Presentation is loading. Please wait.

Presentation is loading. Please wait.

Topics in Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP Network Security Analyst, Washington University.

Published byBritton Hill Modified over 9 years ago

Similar presentations

Presentation on theme: "Topics in Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP Network Security Analyst, Washington University."— Presentation transcript:

1 Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University in St. Louis http://nso.wustl.edu/presentations/

2 Email Security Tip #1 Do not click on links in emails

3 Email Security Tip #2 See Tip #1 (Thanks Barb!)

4 Spam Product Supplier Seller 1Seller 2Seller 3 Accountant Spammer3 Spammer2 Spammer1 Spammer2 Spammer3 Spammer1 Spammer2 Spammer3

5 Where Does Spam Originate? Why Do We Care? Spam = Bots (Large armys of infected machines sending out spam) Bots = Sophisticated Malware Sophisticated Malware = Organized Crime More than 89% of all email messages were spam in 2010 - Symantec

6 Spam is Big Business Rates for one million email addresses: $25 to $50 http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf 10,000 malware installations: $300–$80 Sending 100 million emails per day: $10,000 per month http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf Cutwail’s profit for providing spam services: $1.7 - $4.2 million since June 2009 – Aug 2010 How much do the spammers gross per day? $7000 http://www.wired.com/magazine/2011/02/st_equation_spamprofits/

7 Underground Economy Spammers also are involved in: – CAPTCHA solving – Email harvesting – Custom software – Bulletproof hosting – Proxys

8 Spam Volume From Jul 30 - Aug 25, 2010 security researchers infiltrated the Cutwail spam network and discovered 87.7 billion emails were successfully sent

9 Spam Content Pornography Online pharmacies Phishing Money mule recruitment Malware The malware (Zeus banking Trojan) typically includes: – Greeting card – Resume – Invitation – Mail delivery failure – Receipt for a recent purchase.

10 Spam Blacklisting Only about 12% of bots are blacklisted after an hour when they come online The rate reaches 90% after a period of about 18 hours http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf

11 Spam Volume on WUSTL Ironports - Feb 2011

12 Phishing Email

13 Spear Phishing Example

14 Phishing Example??

15

16 Social Security Number Email 1 From: BOB [BOB@WUSTL.EDU] Sent: Friday, April 01, 2011 12:54 PM To: ALICE [ALICE@NOTWUSTL.COM] Subject: Registration Request ALICE: Couldn't remember if I had already sent this request or not. Please register CHARLIE ( 111-11-1111 ) for the session Thank you BOB

17 Social Security Number Email 2 From: BOB [BOB@WUSTL.EDU] Subject: FW: University talk To: ALICE@NONWUSTL.EDU, CHARLIE@NOTWUSTL.COM Date: Monday, April 4, 2011, 12:57 PM Dear Ms. ALICE and CHARLIE, I sent this e-mail a couple of weeks, but I haven't heard back from you yet, so I thought that I would send it again. Also, my SSN is 222-22-2222 and my home address is: 1234 Oak Ave. St. Louis, MO 63130

18 Emails, Like Postcards, Are Not Encrypted Contact me to discuss encryption options for storing or sending sensitive information

19 Thanks! http://nso.wustl.edu

Download ppt "Topics in Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP Network Security Analyst, Washington University."

Similar presentations

Processing Your Loyalty Order Online. Table of Contents Click for direct link to your preferred topic: Process your Loyalty Rewards Order TODAY Edit your.

Processing Your Loyalty Order Online. Table of Contents Click for direct link to your preferred topic: Process your Loyalty Rewards Order TODAY Edit your.
So Your Computer is Infected, Now What? STC/STS Tech Training 3:00-4:00, Tuesday, August 18, 2009 Brian Allen Network Security Analyst,

So Your Computer is Infected, Now What? STC/STS Tech Training 3:00-4:00, Tuesday, August 18, 2009 Brian Allen Network Security Analyst,
Employee Self Service (ESS) Registration

Employee Self Service (ESS) Registration
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
MTLE Minnesota Teacher Licensure Exams Reading Teacher, K-12 2012 - 2013 Test Preparation Hamline University School of Education.

MTLE Minnesota Teacher Licensure Exams Reading Teacher, K Test Preparation Hamline University School of Education.
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
S tudent B usiness O ffice Presented by Bob Putich Lynn Plancich.

S tudent B usiness O ffice Presented by Bob Putich Lynn Plancich.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing emails are designed.

Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
Your tool to help you build a list of Subscribers.

Your tool to help you build a list of Subscribers.
Security for Internet Every Day Use Standard Security Practices and New Threats.

Security for Internet Every Day Use Standard Security Practices and New Threats.
Security Awareness: Security Tips for Protecting Ourselves Online Friday, May 20, 2011 Brian Allen, CISSP Network Security Analyst.

Security Awareness: Security Tips for Protecting Ourselves Online Friday, May 20, 2011 Brian Allen, CISSP Network Security Analyst.
Internet Security Awareness Presenter: Royce Wilkerson.

Internet Security Awareness Presenter: Royce Wilkerson.
ONLINE SAFETY Online safety Money Works: Level 1 Topic 3.

ONLINE SAFETY Online safety Money Works: Level 1 Topic 3.
The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.

The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.
Miscreant of Social Networks Paper1: Social Honeypots, Making Friends With A Spammer Near You Paper2: Social phishing Kai and Isaac.

Miscreant of Social Networks Paper1: Social Honeypots, Making Friends With A Spammer Near You Paper2: Social phishing Kai and Isaac.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
Email Basics Dayton Metro Library Place photo here August 10, 2015.

Basics Dayton Metro Library Place photo here August 10, 2015.
PROACTIS: Supplier User Guide Contract Management.

PROACTIS: Supplier User Guide Contract Management.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Similar presentations

Ads by Google