In 2019 phishing attacks reached new levels of complexity and sophistication. Notably, the abuse of legitimate cloud services offered by highly trusted providers resulted in higher than average success with high profile victims. Talk covers newest attack techniques and presents possible defenses. Presentation structure: 1. Overview - Covers phishing problem and provides general description of the phishing landscape with stats gathered from Cisco Umbrella resolvers around the world 2. New techniques - Details of the three of the most notable attack techniques 2.1. Poisoned search results and SEO manipulations leading targeted victims to phishing pages. I'll cover details of such abuse including traffic generation to achieve top results in search, and example of successful campaigns which lead to stealing of massive amounts of cryptocurrencies. 2.2 Customized 404 Not Found pages which utilize dynamic generation algorithms to produce subdomains and provide phishing actors with virtually unlimited phishing URLs. Combinations of these techniques defeat many solutions that rely on blocklists and don't have dynamic analysis capabilities. 2.3 Dynamic phishing attacks with man-in-the-middle components combined with phishing pages hosted by legitimate cloud service providers like Microsoft, Amazon, Google, etc. This attacks bypass most reputation based solutions and provide phishing actors with Wildcard certificates, which tricks many even high profile users. 3. Designing the defenses - I'll cover various approaches that can be implemented to protect enterprises from these types of attacks.
