Transcript
Speaker1: The broadcast is now starting. All attendees are in listen only mode. Colin Wright: Ladies and gentlemen, listen. Thank you very much for joining. Good morning. Good afternoon. Wherever your location may be. Thank you for joining Hornet Security and us on the dual of the hackers platform. So register now probably a little bit behind there so you have registered to get on board. I'll introduce myself. It's Colin Wright. And Timo will cover off the demo. So we expect to be about 30 minutes, 30 to 40 minutes. And really we want to set the tone now on on ransomware and what the potential threats are and then go into demo to see how we can counter that. So Hornet Security is a multiple complex environment of security, backup, compliance and security awareness training. It's a mix of products and companies that have come together into one portfolio. It gives you one single control panel to do all of this functionality to protect you from the environment. Now, ransomware to me is our biggest risk. We've come out of a human pandemic. In reality, we've moved into a technology pandemic. So ransomware and phishing, we are under constant attack. You are under constant attack. Customers are under constant attack. This on the left is what Hollywood would have us think of what a hacker looks like. The threat actor. Those those individuals who are sitting with a can of coke trying to get into war games type functionality. In reality, this is the right hand side picture. This is what a threat actor looks like. This is a genuine in Belarus who above their desks, they would have flags. They would have flags of the countries that they were target. They have HR departments, they have regular appraisals. They have everything you'd expect of a sophisticated software company, but they're doing it for ill gotten gains. So it's no longer a question of will I get hit by ransomware or phishing? It's when will I get hit? I'm too small to get hit, so it's not an issue. So we see every organization, large or small, becomes a target for ransomware and phishing and those aspects of coming into the business. So some of the trends that we saw last year, many companies and countries were just coming out of lockdown. Lockdown drove home usage, which drove more attacks, which drove the individual. We all had to go onto every single machine that we could find, install a VPN to see how we could get back online and to function. The growth of 365 work from home and teams. This this massively exemplified through the pandemic and continues to grow. Now 75 million users at least use teams every day. Ransomware attacks obviously increase CEO fraud new adversaries, 45% increase in intrusion campaigns. Now, any of us on this call can go on to the dark web, pay a $500 and acquire a phishing as a service. And the tech support on this is great. You know, I'm not encouraging you guys to try it, but the tech support that they give when you sign up to that service is superb. So for $500, you end up with 100,000 emails. And you know what? Somebody is going to click on that. Somebody is tired one night that looks real. They're going to click on this email business. Email Compromise is growing and growing and growing, as is social engineering. And the new one that we've seen recently, LinkedIn, new starters. How many of you or how many of you see individuals go, Hey, I've just started a new job, This is it, Look where I am. So these the threat actors are becoming sophisticated. They're looking at these individuals now going, he's just or she's just started a new job. Let me create an email that comes from HR two weeks after they've joined. So you're sitting there, you're new to a company, you're finding your way in that company. You get an email from HR, Hey, John Jean, we haven't got your correct bank details to ensure you get paid at the end of month. Could you just send it through to us? Yeah, of course. Send it through. And suddenly that new employee loses his first or her first month's wages. So we all need to be more and more vigilant. So why do we need to do this? Does our brains struggle? No, our brain doesn't struggle. Our brain adapts. So it makes it an easier target for the threat actors. Now we look at this one. Let me read it out. According to research at Cambridge University, it doesn't matter in what order. The letters, in a word, are. The only important thing is that the first and last letter be at the right place. So most of you will be able to read this. And if you can read this, you are susceptible to being a target for threat actors because your brain is understanding the first and the last letter to make it culpable in terms of that. So when you have a URL come in, are you naturally looking at every single letter or you're looking at the first and last? Because that's the way our brain works. So we are all at risk because the human brain is smart. Now everyone can click this. So if you look at the left Maybank to EW.com, is that the same as Maybank to EW.com? Our brain will see it and most users will see that's exactly the same. So if you get an email from citibank.com, that second one down. Are you going to assume that's real or are you going to assume that that's a phishing attack? So if you look at the A, the A is different. A is a standard Microsoft dictionary. If you add Cyrillic into that, then you create a different A in that environment. So one of the most common targets that threat actors will use is an email address that has the letter A in that email because the brain will see that Cyrillic A as being a standard Microsoft dictionary. So again, we're under constant threat from any target in their. How many of you have