[Q3 2014] Emerging Threat: Phishing Attacks
stateoftheinternet.com
= phishing attacks target third-party content feeds • Multiple phishing attacks targeted Google Enterprise users • Goals of the attacks: • •
Harvest user credentials Gain access to confidential information
• Hacktivists compromised third-party content feeds on media websites such as CNN, the Associated Press and others • 44 percent of the top 50 websites use a third-party content provider
= third-party content scripts are hacked
• Third-party content appears on websites as links to articles on different media sites •
Can also appear as sponsored links to commercial sites
• It is typically generated using cascading style sheets (CSS) and JavaScript or Flash • Hackers will alter the JavaScript in order to change the third-party content and deface the target website
= phishing for user credentials
• Attackers send phishing emails to employees in a targeted company or its third-party content provider •
Lured to click a disguised link
• When recipients click the link, a fake Gmail login screen appears •
If a user then enters Gmail credentials, the phishing site will harvest them
• With access to an employee’s enterprise Gmail account, an attacker can send more-believable phishing messages to colleagues • With credentials, attackers may be able to deface the target site, social media accounts, and content supplied by a thirdparty content provider
= an example phishing message
= syrian electronic army (sea) phishing campaign
• SEA is a high profile group targeting third-party content providers • •
In the summer of 2013, they began targeting media outlets Attacks have continued throughout 2014
• Using phished credentials, SEA accessed providers’ content delivery networks and changed the JavaScript code that was sent to customers and displayed on customer sites • SEA announces that a site has been “Hacked by the SEA” or replaces the home page with SEA’s page or logo •
Most of their hacks will include the national eagle emblem of Syria or the Syrian flag
= prevention of phishing attacks
• The success of a phishing attack depends upon fooling a user into sharing authentication credentials • The first step in prevention is user training • • • •
Learn what phishing attacks look like Never click links in an e-mail Check the URL before entering information Inform users to report suspected phishing to a consistent, defined point of contact
= mitigation of phishing attacks
• Sites that use third-party content should have steps in place to ameliorate the defacement of a website • • •
Disabling defaced third-party content may create an unappealing blank space on a web page Sites should have a third-party-free version of the site ready to use in an emergency A static version of third-party content can fill in until the situation is remedied
• Sandboxing techniques can limit the impact of the third-party • Monitor third-party content feeds regularly to identify problems quickly
= Q3 2014 state of the internet – security report Download the Q3 2014 State of the Internet – Security Report, which includes: •
Analysis of DDoS attack trends
•
Bandwidth (Gbps) and volume (Mpps) statistics
•
Year-over-year and quarter-by-quarter analysis
•
Application layer attacks and infrastructure attacks
•
Attack frequency, size and sources
•
Where and when DDoSers strike
•
How and why attackers are building DDoS botnets from devices other than PCs and servers
•
Details of a record-breaking 321 Gbps DDoS attack
•
Syrian Electronic Army (SEA) phishing attacks
• More at www.stateoftheinternet.com/security-reports
9 / [state of the internet] / security (Q3 2014)
= about stateoftheinternet.com •
StateoftheInternet.com, brought to you by Akamai, serves as the home for content and information intended to provide an informed view into online connectivity and cybersecurity trends as well as related metrics, including Internet connection speeds, broadband adoption, mobile usage, outages, and cyber-attacks and threats.
•
Visitors to www.stateoftheinternet.com can find current and archived versions of Akamai’s State of the Internet (Connectivity and Security) reports, the company’s data visualizations, and other resources designed to put context around the ever-changing Internet landscape.
10 / [state of the internet] / security (Q3 2014)