Phishing voor Vlaamse besturen

Meet de weerstand van al uw personeelsleden tegen phishing aanvallen en versterk deze. Kom te weten hoe uw bestuur het doet t.o.v. andere gemeenten en steden. Mis deze unieke campagne die start in september 2016 niet!

KBC selected Krinos for their awareness campaign

"Krinos helped us to define clear objectives and measure the Return of Investment (ROI) of our awareness campaign. Because of their end-to-end managed service the campaign could startup very quick without the need to buy tools or train internal people." says Jan Nys, Chief Risk Officer, KBC Group

Gemeente Glabbeek investeert in cyberveiligheidsopleidingen

Gemeente Glabbeek omarmt digitale media met o.a hun website en de Glapp!. De Krinos Academy online trainingen blijken een leuke en efficiënte manier om hun personeel essentiële cyber security skills bij te brengen.

Krinos Academy User Awareness Solutions

End-to-end managed services that builds awareness in any organisation via our Attack-Train-Measure approach. Attacks offered are: Emails phishing, voice phishing, USB drops, physical inspections and IT penetration tests.

4 Best Practices To Safely Report & Analyze Suspicious emails

JUNE 2016 – One of the possible objectives of user awareness campaigns and email phishing exercises is to make people your strongest firewall and human detection sensors. Your employees might be your last layer of defense in detecting and reporting a security breach that has bypassed all other technical defenses.

Screenshot-Office2016-Ribbon01

Why is reporting phishing emails relevant?

We advise organizations to have people report voice and email phishing incidents. This allows the organization to analyze the incident and take actions if needed. Additionally, lessons learned can be drawn that can result in steps to improve the technical defenses in place.

Be careful, forwarding suspicious emails is dangerous!

Typically, the user is trained to report suspicious emails to a central mailbox or helpdesk for further investigation and for metrics tracking. Ideally, users are motivated to forward suspicious emails as attachments (In Outlook via Actions -> Forward as Attachment or shortcut CTRL-ALT-F). Otherwise important technical information, like email headers, is lost. The user should also delete the email after he has reported it. Making all users do this correctly is however practically impossible.

We have seen in several organizations that reporting suspicious emails resulted in infections, because the helpdesk opened them or because they were added in ticketing systems where they became available for other people to open and become infected.

This is why, when reporting suspicious emails, the following new risks should NOT be introduced.

- The helpdesk should not attach suspicious emails and attachments in internal IT ticketing systems as others might open them and become infected.

- The (security) helpdesk should not use windows based systems to read the phishing emails as there is a serious risk an URL or attachment might infect them.

- The suspicious emails should never be forwarded outside of the organisations own email servers. When multiple users forward suspicious emails to another externally managed email system, there security technology might detect the malware and think the sender domain is distributing malware. As a result your organisations might become blacklisted.

The conclusion: Don’t allow untrained people to handle reported suspicious emails. In most cases the first line helpdesk is not trained or skilled to safely handle or investigate reported emails. In many cases these people have admin rights which even increases the risk dramatically.

4 best practices to safely report & analyze suspicious emails

1. Make it very EASY and SAFE for the user to report and delete suspicious emails. Ideally, he has a one-click button in his (outlook) email client that: (1) Forwards the selected email to a dedicated reporting mailbox, (2) deletes the email from his inbox or moves it to the junk folder and (3) encrypts all potentially dangerous elements of the email with a password before forwarding it.

2. Use a dedicated reporting mailbox that can only be accessed by a limited set of experts that know what they are doing.

3. Security experts should use a non-windows (Linux) based systems that has the proper tools installed to automatically inspect the suspicious emails and attachments.

4. The security expert’s system should be isolated as much as possible on the network, and only be allowed network access to internet sites or internal security servers it needs to analyze the malware.

How Krinos Fish-Hunter© Outlook plugin brings a SAFE and EASY solution

Krinos offers an outlook plugin that makes it EASY and SAFE for everyone to report suspicious emails to the (security) helpdesk. The plugin protects all dangerous elements of the email using password protected zips. In addition, the plugin performs an automated analysis, which saves time for the security analyst that needs to investigate the email.

End-user perspective: Fish-Hunter is a button in the ribbon in outlook. The end-user selects the suspicious email and presses the button. The email is forwarded to a predefined mailbox in a password protected zip format and the email is removed from the user’s inbox. Before the email is forwarded, the user will need to answer a simple question. Here is an example what that question looks like:

Plugin-Popup

After the user clicked ‘Report Email’ an analysis of the email is automatically done behind the scenes after which everything is forwarded to the dedicated mailbox.

Security Helpdesk perspective: From the dedicated mailbox the following information is presented automatically for every reported email.

Plugin-Attachments

- headers.txt: Raw email address in a separate txt file
- email.zip: Password protected zip file that contains the original email in .eml format which is much easier to process than outlook proprietary .msg format.
- attachments.zip: Password protected zip file with just the attachments if present, for easy access.
- analysis.zip: Password protected zip file that contains en analysis with details like: URL’s detected with an indication which ones are suspicious/malicious. Attachments detected with SHA-265 values and lookup links to virustotal.com.

Because all dangerous elements are encrypted, you could also safely forward this email towards experts outside of your organization.

 

Choose Us

If you are looking for pragmatic security that goes beyond compliance based checkbox approach.

  • Cyber Strategy assessment & roadmap
  • Attack & train to built awareness
  • Invest security budgets better
  • One-stop: We talk and walk

Subscribe to our newsletter

I am interested in:

Happy Customers

Testimonial: sdworx Goes Phishing

SEPT 2016 - Like most companies nowadays, we’ve had our share of cyber incidents: virus infections, ransomwares, phishing emails, etc…... Read more

Wachtwoorden stelen: Kind & Gezin vertelt hun verhaal

OCT 2015 – Krinos Academy deed een phishing oefening bij Kind & Gezin. De dienst communicatie vertelt het verhaal in hun... Read more

KBC selected Krinos Academy for managing their email phishing awareness campaign.

AUG 2015 – KBC must be top-class in providing secure financial services to its customers. An important part of their... Read more

Gemeente Glabbeek traint college, bibliotheek, school en OCMW

MEI 2015 - De gemeente Glabbeek heeft de reputatie "innovatief" en "digitaal-minded" te zijn. Zo lanceerden ze een smartphone app... Read more