Alexa? How many of you have Google assist? How many of you have this situation? So there is a new one that has come to market from some of the threat actors where companies are becoming more and more secure. So what they're looking to do is to target high net worth individuals. Now, I did a project 20 years ago with the UK government and we were able to if someone said on a network bomb or anything like that, that automatically flagged to us 20 years ago. So now look where we are with Alexa. Look at the voice assistants that we have out there. If you're saying holiday, they have AI created algorithms that will pick up holiday, pick up bank account, pick up key aspects so they don't have to sit and listen to 16 hours of talking about the weather or any of those situations. So be wary of your voice assistants inside your business, inside your home if you don't want them to know when you're going on holiday. Turn it off. So you know, we are under threat constantly. Attack. Now, some phishing examples. You've all seen these. I'm sure there's mine. There's my personal email that comes through, Hey, my email is almost full. It's always almost full now. We may have been working to 12:00 at night. I may have woken up at 6:00. I may be a little bit tired. Should I click that to upgrade now? Do you know? It looks real, but any one of us could click on a meme. How many get an email through, say, from Fedex comes through from Fedex to say and I'm just so happened to be waiting for a parcel from Fedex so any single person can and will click on a URL. It's important to protect the individual and the business from those users clicking on it by having technology like Hornet that we can protect the user and your business. And if you ever speak to an individual who has clicked on a URL that has introduced ransomware into the business, the human trauma that that individual goes through is like PTSD. So they are traumatized. No one speaks to them. They're stigmatized. They assume that they have taken the business down. Can they get the business back? Can it recover? Can they get the data back? How much is it going to cost? 3000, 4000, $10,000, pounds, euros. Us dollar. Australian dollars. So the trauma that the individual goes through is nothing that we can ignore. Your latest bill is ready. Yep. I now have my bill. Could I click on that? That looks absolutely genuine. Um, I have a colleague, a friend who says I will never get caught by email. Security coming through. Wow. Ian how's that? Said, I never click on anything in an email. I never read emails. I realize now not to send him any emails. Um, so there is a phishing quiz. You know, I would encourage all of you guys just to go out and try this, see how successful you can be, see what you can look at. This is just a simple one. It's a little bit as a British saying, as tongue in cheek, so you can see how successful you would be. There is more sophisticated and we have a full raft of security awareness training that would cover that. I presented in Dublin last year at a large event covering the government, covering lots of organizations. And we talked about cyber security. We talked about out the threats that came from foreign threat actors. And a hospital came to me afterwards and said, we have 900 employees. I said, I thought we'd got it absolutely nailed. He said, We have security awareness, training, emails that go out. We sent one out just after Russia invaded Ukraine and it's from Unicef, he said. Not a single person clicked on it, requesting funds, volunteer money, volunteer aspects for Ukraine. He said, I thought we'd finally educated those individuals, he said. However, three weeks later was Easter. Hr was supposedly HR sent out an email about the Easter egg hunt that would start in the car park. 96% of people clicked on that email and he said one person clicked three times, even though it says, this is a scam, please contact it. So he clicked on it three times. So it's all about the messaging. Don't be complacent to think if I've got it right and people don't click for this individual, for this email has gone out, then that's solved. It's not. So we can train people constantly to be vigilant, to be aware, but we also need to protect them with having that technology in the back end to pick up where they might have missed up, where they've clicked that URL. Now they click on a URL for us. It will go it will it will put it in quarantine and it will check that URL and rewrite that to say, Hey, we're good here, we're golden. Um, school. That looks genuine. Now, when I did this first I got four out of eight. Now I look nowadays and I would get eight out of eight. But this is all. None of us can be complacent. For instance, the Irish Health Service was down at some stage last year and they were down for a couple of months with reduced service, with ability of technology, was down with notebooks. So it can happen to anybody. You just do a search online to find who has been hit with phishing attacks, who's been hit with email. Some countries do not have to declare them. Other countries do. So we offer a complete, comprehensive solution that protects the users, protects your environment, protects the customer, and also protects the human. So we have we look at a sustainable security culture. The mindset has to change, and that's the mindset from everybody, the users, the people initiating the change, the business leaders. But we have to acquire a skill set so it's not just about right guys. What we're going to do is don't answer anything. Don't click on any URLs. That's not productive. So the skill set has to be there. We have to create phishing simulation, we have to do e-learning, maybe