1 / 45

Cyber Crime Trends

Cyber Crime Trends. 3 Questions. What are hackers doing? Who is hacking us? How do they do it?. Themes. Hackers have “monetized” their activity More hacking More sophistication More “hands-on” effort Smaller organizations targeted. Mitigation Themes. Employees that are aware and savvy

jessem
Download Presentation

Cyber Crime Trends

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Crime Trends

  2. 3 Questions • What are hackers doing? • Who is hacking us? • How do they do it?

  3. Themes • Hackers have “monetized” their activity • More hacking • More sophistication • More “hands-on” effort • Smaller organizations targeted

  4. Mitigation Themes • Employees that are aware and savvy • Networks resistant to malware • Relationships with banks maximized

  5. What are they doing? • Organized Crime • Wholesale theft of personal financial information • CATO– Corporate Account Takeover • Use of online credentials for ACH, CC and wire fraud • Ransomware

  6. Black Market Economy - Theft of PFI and PII • Target • Goodwill • Jimmy Johns • University of Maryland • University of Indiana • Olmsted Medical Center • Community Health Systems Active campaigns involving targeted phishing and hacking focused on common/known vulnerabilities. • Anthem • Blue Cross Primera

  7. Black Market Economy - Theft of PFI and PII • Five Colleges Had Data Breaches Larger Than Sony's in 2014 http://www.huffingtonpost.com/kyle-mccarthy/five-colleges-with-data-b_b_6474800.html Active campaigns involving targeted phishing and often targeted industries and institutions. • Fifth largest was community college in California which exposed 35,212 individual records of a personal nature

  8. Black Market Economy – Stolen Card Data • Carder or Carding websites • Dumps vs CVV’s • A peek inside a carding operation: http://krebsonsecurity.com/2014/06/peek-inside-a-professional-carding-shop/

  9. Black Market Economy – “Carder Boards” • Specializing in anonymous purchases

  10. Black Market Economy – “Carder Boards” • Customer service oriented!

  11. Black Market Economy – “Carder Boards” • Easy to use!

  12. Credit Card Data For Sale

  13. Corporate Account Takeover • Catholic church parish • Hospice • Collection agency • Main Street newspaper stand • Electrical contractor • Health care trade association • Rural hospital • Mining company • On and on and on and on……………..

  14. CATO – 3 Versions • Deploy malware – keystroke logger • Deploy malware – man in the middle • Recon / email persuasion

  15. Multi-Factor Authentication Solutions • MFA is critical • Silver bullet?

  16. V3 Case Study – Please Wire $ to…. • CEO asks the CFO… • Common mistakes • Use of private email • “Don’t tell anyone” • http://www.csoonline.com/article/2884339/malware-cybercrime/omahas-scoular-co-loses-17-million-after-spearphishing-attack.html

  17. CATO Defensive Measures • Multi-layer authentication • Multi-factor authentication • Out of band authentication • Positive pay • ACH block and filter • IP address filtering • Dual control • Activity monitoring

  18. Ransomware • Malware encrypts everything it can interact with • V1: Everything where it lands • V2: Everything where it lands plus everything user has rights to on the network • V3: Everything where it lands plus everything on the network • CryptoLocker / Cryptowall • Kovter • Also displays and adds child pornography images

  19. Ransomware May 20, 2014 – Ransomware attacks doubled in last month (7,000 to 15,000) http://insurancenewsnet.com/oarticle/2014/05/20/cryptolocker-goes-spear-phishing-infections-soar-warns-knowbe4-a-506966.html

  20. Ransomware • Zip file is preferred delivery method • Helps evade virus protection • Working (tested) backups are key

  21. The Cost? Norton/Symantec Corp: • Cost of global cybercrime: $388 billion • Global black market in marijuana, cocaine and heroin combined: $288 billion

  22. Who? • Chinese • State sponsored • Goal is to supplant US as #1 economic power • Russians • State “protected” • Goal is simpler, steal money • Copycats • Koreans, Africans, others use the tools of the Chinese and Russians

  23. How do hackers and fraudsters break in? • Modern hacking relies on malware • Social engineering • Drive by surfing • Infected websites • Easy password attacks

  24. Social Engineering Pretext phone calls Building penetration Email attacks • “Amateurs hack systems, professionals hack people.” • Bruce Schneier

  25. Pre-text Phone Calls • “Hi, this is Randy from Fiserv users support. I am working with Dave, and I need your help…” • Name dropping • Establish a rapport • Ask for help • Inject some techno-babble • Think telemarketers script • Home Equity Line of Credit (HELOC) fraud calls • Ongoing high-profile ACH frauds

