Webinar on Understanding the Phishing Kill Chain to build Holistic Phishing Defence

Tuesday 16 November 2021, 11:00 AM (SA time)

Despite organisations’ best efforts to address the weakest link in cyber security, at least 36% of global breaches still have phishing. The following topics will be discussed in the webinar by iOCO and F-Secure in partnership with ITWeb

Register for the Webinar

Access the eBook on Combating-phishing-Building-the-route-of-most-resistance

  • Understand why phishing is still so successful for attackers.
  • Deconstruct the relevant phases of the kill chain.
  • Learn how to mitigate risk at every phase – how attackers target victims and craft phishing emails and payloads.
  • How attackers build appropriate codes to execute them on targeted systems and ensure their attacks have been successful.
  • Discover how to build compensating controls at every stage for a holistic defence in-depth approach.
  • Get answers to your questions by submitting them to the experts during the webinar.

Register for the Phishing Kill Chain Webinar  – Click Here to book your complimentary slot today!

Cyber criminals targeting corporates are not stereotypical ‘basement hackers’, and their phishing mails are so polished and professional that the average victims stand little chance of identifying them at face value. This is according to Riaan Naudé, UK Director of Consulting at F-Secure Corporation, speaking ahead of a webinar on beating phishing by understanding attackers and the attack kill chain as it pertains to phishing attacks.  Naudé says criminals targeting corporates will put a great deal of effort into making their phishing mails look legitimate, with convincing logos, spelling and sender addresses. “Attackers will be cunning enough to replicate known domains<cunning enough to replicate known websites in a convincing manner, which will be registered well in advance and aged appropriately <amongst other operational security actions> to get past technical controls. The average user won’t be able to identify a phishing email by looking only at the email itself,” he says.

“These mails could sound like your boss, instructing you to enact a payment immediately. Or they could look convincingly like a mail from the coffee shop in your office lobby, offering you a discount on coffee.  People will do anything for a free coffee, and I guarantee you that if people get a mail from their favourite coffee shop offering them a discount, they will click on it,” Naudé says. He says to overcome this vulnerability, a defence in depth approach is needed. “You need to build resilience across multiple phases of the kill chain. People have multiple products and services in place to mitigate risks via email, but as we can see – attackers bypass them. Awareness training and emphasis on reporting suspicious mails is as important as EDR is; and users need to know exactly how to report suspicious mails to make it easier for SOC analysts to work on it. For example, they need to know that when they simply forward a suspicious mail, they lose important technical information about the sender. They actually need to attach the intact email or have a ‘report this email’ button.”

Riaan Naudé will outline F-Secure’s learnings on how attackers target victims, craft phishing emails and payloads to execute on targeted systems, and ensure their attacks have been successful during the iOCO and F-Secure webinar on Beating phishing. At this event, experts will outline cyber attacker methodologies at each stage of the kill chain and discuss successful defence in depth approaches to mitigate the risk of phishing. During the event, attendees will also receive an e-book on mitigating this risk.