some short videos, But the more the most important, we need a tool set. We need to protect the human, which is me, which is you from clicking on that URL. So that toolset can only come from technology such as us. And then we come to technology like security awareness training or security awareness service or whatever you deem to call it. So it fits into multiple platforms. So we need to prevent, we need to protect, we need to respond and we need to recover. So if we only have one of those sectors in a business, we're not protecting ourselves from going out of business. So we need all four of those pillars to be able to keep business and keep that business continuity flowing around the outer aspect. And see this in a control panel in something concise to see who's the leaders, who clicks on stuff, who doesn't click on stuff, who is the most proficient inside our business, and maybe create league tables. Make it fun. Don't mandate that these guys need to have everything drilled into them. You've got a league table, you've clicked on more, you found more phishing email attacks than anybody else. Here's a holiday. Perhaps not to go to that extreme, but here's an Easter egg or here's something, here's a reward. So make it fun. If it's fun, people learn. If it's fun, children learn and they're educated. So the awareness in the control in our control panel is really key to driving that forward and that security hub. This is in full multiple languages in Arabic, in Spanish, in Italian. So we can click on e-learning from how we're going to send an email out. What is what is we what are we going to protect? So the central access to all but the short videos, you know, we have an attention span. No one wants to sit and listen to a four hour video of the context that we see in terms of just don't click, you know, be aware, see what's happening. Um, and then we move on to next generation awareness. So we need to measure it to see it's effective. We're spending our money on buying this service. Does it report back? Is it effective? Is it realistic, and ultimately is it efficient? Are we getting value for money? And our value for money comes back to we are not letting phishing email attacks into the system. So I'll be back in about ten minutes while we'll hand over now to Timo, and Timo will run through the demo and it will show everything in context. So Timo. Over to you. Yeah. And then. Then we'll be back in a few minutes. Timo Huttich: Thank you very much, Colin. So, yeah, I would like to show you how easy it is to set up an phishing and yeah, how it looks like if you perform a successful phishing attack. And yeah, let me share my screen. Um, so yeah, I think you can see my screen. Colin Wright: Yes, we can. Timo Huttich: Perfect. Okay. So yeah, what we have done here, we have set up some some framework. It's called Evil Jinx. Nothing fancy. You can easily download it on GitHub. There's no need to to go into the darknet and buy some some software as a service from there. So yeah, you can easily set up it on your own. And yeah, there are some details to perform this attack successfully. One critical detail is you need to buy an domain and yeah, I think you I need to say this domain needs to look like it's from Microsoft in this case because we we will perform to hijack an m365. And yeah, for this we have bought this specific domain. It's secure signing dot net and we have built in sub domain outlook net. And the key factor is we have bought an certificate. So yeah, it looks straight up valid. So let me show this really quick. Um, I will open my browser and yeah, for this we need to, to click on the phishing link so the target's already clicked on it. Um. Like, Oh, no, that's the wrong one second. Over here, it's this. Well, let me take this really quick over here. And at that moment the target clicked on it. And you can see on the right side some stuff happened over there. And on the left side we see the standard m365 login. And at this point you may think, yeah, but you have the secondary factor. So the two will will save you in this place. But actually I will show you that's not enough. So yeah, let's go further for this. I need to. Yeah. Adjust my window here. And for this we have built an demo tenant. It's a German one, so. Yeah. Sorry for the spelling. It's good. Try to go to the Shubert in this case, but you will see there's something special. You even see the sky in the background. So the target doesn't know it's the wrong. It's the wrong URL. You can look over here. It looks. Yeah, I think it looks fine. You can see the certificate. Nothing special here. All is valid. And if you go further and you pass your passphrase over here. You see some stuff happened on the right side and even the secondary for. Yeah, sorry for the German here. Um, actually we have changed the tenant to English, but yeah, it's geo located in Germany so yeah. Um, and I need to check this on my authenticator on my mobile. I will show you this in a sec. So over here, I have the request on my mobile. You can see. And even with the secondary for. We can go further over here. I will accept it. One question more so. And what happened here is we are redirecting to the original M365 login. And I think a normal user would think, yeah, okay, something go wrong, I will do it again. But yeah, at this moment we already keep the session open and if we go on the right side and take a look at the sessions we have covered, we can see with the 42 we have the session already. Stay open and if we are taking the session, we have the cookie. And this cookie is. Yeah. Our. Find a target. And yeah, let me short close this stuff over here. And what we need to do is I go to