200 likes | 377 Views
Topics in Email Security. IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington University in St. Louis http ://nso.wustl.edu/presentations/. Email Security Tip #1. Do not click on links in emails. Email Security Tip #2.
E N D
Topics in Email Security IS&T All Staff MeetingTuesday, April 7, 2011 Brian Allen, CISSPbrianallen@wustl.eduNetwork Security Analyst,Washington University in St. Louishttp://nso.wustl.edu/presentations/
Email Security Tip #1 • Do not click on links in emails
Email Security Tip #2 • See Tip #1 (Thanks Barb!)
Spam Product Supplier Accountant Seller 1 Seller 2 Seller 3 Spammer3 Spammer1 Spammer1 Spammer3 Spammer2 Spammer2 Spammer1 Spammer3 Spammer2
Where Does Spam Originate?Why Do We Care? • Spam = Bots (Large armys of infected machines sending out spam) • Bots = Sophisticated Malware • Sophisticated Malware = Organized Crime • More than 89% of all email messages were spam in 2010 - Symantec
Spam is Big Business • Rates for one million email addresses: $25 to $50 http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf • 10,000 malware installations: $300–$80 • Sending 100 million emails per day: $10,000 per month http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf • Cutwail’s profit for providing spam services: $1.7 - $4.2 million since June 2009 – Aug 2010 • How much do the spammers gross per day? $7000 http://www.wired.com/magazine/2011/02/st_equation_spamprofits/
Underground Economy • Spammers also are involved in: • CAPTCHA solving • Email harvesting • Custom software • Bulletproof hosting • Proxys
Spam Volume • From Jul 30- Aug 25, 2010 security researchers infiltrated the Cutwail spam network and discovered 87.7 billion emails were successfully sent
Spam Content • Pornography • Online pharmacies • Phishing • Money mule recruitment • Malware • The malware (Zeus banking Trojan) typically includes: • Greeting card • Resume • Invitation • Mail delivery failure • Receipt for a recent purchase.
Spam Blacklisting • Only about 12% of bots are blacklisted after an hour when they come online • The rate reaches 90% after a period of about 18 hours http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
Spear Phishing Example <http://michaelkellett com/ez/wustl.html>
Social Security Number Email 1 From: BOB [BOB@WUSTL.EDU] Sent: Friday, April 01, 2011 12:54 PM To: ALICE [ALICE@NOTWUSTL.COM] Subject: Registration Request ALICE: Couldn't remember if I had already sent this request or not. Please register CHARLIE ( 111-11-1111 ) for the session Thank you BOB
Social Security Number Email 2 From: BOB [BOB@WUSTL.EDU] Subject: FW: University talk To: ALICE@NONWUSTL.EDU, CHARLIE@NOTWUSTL.COM Date: Monday, April 4, 2011, 12:57 PM Dear Ms. ALICE and CHARLIE, I sent this e-mail a couple of weeks, but I haven't heard back from you yet, so I thought that I would send it again. Also, my SSN is 222-22-2222 and my home address is: 1234 Oak Ave. St. Louis, MO 63130
Emails, Like Postcards, Are Not Encrypted Contact me to discuss encryption options for storing or sending sensitive information
Thanks! http://nso.wustl.edu