Durban, South Africa, 8 July 2013
Automated Targeted Attacks
Alexandru Catalin Cosoi,Chief Security Strategist,
Bitdefender [email protected]
ITU Workshop on “Countering and Combating Spam”
(Durban, South Africa, 8 July 2013)
Spam Breakdown by Type
Durban, South Africa, 8 July 2013 2
Attachments Breakdown by Type
Durban, South Africa, 8 July 2013 3
MiniDuke attack
Durban, South Africa, 8 July 2013 4
Antispam Tech Maturity
Durban, South Africa, 8 July 2013 5
Questions
What is your name or nickname?What are your interests?Who do you work for?Who are your friends/colleagues?What is you job title? Who is you manager/CEO/director?Who are your family members?Are you married? With whom?
Durban, South Africa, 8 July 2013 6
Our Online Identity
Durban, South Africa, 8 July 2013 7
Google Search
Durban, South Africa, 8 July 2013 8
123people.com search
Durban, South Africa, 8 July 2013 9
Pipl.com search
Durban, South Africa, 8 July 2013 10
After 3 searches
Name: Alexandru Catalin CosoiCompany: BitdefenderJob Title: Chief Security StrategistEmail: [email protected] media accounts: all, including LinkedIn profile and foursquare checkinsWife’s email address
Durban, South Africa, 8 July 2013 11
Example
Dear Alexandru Cosoi,
We tried contacting your wife Carmen in regard to participation to the 19th Annual Conference of [whatever]. Is [wife’s email] her correct email address?
Can you please forward the attached PDF with the official invite?
Durban, South Africa, 8 July 2013 12
Conclusions
Social engineering works. Social engineering can be automated We need to understand the addiction to social networks and the fact that users will post information about themselves onlineEducation can work. It’s our duty to educate both users and employees about social engineering and how their own data can turn against them.
Durban, South Africa, 8 July 2013 13
More Conclusions
Spam content will become personal and uniqueContent filtering technologies will start having a hard time detecting all samplesUsers might consider antispam filters when detecting highly social engineered spam messages
Durban, South Africa, 8 July 2013 14
Questions?
Durban, South Africa, 8 July 2013 15