Essential Guide

How to prepare for the emerging threats to your systems and data

A comprehensive collection of articles, videos and more, hand-picked by our editors

Sophisticated phishing: How to stay safe and save money

In this webcast, Johanne B. Ullrich, dean of research for the SANS Technology Institute, focuses on spear phishing and the automated clearing house fraud and demonstrates new ways attackers can swipe millions of dollars without using malware.

Ullrich first outlines the anatomy of one new type of attack, explaining how the attacker locates a target, obtains the crucial information and reconfigures the victim's email system to reroute payment-related email to the attacker. Once accomplished, the evildoer then can scoop up millions of dollars -- all without deploying a bit of malware.

As Ullrich makes clear, this new scam can easily escape the notice of host-based detection systems. What's more scary is that this sort of attack could be automated. So does that mean such attacks are likely to increase? Yes. Does it also mean they are unpreventable? Fortunately, no.

Ullrich explains the various ways to thwart them, from security education (making users more aware) to implanting effective methods and procedures (such as continuous network monitoring).

The first step in staying secure in 2014, therefore, is this: Know thy enemy.

Johannes B. Ullrich, Ph.D., GIAC, GCIA and GWEB, is the dean of research at the SANS Technology Institute and head researcher at its Internet Storm Center. Follow him on twitter @johullrich.

View All Videos

Essential Guide

How to prepare for the emerging threats to your systems and data

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

The most serious of these attacks can provide the attacker with the ability to remotely initiate system-level commands. Today's intrusion prevention systems (IPS) provide advanced security intelligence and the ability to identify and block malware before it can enter your network so that you can defeat these sophisticated evasion techniques
Cancel
User education is so important. Sometimes, I have a hard time believing that people can still be fooled by phishing scams these days. I guess that I've just grown up in a time where I've learned to become distrustful of any contact not initiated by me (regardless of whether it's via email, phone, or face-to-face contact). In a way that's kind of sad, but better safe than sorry! Especially when your employment is at stake!
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close