meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, August 14th 2017

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 14 August 2017

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. OWA Attacks; Phishing Tests;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, August 14th, 2017 edition of the Santernut Storm Center's Stormcast.

0:07.3

My name is Johannes Ulrich, and the day I'm recording from Jacksonville, Florida.

0:11.8

Business email compromise is still a big issue, and Mark wrote up a brief diary about one particular common scenario that leads to this kind of attack. What happens

0:24.4

here is that a company uses Outlook Web Access and a user loses their credentials to fishing.

0:32.2

Whenever you have a web-based interface to access your email, then of course, anybody from anywhere in the world

0:39.0

typically can access that interface and then log in as that user and read emails, respond

0:46.5

to them, or delete them, so the legitimate user will never see them.

0:51.3

What happens typically here is that the hacker then either becomes more familiar with business

0:57.5

processes or directly sees for example an email from a customer asking for a buyer transfer

1:04.5

instructions which then of course are answered by the attacker on behalf of the legitimate owner of that email account,

1:14.7

which then leads to the funds being transferred to the wrong account.

1:19.2

I'm actually doing a brief webcast about this this afternoon today on Monday,

1:25.1

so if you want to learn more about business email compromise,

1:28.1

I'll go over some particular scenarios that I've seen in the past just using this and

1:35.1

similar schemes. Of course, if you have any kind of cloud-based web email, then the same

1:40.7

threat happens. I noticed that Google has actually gotten quite good in identifying

1:47.2

legitimate login attempts, but it doesn't mean that there aren't some that slip through Google's

1:54.2

defenses. The real solution here is probably two-factor authentication, also audit accounts for new forward addresses being added.

2:04.7

That's probably the most common scheme that I have seen where the attacker, instead of

2:08.5

continuing to log into the account, just adds a forward to address, so the hacker receives

2:14.9

copies of all emails.

2:23.4

Now, one way to educate your users about fishing, of course, is to conduct regular fishing tests to see how many people click on these emails and also demonstrate to your users

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.