Presentation Overview

Business Email Compromises (BEC) continue to plague organizations world-wide, inflicting catastrophic, financial damages. This presentation will be live demo of an actual BEC using the same TTP’s criminal organizations are currently employing to attack their victims. We will dissected each step of the scheme and learn how to identify pre-attack signatures to help detect and defend against an imminent attack. We will explore several tools and methods to conduct incident response to identify the attacker and his/her actions on your system. Of interest, we will explore the previously undocumented Office365 Activities API to access once-undisclosed logs that are incredibly detailed and helpful when conducting BEC incident response. Lastly, we will discuss tips and best practices when coordinating with law enforcement.

Presenter - Aaron Sherman

Aaron Sherman currently serves as Senior Director of Cyber Threat Intelligence at Braintrace. Bringing nearly 15 years of cyber threat detection and neutralization success for the U.S. government, Sherman most recently held the position as Cyber Special Agent with the Federal Bureau of Investigation in the Washington, DC and Salt Lake City Field Offices. While at the FBI, Sherman responded to and investigated cyber intrusions and data breaches perpetrated by Advanced Persistent Threat (APT) actors originating from China and elsewhere.Prior to that role, he was a Counterintelligence Special Agent in the US Army,where he conducted intelligence operations to detect, identify and neutralize threats to the United States military. Sherman has successfully led investigations into criminal cyber intrusions, data breaches, denial of service attacks, ransomware, botnets, business email compromise, identity theft,insider threats, dark web criminal services, account takeovers and payment card fraud. As a leading authority on emerging threats, he has implemented new methodologies for targeting and monitoring cyber criminals on the dark and deep web. His efforts have resulted in the detection and disruption of numerous cyber criminal campaigns targeting US organizations.