1 / 11

Phishing – BEC / Ransomware

Phishing – BEC / Ransomware. Institute for Nonprofit Innovation and Excellence January 15, 2019. Overview. Phishing attack Business Email Compromise Ransomware 10 Tips Incident Response Notifying customers & industry partners. Phishing attack.

mcmullen
Download Presentation

Phishing – BEC / Ransomware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Phishing – BEC / Ransomware Institute for Nonprofit Innovation and Excellence January 15, 2019

  2. Overview • Phishing attack • Business Email Compromise • Ransomware • 10 Tips • Incident Response • Notifying customers & industry partners

  3. Phishing attack • Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

  4. Business email Compromise • How these work • FBI notification I-071218-PSA - IC3.gov • Business E-mail Compromise (BEC)/E-mail Account Compromise (EAC) is a sophisticated scam targeting both businesses and individuals performing wire transfer payments. • The scam is frequently carried out when a subject compromises legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. • The scam may not always be associated with a request for transfer of funds. A variation of the scam involves compromising legitimate business e-mail accounts and requesting Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms for employees.

  5. Ransomware • Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.. - https://en.wikipedia.org/wiki/Ransomware

  6. Ransomware • Leeds hit with ransomware attack: City forced to pay hackers $12K to regain control of computers Posted Mar 1, 2018 • US hospital pays $55,000 to hackers after ransomware attack. Hancock Health paid up despite having backups available. • 2018 Atlanta cyberattack • Date 22 March 2018 • Theme Ransomware encrypting files with $51,000 demand (via Bitcoin) • Cause SamSamRansomware • Outcome Multiple municipal services down, including databases and wi-fi • Years' worth of data destroyed • City spends $2.7 million in recovering services

  7. Ransomware • 1. Backups: Do we backup all critical information? • Are the backups stored offline? Have we tested our ability to revert to backups during an incident? • 2. Risk Analysis: Have we conducted a cybersecurity risk analysis of the organization? • 3. Staff Training: Have we trained staff on cybersecurity best practices? • 4. Vulnerability Patching: Have we implemented • appropriate patching of known system vulnerabilities?

  8. Ransomware • 5. Application Whitelisting:Do we allow only approved programs to run on our networks? • 6. Incident Response: Do we have an incident response plan and have we exercised it? • 7. Business Continuity: Are we able to sustain business operations without access to certain systems? For how long? Have we tested this? • 8. Penetration Testing: Have we attempted to hack into our own systems to test the security of our systems and our ability to defend against attacks?

  9. Tipsheet

  10. Incident Response • Establish processes • Playbook scenarios • Tabletop exercises • Review industry partners • Review Federal standards • Business Continuity considerations

  11. NOTIFYING CUSTOMERS & INDUSTRY PARTNERS • Analyze malicious site. • CentralOps.net – abuse contact info • “Cease & Desist” email to domain admin • Send out advisories • Notify supporting vendors, industry partners

More Related