In this webcast, Johanne B. Ullrich, dean of research for the SANS Technology Institute, focuses on spear phishing and the automated clearing house fraud and demonstrates new ways attackers can swipe millions of dollars without using malware.
Ullrich first outlines the anatomy of one new type of attack, explaining how the attacker locates a target, obtains the crucial information and reconfigures the victim's email system to reroute payment-related email to the attacker. Once accomplished, the evildoer then can scoop up millions of dollars -- all without deploying a bit of malware.
As Ullrich makes clear, this new scam can easily escape the notice of host-based detection systems. What's more scary is that this sort of attack could be automated. So does that mean such attacks are likely to increase? Yes. Does it also mean they are unpreventable? Fortunately, no.
Ullrich explains the various ways to thwart them, from security education (making users more aware) to implanting effective methods and procedures (such as continuous network monitoring).
The first step in staying secure in 2014, therefore, is this: Know thy enemy.