapgemini
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 

More Related Content

Similar to Creating New Models To Combat Business Email Compromise

Aon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsAon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsCSNP
 
Chapter 2 virtual banking
Chapter 2 virtual bankingChapter 2 virtual banking
Chapter 2 virtual bankingQuan Risk
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
 
Protecting Against Payment Fraud in SAP S/4HANA
Protecting Against Payment Fraud in SAP S/4HANAProtecting Against Payment Fraud in SAP S/4HANA
Protecting Against Payment Fraud in SAP S/4HANAKyriba Corporation
 
The rise of account takeover
The rise of account takeoverThe rise of account takeover
The rise of account takeover4ndersonLin
 
Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Ins...
Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Ins...Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Ins...
Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Ins...Withum
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
Insights on ISO 20022 - Digging into the DNA of Faster Payments
Insights on ISO 20022 - Digging into the DNA of Faster PaymentsInsights on ISO 20022 - Digging into the DNA of Faster Payments
Insights on ISO 20022 - Digging into the DNA of Faster PaymentsNasreen Quibria
 
Preventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite GroupPreventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite GroupLaurent Pacalin
 
The Internet Report: Episode 7 Week of May 4 - May 10
The Internet Report: Episode 7 Week of May 4 - May 10The Internet Report: Episode 7 Week of May 4 - May 10
The Internet Report: Episode 7 Week of May 4 - May 10ThousandEyes
 
Chapter 5 the kyc utility
Chapter 5 the kyc utilityChapter 5 the kyc utility
Chapter 5 the kyc utilityQuan Risk
 
Corda for Corporates at Sibos 2019
Corda for Corporates at Sibos 2019Corda for Corporates at Sibos 2019
Corda for Corporates at Sibos 2019R3
 
Chapter 7 risk based approach
Chapter 7 risk based approachChapter 7 risk based approach
Chapter 7 risk based approachQuan Risk
 
Beware of Scam Artists - Recognize Them Before They Get You!
Beware of Scam Artists - Recognize Them Before They Get You!Beware of Scam Artists - Recognize Them Before They Get You!
Beware of Scam Artists - Recognize Them Before They Get You!Narayan Makaram
 
Fundamentals of Information Systems Security Lesson 2The I.docx
Fundamentals of Information Systems Security Lesson 2The I.docxFundamentals of Information Systems Security Lesson 2The I.docx
Fundamentals of Information Systems Security Lesson 2The I.docxshericehewat
 
Break Through the Noise: Find Your Audience with Data-Driven Advertising
Break Through the Noise: Find Your Audience with Data-Driven AdvertisingBreak Through the Noise: Find Your Audience with Data-Driven Advertising
Break Through the Noise: Find Your Audience with Data-Driven Advertising4Cinsights
 
CWIN17 New-York / adopting a cloud first strategy to fuel growth
CWIN17 New-York / adopting a cloud first strategy to fuel growthCWIN17 New-York / adopting a cloud first strategy to fuel growth
CWIN17 New-York / adopting a cloud first strategy to fuel growthCapgemini
 

Similar to Creating New Models To Combat Business Email Compromise (20)

Aon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsAon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber Criminals
 
Chapter 2 virtual banking
Chapter 2 virtual bankingChapter 2 virtual banking
Chapter 2 virtual banking
 
Citvy pitch deck (38)
Citvy pitch deck (38)Citvy pitch deck (38)
Citvy pitch deck (38)
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Protecting Against Payment Fraud in SAP S/4HANA
Protecting Against Payment Fraud in SAP S/4HANAProtecting Against Payment Fraud in SAP S/4HANA
Protecting Against Payment Fraud in SAP S/4HANA
 
The rise of account takeover
The rise of account takeoverThe rise of account takeover
The rise of account takeover
 
Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Ins...
Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Ins...Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Ins...
Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Ins...
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
 
Insights on ISO 20022 - Digging into the DNA of Faster Payments
Insights on ISO 20022 - Digging into the DNA of Faster PaymentsInsights on ISO 20022 - Digging into the DNA of Faster Payments
Insights on ISO 20022 - Digging into the DNA of Faster Payments
 
Preventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite GroupPreventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite Group
 
The Internet Report: Episode 7 Week of May 4 - May 10
The Internet Report: Episode 7 Week of May 4 - May 10The Internet Report: Episode 7 Week of May 4 - May 10
The Internet Report: Episode 7 Week of May 4 - May 10
 
Chapter 5 the kyc utility
Chapter 5 the kyc utilityChapter 5 the kyc utility
Chapter 5 the kyc utility
 
Corda for Corporates at Sibos 2019
Corda for Corporates at Sibos 2019Corda for Corporates at Sibos 2019
Corda for Corporates at Sibos 2019
 
BeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|IntroductionBeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|Introduction
 
Chapter 7 risk based approach
Chapter 7 risk based approachChapter 7 risk based approach
Chapter 7 risk based approach
 
Beware of Scam Artists - Recognize Them Before They Get You!
Beware of Scam Artists - Recognize Them Before They Get You!Beware of Scam Artists - Recognize Them Before They Get You!
Beware of Scam Artists - Recognize Them Before They Get You!
 
