150 likes | 315 Views
ITU Workshop on “ Countering and Combating Spam ” (Durban, South Africa, 8 July 2013). Automated Targeted Attacks. Alexandru Catalin Cosoi, Chief Security Strategist, Bitdefender acosoi@bitdefender.com. Spam Breakdown by Type. Attachments Breakdown by Type. MiniDuke attack.
E N D
ITU Workshop on “Countering and Combating Spam” (Durban, South Africa, 8 July 2013) Automated Targeted Attacks Alexandru Catalin Cosoi, Chief Security Strategist, Bitdefender acosoi@bitdefender.com
Questions • What is your name or nickname? • What are your interests? • Who do you work for? • Who are your friends/colleagues? • What is you job title? • Who is you manager/CEO/director? • Who are your family members? • Are you married? With whom?
After 3 searches • Name: Alexandru Catalin Cosoi • Company: Bitdefender • Job Title: Chief Security Strategist • Email: acosoi@bitdefender.com • Social media accounts: all, including LinkedIn profile and foursquare checkins • Wife’s email address
Example Dear Alexandru Cosoi, We tried contacting your wife Carmen in regard to participation to the 19th Annual Conference of [whatever]. Is [wife’s email] her correct email address? Can you please forward the attached PDF with the official invite?
Conclusions • Social engineering works. • Social engineering can be automated • We need to understand the addiction to social networks and the fact that users will post information about themselves online • Education can work. It’s our duty to educate both users and employees about social engineering and how their own data can turn against them.
More Conclusions • Spam content will become personal and unique • Content filtering technologies will start having a hard time detecting all samples • Users might consider antispam filters when detecting highly social engineered spam messages
Questions? www.bitdefender.com acosoi@bitdefender.com