I’d mentioned earlier (see Improving Email at Cisco Part 1 – The IT Technology Side) that email has its ugly side:
- Too many
- Most of them are a waste of time
- Emails will, occasionally, carry virus payloads (or link you to sites that have worse); and yet
- I can’t live without it Read More »
Tags: anyconnect, clarity, coc-unified-communications, cres, email, email writing, encryption, phishing, safety, spearphishing, vpn
In recent weeks, the volume of malicious email carrying attachments has increased substantially. To entice recipients into opening those attachments, attackers are employing pitches across a wide range of subjects. In doing so, they are defeating the often doled out advice to not open attachments in email received unexpectedly.
One of the more striking examples of this is malicious email exploiting bad economic conditions, job loss, and potential loss of home. The combined legal and job categories comprised 33% of malicious email attachments over the past two weeks, with pitches ranging from bogus employment opportunities to court summons for evictions due to overdue payments.
Other legal-oriented email includes warnings of illegal use of software, copyright infringement, and criminal complaints for alleged non-payment of accounts.
Assuming you were in dire financial straits, it’s not difficult to imagine you would react to an eviction notice such as the following:
Read More »
Tags: Big Data, email security, phishing, security
In the last chapter of our five part Big Data in Security series, expert Data Scientists Brennan Evans and Mahdi Namazifar join me to discuss their work on a cloud anti-phishing solution.
Phishing is a well-known historical threat. Essentially, it’s social engineering via email and it continues to be effective and potent. What is TRAC currently doing in this space to protect Cisco customers?
Brennan: One of the ways that we have traditionally confronted this threat is through third-party intelligence in the form of data feeds. The problem is that these social engineering attacks have a high time dependency. If we solely rely on feeds, we risk delivering data to our customers that may be stale so that solution isn’t terribly attractive. This complicates another issue with common approaches with a lot of the data sources out there: many attempt to enumerate the solution by listing compromised hosts and in practice each vendor seems to see just a small slice of the problem space, and as I just said, oftentimes it’s too late.
We have invested a lot of time in looking at how to avoid the problem of essentially being an intelligence redistributor and instead look at the problem firsthand using our own rich data sources – both external and internal – and really develop a system that is more flexible, timely, and robust in the types of attacks it can address.
Mahdi: In principle, we have designed and built prototypes around Cisco’s next generation phishing detection solution. To address the requirements for both an effective and efficient phishing detection solution, our design is based on Big Data and machine learning. The Big Data technology allows us to dig into a tremendous amount of data that we have for this problem and extract predictive signals for the phishing problem. Machine learning algorithms, on the other hand, provide the means for using the predictive signals, captured from historical data, to build mathematical models for predicting the probability of a URL or other content being phishing.
Read More »
Tags: analytics, Big Data, Cisco, cloud, database, email, innovation, Intelligence, operations, phishing, security, TRAC, TRAC Big Data Analysis
On August 15, 2013, Brian Krebs featured a screen shot of a fake Outlook webmail login page used by the Syrian Electronic Army in a phishing attack against the Washington Post. If you look carefully at the location bar, you will note that the domain used in the phishing attack is ‘webmail.washpost.site88.net’.
Read More »
Tags: Krebs, phishing, Syrian Electronic Army, TRAC
While the IT industry is in many ways moving toward an outsourced model, with the widespread adoption of the cloud and XaaS, marketing has been moving in a similar direction as well. And while PR agencies have been around for quite some time and it has been normal to look to outside agencies for help with creatives, over the past several years a new kind of service provider, the Email Service Provider, or ESP, has emerged from the shadows. Not to be mistaken for cloud-based email security services, ESPs are in the business of sending mass email (typically opt-in), not blocking it. Unfortunately, for many, their first exposure to these companies (outside of an inbox full of enticing offers) has been via news around data breaches, first, in 2010 with Silverpop and now Epsilon.
Read More »
Tags: cloud, cloud security, email, phishing, security, spear phishing