  26. Physical (Facility) Security Compromise the site: • “Hi, Joe said he would let you know I was coming to fix the printers…” Plant devices: • Keystroke loggers • Wireless access point • Thumb drives (“Switch Blade”)

  27. Email Attacks - Spoofing and Phishing • Impersonate someone in authority and: • Ask them to visit a web-site • Ask them to open an attachment or run update • Examples • Better Business Bureau complaint • http://www.millersmiles.co.uk/email/visa-usabetter-business-bureaucall-for-action-visa • Microsoft Security Patch Download

  28. Email Phishing – “Targeted Attack”

  29. Strategies to Combat Social Engineering • (Ongoing) user awareness training • SANS “First Five” – Layers “behind the people” • Secure/Standard Configurations (hardening) • Critical Patches – Operating Systems • Critical Patches – Applications • Application White Listing • Minimized user access rights • No browsing/email with admin rights

  30. The Cyber Insurance Maze • Local agents unaware, uninformed or uninterested • Lack of standardized policy language • Generic “one size fits all” applications • Evolution at the actuarial process • Evolution at the underwriter

  31. Cyber Insurance Protection Basics • Errors and omission • Typically associated with software providers • Media and intellectual property • Media placed on website or made available • Network and systems security • Extensive and broad category (common considerations) • Breach of privacy • Disclosure of PFI, PII, HIPAA and others (donor info)

  32. Cyber Insurance Coverage • Forensic services • Business interruption coverage • Credit monitoring – Often by state regulations • Technical consulting and system repair • Legal costs • Cost of issuance of new credit cards • Certain fines from regulatory bodies • Lawsuit related settlements and costs • Cost of informing impacted entities and persons

  33. Cyber Insurance Procurement • Obtain multiple quotes • Not necessarily based on cost • Exposure of an uninformed quote • Exposure of the “one size fits all” application • Education of dollar coverage amounts as recommended by broker • Obtain an objective third party review • Discuss with peers • DO IT!

  34. 10 Key Defensive Measures

  35. Attacks are Preventable! • Intrusion Analysis: TrustWave • Intrusion Analysis: Verizon Business Services • Intrusion Analysis: CERT Coordination Center • Intrusion Analysis: CLA Incident Handling Team

  36. Strategies Our information security strategy should have the following objectives: • Users who are more aware and savvy • Networks that are resistant to malware • Relationship with our FI is maximized

  37. Ten Keys to Mitigate Risk • Strong Policies - • Email use • Website links • Removable media • Users vs Admin • Insurance

  38. Ten Keys to Mitigate Risk 2. Defined user access roles and permissions • Principal of minimum access and least privilege • Users should NOT have system administrator rights • “Local Admin” in Windows should be removed (if practical)

  39. Ten Keys to Mitigate Risk • Hardened internal systems (end points) • Hardening checklists • Turn off unneeded services • Change default password • Use Strong Passwords • Consider application white-listing • Encryption strategy – data centered • Email • Laptops and desktops • Thumb drives • Email enabled cell phones • Mobile media

  40. Ten Keys to Mitigate Risk • Vulnerability management process • Operating system patches • Application patches • Testing to validate effectiveness – • “belt and suspenders”

  41. Ten Keys to Mitigate Risk • Well defined perimeter security layers: • Network segments • Email gateway/filter • Firewall – “Proxy” integration for traffic in AND out • Intrusion Detection/Prevention for network traffic, Internet facing hosts, AND workstations (end points) • Centralized audit logging, analysis, and automated alerting capabilities • Routing infrastructure • Network authentication • Servers • Applications

  42. Ten Keys to Mitigate Risk • Defined incident response plan and procedures • Be prepared • Including data leakage prevention and monitoring • Forensic preparedness

  43. Ten Keys to Mitigate Risk • Know / use Online Banking Tools • Multi-factor authentication • Dual control / verification • Out of band verification / call back thresholds • ACH positive pay • ACH blocks and filters • Review contracts relative to all these • Monitor account activity daily • Isolate the PC used for wires/ACH

  44. Ten Keys to Mitigate Risk 10. Test, Test, Test • “Belt and suspenders” approach • Penetration testing • Internal and external • Social engineering testing • Simulate spear phishing • Application testing • Test the tools with your bank • Test internal processes

  45. Questions? Hang on, it’s going to be a wild ride!! Darrell Songer, Principal Information Security Services Group Darrell.Songer@claconnect.com *** (314-925-4300)

More Related