a standard browser like this Firefox in this case. Um, let me quick open them private session and I can. Just go to Google over here and we are searching for the M365 login in this case. So just Google it. Yeah. Looks. Looks fine for me. Speaker4: So. Timo Huttich: And what we need to do is we need to use an add on. It's called cookie editor in this case. And over here, I can import this cookie from the session. Just like that. And that's all. All. Only thing. What I need to do is refreshing the site, and I'm logged in in the tenant, and I can do my stuff. I can write emails. I can go in the one drive. And have full permissions on this tenant. Yeah. And the only thing happens over here is clicking on the Spearphishing link or phishing link. And yeah, you can do what you want. You have access to the. To all to address book. You can write your colleagues. Yeah. And so, so fast and easy. It can be done. And now you can say, Yeah, but I have geo blocking geo locations. But I think if there is an attacker on this point and he brings you to click on the link, he already knows where are you located and he will take care about it too to get an IP address from your location. So I think that's not the best the best way to protect against this attacks. Yeah. But in yeah, in this short you can see it's pretty easy to hijack an m365 tenant. You can now. Yeah. Go ahead and spread some some more phishing links and yeah. In this case you are inside the company still. So yeah, it's pretty easy to spread more phishing links. I think that's all for me. Colin So thank you. Back to you. Colin Wright: Let's just bring back, okay, so ladies and gents, I'll spend the next five minutes just covering off, but let me just bear with me. Bear with me. Okay. Super. Thanks, Steven. Let's see. So one thing we've protected. We've all spent a lot of money on security over the years. We've spent a lot of money on network, on endpoint, on the web. The results show from Gartner and Verizon, only 8% of the IT security spending is on email. Yet 93% of the attacks that come into a business are via email. So perhaps now we should look to pivot. We would say that being an email security provider, but in reality, no, we need to pivot and look at we protected the network from internal intrusions. We protected our endpoints. But are we leaving an open door to these breaches coming in via email? We need to secure them. We need to ensure that we're not funding organized crime aspects in Belarus, Russia, wherever else to come through. Our security lab is a team of developers and IT specialists and you can see the figures. I'm not going to read the figures out here in terms of we see 361 sophisticated phishing attacks per minute. How are you ever going to keep up with that unless you've got some technology in place that's able to counter that? So many of you go, okay, but who's on it? I've never heard of Hornet. Hornet is an acquisition driven organization. We brought Altaro, which was back up for virtual machines and three, six, five, we've integrated that product into a single control panel. We have 12 offices. We have 11 data centers globally. We're a partner driven organization. So we have 8000 sales partners and we have over 50,000 end user customers. These are customers who from 1 or 2 single mailboxes up until some of the largest companies in the world. So we can scale to support your business, support their customers, your customers, and absolutely secure them in that environment. Um, here is our portfolio. You know, all this is open for you guys to have a look at to test to check. So our product suite comes in bundles. Total protection, total protection, enterprise and, and backup within there. And we come back up on its own. And you can buy these singularly or you can buy those in bundles to test. And all 365 protection is arguably the most sophisticated in-house solution of any organization globally, from spam and malware to encryption to backup and recovery. Endpoints. Endpoints is free of charge in our 365 product, so that ability to protect your endpoint environment, to secure those, protect the data back that data up, recover that data is all within one single console, one single product. So we wanted to spend some time, not too much time, but we wanted to take half an hour of your time just to run through what we have on a very quick aspect in terms of where we where we focus. So hopefully some of this has resonated. Hopefully some of it is produced some conjecture. We think actually we didn't quite think of that, you know, the human trauma, that individual speaking to an individual who's clicked on a link that's taken a business down, is absolutely traumatized. And you see these guys, the depression that sets in, the anxiety that they have. So we all owe it to protect the employees and those people inside of business. So with that, if there's any questions, then please just send them through in chat or. Let's just see if there's anything. No. So nothing in chat, I hope. And Timo hopes that it's been worthwhile for you. If it has, then please reach out to us and look at some of the technology. Compare our technology with the competitors. We think it's difficult to find something as comprehensive as what we have in terms of in our product suite and to make things simple and easy to use. So thank you all for your time in the morning, in the afternoon, in the evening, wherever you're located. Um, hopefully it's been incredibly valid. Uh, we, we appreciate all of your time and taken to, to sit here and listen to me for half an hour and Timo for ten minutes. So thank you all for your time. Hopefully there's some value. Thank you all. Thank you. Bye bye.