Fundamentals of Information Systems Security Lesson 2The I.docx
Fundamentals of Information Systems Security Lesson 2The I.docxFundamentals of Information Systems Security Lesson 2The I.docx
Fundamentals of Information Systems Security Lesson 2The I.docx
 
Break Through the Noise: Find Your Audience with Data-Driven Advertising
Break Through the Noise: Find Your Audience with Data-Driven AdvertisingBreak Through the Noise: Find Your Audience with Data-Driven Advertising
Break Through the Noise: Find Your Audience with Data-Driven Advertising
 
2020 cyber threat forcast.
2020 cyber threat forcast.2020 cyber threat forcast.
2020 cyber threat forcast.
 
CWIN17 New-York / adopting a cloud first strategy to fuel growth
CWIN17 New-York / adopting a cloud first strategy to fuel growthCWIN17 New-York / adopting a cloud first strategy to fuel growth
CWIN17 New-York / adopting a cloud first strategy to fuel growth
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Recently uploaded (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Creating New Models To Combat Business Email Compromise

  • 1. © Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. Creating New Models To Combat Business Email Compromise Patrick Peterson, CEO & Founder November, 2020
  • 2. © Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. We Know How to Deal with Phishing Websites 2
  • 3. © Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. There’s a Process to Deal with Malware 3 • Report Binary • Analyze Binary • Update A/V signatures • Identify Command and Control • Shutdown (or Seize) C&C servers • Poison P2P C&C servers
  • 4. © Copyright 2020 Agari. All rights reserved. Confidential and Proprietary.4 BEC: A Rapidly Growing Threat BEC is a million per month problem! Source: 2017 FBI IC3 Alert $139$228 Source: 2018 FBI IC3 Alert $302 Source: 2019 FinCEN Report $708 Source: 2019 FBI IC3 Alert
  • 5. © Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. What is Business Email Compromise (BEC) 5 Financially motivated email-based identity deception BEC uses numerous cash out methods: Wire, SWIFT, Payroll, gift card Same techniques used for information theft Email-based Domain spoofing From: Patrick Peterson Friendly Name From: Patrick Peterson Domain imitation From: Patrick Peterson Email compromise From: Patrick Peterson Email + Telephony based <chiefexcutiveoofficer@gmail.com> <ppeterson@aqari.com> <ppeterson@agari.com> <ppeterson@agari.com>
  • 6. © Copyright 2020 Agari. All rights reserved. Confidential and Proprietary.6 Our First Experiment How Does the CEO Scam Work? How Can We Make the Attack Less Cost Effective?
  • 7. © Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. BEC Email to Agari From: Patrick Peterson To: rlim@agari.com Subject: Invoice Payment Are you in the office? Patrick Peterson Sent from my U.S. Cellular® Smartphone <chiefexcutiveoofficer@gmail.com> An “Incident” in our parlance
  • 8. © Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. BEC ”Baiting” Response From: Raymond Lin To: Patrick Peterson Subject: Re: Invoice Payment Yes. What do you need? Raymond <rlim@agari.com> <chiefexcutiveoofficer@gmail.com> Engaging the Fraudster
  • 9. © Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. Criminal Requests Wire, Reveals Valuable Asset From: Patrick Peterson To: Raymond Lim Subject: Re: Invoice Payment Process a wire transfer in the amount of $44,960 with the wire instructions below. Bank : JP Morgan Chase Bank Bank Address : 6861 Bernardo Center Drive, San Diego CA 92128-2503 Beneficiary : M*****n W****s Account Number : 86******88 Route Number : 322271627 Let me know once wire transfer is completed. Regards, Patrick Peterson A Mule Account in our parlance <chiefexcutiveoofficer@gmail.com>
  • 10. © Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. LATHER RINSE REPEAT
  • 11. © Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. Why is BEC Such a Problem? Traditional defenses focus on technical threats BEC has a higher ROI than other cyber attacks Social engineering is extremely effective
  • 12. © Copyright 2020 Agari. All rights reserved. Confidential and Proprietary.12 Active Defense: A New Model to Combat BEC
  • 13. © 2020 Agari. All rights reserved. Confidential and Proprietary. What if the solution was as simple as…
  • 14. © 2020 Agari. All rights reserved. Confidential and Proprietary. LATHER RINSE REPEAT
  • 15. © 2020 Agari. All rights reserved. Confidential and Proprietary. Manual baiting does not address the problem
  • 16. © Copyright 2020 Agari. All rights reserved. Confidential and Proprietary. Active Defense Uses Low Impact Gray Zone 16 From: George Washington University Center for Cyber & Homeland Security “Into the Gray Zone: Active Defense by the Private Sector against Cyber Threats”
  • 17. © 2020 Agari. All rights reserved. Confidential and Proprietary. Pick a Gang …. Any Gang…. Masterconmann London Blue Geozic Group Invisible Landlord
  • 18. © 2020 Agari. All rights reserved. Confidential and Proprietary. Kelvin Utuedor aka ___ ___
  • 19. © 2020 Agari. All rights reserved. Confidential and Proprietary. Why “London Blue”?
  • 20. © 2020 Agari. All rights reserved. Confidential and Proprietary. Criminal Targeting Database – 50,000 Finance Executives CFO 71% Finance Director/Manager 12% Controller 9% Accounting 6% EA 2% Top Titles Targeted
  • 21. © 2020 Agari. All rights reserved. Confidential and Proprietary. The leading component for BEC
  • 22. • ACID: Agari Cyber Intelligence Division • Visit acid.agari.com for research reports • Email acid@agari.com to learn more • Close relationships with industry and law enforcement partners Agari develops industry-leading insights from live engagements with threat actors on behalf of customers