The Regional Cyber Crime Unit response to Cyber Crime

Transcription

1 British Computer Society Tuesday 9th January 2018 The Regional Cyber Crime Unit response to Cyber Crime Cyber Protect Officer Chris Phillips

2 Overview Cybercrime threat Law enforcement response Priorities of the RCCU Case studies How to protect yourself

3 Why worry about Cybercrime? Cyber crime cost UK businesses 29 Billion in 2016 Source: Beaming published research in March 2017 that suggested 2.9 million British companies were hit by some sort of cyber crime during 2016.

4 Why worry about Cybercrime?

5 Why worry about Cybercrime? Reduce Threat Reduce Vulnerability

6 What about The Cost?

7 It ll Never Happen To My Business

8 General Data Protection Regulations

9 GDPR

10 General data Protection Regulations The maximum fine to be imposed will increase from 500,000 to 4% of global annual turnover for the preceding financial year or 20m whichever is the greater. As an example Talk Talk were fined 400,000 by the ICO. When the new regulation is in place that could increase to: 70,000,000!! (but would only cap at 20,000,000)

11 Top threats

12 Top three crime types 1. Ransomware > 7bn 2. Phishing < 6bn 3. Social engineering > 5bn

13 Law enforcement response

14 National Cyber Security Strategy

15 Tiered Law Enforcement Response Local Police Local Police Local Police Regional Hub Local Police NCCU Local Police Regional Hub Regional Hub Local Police Local Police Local Police

16 ROCU

17 Strategy P P P P ursue rotect revent repare those responsible for committing Cyber Crime those most vulnerable to Cyber Crime individuals from getting involved in Cyber Crime by training and building strong relationships with Industry and Academia

18 Remit of the RCCU RCCU created to focus on the most serious Cyber Crime offences: Computer / Network Intrusion (Hacking) Malware Creation / Proliferation Cyber-based Extortion e.g. Ransomware Phishing Distributed Denials of Service Attacks (DDoS) Website defacement Darkweb

19 PURSUE Case studies

20 Denial of Service Attacks For Sale

21 Operation Purple Obsidian

22 Operation PURPLE OBSIDIAN Initial investigation into the report of a DDoS attack against a Higher Education Institution. Effects of DDoS on the college Llanelli based student identified Links to further criminality across the world Links to Talk Talk hack and extortion

23 Operation PURPLE OBSIDIAN Pattern of behaviour

24 Modus operandi Identify vulnerable websites Obtain customer database Blackmail

25 Offences identified Communications provider Social engineering Access to private contract database and internal account Blackmail sent to employee Phone calls x 2 Personal effect Business costs Court recording service Website attack Access to private customer database Blackmail s sent to employee Phone calls x 1 Personal effect Business costs

26 Talk Talk

27 Suspect Tuesday 13 th December 2016 Suspect entered guilty pleas to 11 of 18 counts on the indictment Looking to stand further trial in London for additional National offences in 2018

28 Operation Morpheus

29 Brute force Remote Access Port 3389 Sit on network 5-6 weeks Compromised employee profile basic password! Opened an instance of Google Drive Copied contents of company Shared Drive Operation Morpheus Attempted distribution of Malware (1 x AV manually removed, secondary AV quarantined the file) Operation Terminus 40,000 victims globally 171 Countries 1,500 UK IP address, machine name, username and password

30 And Now For the good news

31 Wales Cyber Ecosystem

32 Wales Cyber Ecosystem Ecosystem Research Joint European and US funding Membership Criteria: Businesses of all sizes Academic Research Law Enforcement Government Support

33 Wales Cyber Ecosystem There are 20 formal Cyber Security Clusters in the United Kingdom The South Wales Cyber Security Cluster was the 3rd of 20 to be formed. Now more than 800 members of the Wales Cyber Security Cluster Open Door for sharing skills, experience and knowledge There are only 14 members of the Global Ecosystems, forming part of a project known as: Global Epic - The Ecosystem of Ecosystems

34 Wales Cyber Ecosystem

35 Protect Yourselves Where to go for advice & guidance

36 Contact details Select Regional Cyber Crime Unit

37

38 Protect yourself

39

40 cisp

41 CiSP

42 Sites of interest or online at uk k/cyberessentials

43 Sites of interest steps-cyber-security

44 How to get in touch CONTACT DETAILS Chris Phillips Telephone

45 Tarian Website Tarian Website