Explore the evolving landscape of targeted cyber attacks in this 25-minute conference talk from BSidesSF 2016. Delve into the sophisticated techniques employed by attackers, from compromised ecards and mainstream websites to elaborate phishing schemes and browser exploits. Examine real-world examples like the Forbes and Dark Hotel attacks, and understand the concept of two-phase targeting. Learn about the "sniper at the watering hole" approach and why staying below the radar is crucial for attackers. Discover if you might be a potential target and explore defensive strategies to protect against these threats. Analyze the limitations of traditional detection methods and gain insights into next-generation security measures, including isolation techniques and data minimization strategies.
Overview
Syllabus
Introduction
Ecards
Mainstream websites
Targeting
Phishing
Browsers
Success
Social engineering
Forbes attack
Dark Hotel attack
Twophase targeting
Sniper at watering hole
Stay below the radar
Lay ahead of time
Are you a target
Can we avoid targeting
Emails
Defensive strategy
Fooling people
Cant opt out
Detection works worse
Next generation security
Isolation
Minimize damage
Reduce data
