Using CTI Against the World's Most Successful Email Scam - CTI SUMMIT 2017

Using CTI to Profile and Defend Against the World's Most Successful Email Scam

In this talk, we will examine the various aspects of one of the world's most successful email campaigns: The Business Email Scam. This campaign has stole nearly $3.1 billion over the past three years, and shows no signs of slowing down. This presentation will present research spanning over three years across the globe, involving multiple case studies and banks from North Carolina to Hong Kong. We will start by examining characteristics of the tools, context, and domains used by the attackers to trick companies. Using publicly-available tools, we will profile just how large this campaign is, what evidence is available, and how to extract valuable indicators from the data. The presentation will conclude with lessons on how the audience can use aforementioned publicly-accessible, free tools to build profiles on attacks such as this scam. We will discuss how to take seemingly arbitrary indicators and use them to protect our networks and business. Lastly, we will also briefly discuss open source tools that smaller teams can use to maintain and organize their indicators.