• Boris Vaynberg

    Boris Vaynberg is VP and GM for Advanced Threat Detection at Mimecast. He was CEO and co-founder of Solebit prior to being acquired by Mimecast. He brings more than a decade of operational expertise in leading large-scale cybersecurity projects in the civilian and military intelligence sectors. Boris’ experience also includes positions at Elbit Systems’ Intelligence and Cyber Solutions division and Comsec Consulting’s Information Security division, where he was responsible for product management, business development, marketing and sales of numerous multi-million dollar security solutions. Prior, he worked in the elite technology unit of the Israel Defense Forces (IDF), where he led a number of teams in both offensive and defensive cyber security.

    Comments:0

    Add comment
Boris Vaynberg

Phishing for Outlook

Content

There seems to be a kit available for everything nowadays.

The web is inundated with advertisements for kits to help with daily meal planning, weekly work planners, or even wardrobe assistance. You can even now find phishing kits targeted to specific applications or cloud services that are good enough to fool an employee of the targeted company or even the most frequent user of said application or service.

What is a Phishing Kit?

All brands have very specific brand guidelines to ensure consistency and global recognition. For larger brands, these guidelines are well known and can be easily duplicated in order to fool the average person with a phishing attack. Phishing kits provide a turnkey approach to attacking a specific target by providing all the materials using that target’s specific brand guidelines. CSO Senior Staff Writer Steve Ragan best explains what a phishing kit is:

Quote

A phishing kit is the web component, or the back-end to a phishing attack. It's the final step, in most cases, where the criminal has replicated a known brand or organization. Once loaded, the kit is designed to mirror legitimate websites, such as those maintained by Microsoft, Apple or Google. The goal is to entice the victim just enough so they'll share their login details and other sensitive data, which will vary depending on the phishing scam. Developed using a mix of basic HTML and PHP, most phishing kits are stored on a compromised web server or website, and usually only live for about 36 hours before they are detected and removed.”

Content

Mr. Ragan also talks about why phishing is so effective:

Quote

Phishing attacks typically stress urgency or play on a person's willingness to help. Phishing attacks can also evoke a sense of fear, by warning of serious consequences. Sometimes you'll see this as a threat to suspended services, the loss of critical data, or various personal consequences. The most common observation, though, is that phishing attacks start by triggering the victim's sense of curiosity. This is why the victim opens the email to begin with.”

Content

Microsoft Targeted by Most

We have reported at length on the previous Microsoft vulnerabilities, so it comes as no surprise that Microsoft Office and Outlook top the list of targeted phishing attacks. This has been documented by SecurityWeek international correspondent Ionut Arghire who reported that “Office 365, Outlook Credentials Most Targeted by Phishing Kits” and specifically wrote:

Quote

During the third and fourth quarters of 2018, Microsoft Office was the brand targeted the most by phishing kits, attracting 25.4% of assaults. At 17.2%, Yahoo was the second most targeted, followed by PayPal at 17.1%. Dropbox (9.8%) and Apple (5.0%) rounded up top five most targeted brands.”

Content

Develop a Phish Prevention Ecosystem

The most effective phish prevention strategy will include an ecosystem that accounts for the malware infiltration, email protection and human education components in order to be most effective.

Understanding that any executable code inside of content is malicious will ensure your malware infiltration solution is a best first line of defense. Combine that with targeted email threat protection and security awareness training for your employees and you will have everything you need to protect against these advanced phishing kits in the hands of cybercriminals intent on extorting your organisation.

VP & GM for Advanced Threat Detection, Mimecast

Boris Vaynberg is VP and GM for Advanced Threat Detection at Mimecast. He was CEO and co-founder of Solebit prior to being acquired by Mimecast. He brings more than a decade of operational expertise in leading large-scale cybersecurity projects in the civilian and military intelligence sectors. Boris’ experience also includes positions at Elbit Systems’ Intelligence and Cyber Solutions division and Comsec Consulting’s Information Security division, where he was responsible for product management, business development, marketing and sales of numerous multi-million dollar security solutions. Prior, he worked in the elite technology unit of the Israel Defense Forces (IDF), where he led a number of teams in both offensive and defensive cyber security.

User Name
Boris Vaynberg