M+E Connections

CPS EU: ME-ISAC Shows How to Combat Phishing Attacks

It is more important than ever to detect, educate and defeat phishing attacks on an organisation’s employees and infrastructure, based on the huge number of phishing attacks seen since the start of 2020, according to Chris Taylor, director of the Media & Entertainment Information Sharing & Analysis Center (ME-ISAC).

“Phishing is the number one threat that faces most organisations,” he said June 29 during the breakout session “Ahab and the Great Whale Phish” at the Content Protection Summit Europe (CPS EU) event.
Therefore, phishing is “one of the most important things for me to educate the community about,” he said.

Spam is typically advertising-related and “not necessarily evil,” he told viewers. “But when we start to see evil inside of that spam, we see attached malware or we see an attempt to steal your password by directing you to a log-in page that’s been faked,” he said, adding: “That’s when we start to switch from spam to phishing.”

Phishing comes in several different forms, he noted. For example, there is spear phishing that targets a specific organisation. And then there is whale phishing that targets a specific person at that organisation, such as the CEO or another executive, Taylor pointed out, explaining: “That allows me to increase the impact and the amount of pain I can inflict as an attacker.”

Business Email Compromise (BEC), meanwhile, is a broader category that includes phishing and other fraud that occurs in email-related attacks, although phishing makes up the bulk of it, he noted.

“Phishing is the primary method of attack for more than half of the criminal cyber attackers that are on the Internet trying to get to you,” he told viewers, pointing to 2019 Symantec data indicating 65 percent of cybercrime gangs use phishing as their main way into an organisation.

Email is the way that malware is usually being “delivered to your enterprise,” he said, pointing to 2019 Verizon data showing 94 percent of malware is delivered via email.

Another way that malware is delivered is by driving you to click on an online link that takes you to a website that delivers the malware or tricks you into providing your username and password for a legitimate website you use that the website you have been taken to looks like, he explained.

Those websites were often just spun up to trick people, he said, pointing to data from Palo Alto Network’s Unit 42 showing that a whopping 70% of newly registered domains are malicious.

Only about 15 percent of global emails are legitimate emails sent by one human to another human, while about 85 percent is actually spam delivered by robots, he said.

“So this is definitely a scourge that is a major problem and not one that’s going to go away,” he predicted.

He pointed to five red flags that an email you have been sent is legitimate or not:

• Look at the from address. Often, a phishing email is pretending to be from a company like DHL. A red flag for you is when it is not the legitimate company’s actual domain that is used.
• Look at the to address. Is it the one you use for, as an example, shipping notifications? Taylor noted that he uses one email address specifically when he ships products.
• What is the context of the email?
• What is the format of the message? Is it what a real email from that company normally looks like? Is the company’s logo missing? Is the spelling off?
• Do you trust the attachment? Most legitimate companies do not email you executable files to run on your desktop.

Concluding, he summed up what you can and should do when you receive emails:

• Slow down.
• Always consider the context of emails.
• Don’t click links or open attachments if there is any doubt about who sent it to you.
• Report phishing emails by using your email client’s “Report Message” button because that report will help your organisation’s or email service provider’s security team tune their filters. “Start a new message, drag the offending message in” and send it as an attachment so that your organisation’s security team can see all the headers, including hidden fields that indicate where the email came from, he explained.
• Use a good spam filter/Secure Email Gateway that filters out the “evil.”

Content Protection Summit Europe was presented by Convergent Risks, with sponsorship by Richey May Technology Solutions, Synamedia, BuyDRM, Friend MTS, NAGRA, and X Cyber Group.

The event was produced by MESA, CDSA, the Hollywood IT Society (HITS) and Women in Technology Hollywood (WiTH), under the direction of the CDSA board of directors and content advisors representing Amazon Studios, Adobe, Paramount, BBC Studios, NBCUniversal, Lionsgate, WarnerMedia, Amblin Entertainment, Legendary Pictures, and Lego Group.