To learn more about Stickley on Security visit You can contact Jim Stickley at

Similar documents
Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

This is the title text box. perspective on threats

Cyber security tips and self-assessment for business

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

TABLE OF CONTENTS Introduction: IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN DEFENSES...

Incident Response Tools

How to Build a Culture of Security

South Central Power Stop Scams

Keeping Your PC Safe. Tips on Safe Computing from Doug Copley

Personal Physical Security

Train employees to avoid inadvertent cyber security breaches

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL

Webomania Solutions Pvt. Ltd. 2017

COMPLETING THE PAYMENT SECURITY PUZZLE

How Cyber-Criminals Steal and Profit from your Data

IT & DATA SECURITY BREACH PREVENTION

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Security and Privacy

How Breaches Really Happen

Web Cash Fraud Prevention Best Practices

Employee Security Awareness Training

PROTECTING YOUR BUSINESS ASSETS

Online Threats. This include human using them!

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Trustwave SEG Cloud BEC Fraud Detection Basics

2 User Guide. Contents

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Create strong passwords

Understanding the Changing Cybersecurity Problem

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

GUIDE. MetaDefender Kiosk Deployment Guide

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

PRACTICING SAFE COMPUTING AT HOME

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

IT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)

Welcome. ScrogginsGrear clients. to Cybersecurity Education Series. Password Management & Public Wi-Fi Security

CUSTOMER TIPS: HOW TO GUARD AGAINST FRAUD WHEN USING ONLINE BANKING OR ATM s

Automated Context and Incident Response

Introduction to

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

CISNTWK-440. Chapter 5 Network Defenses

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

Network Security Platform Overview

Getting over Ransomware - Plan your Strategy for more Advanced Threats

FAQ: Privacy, Security, and Data Protection at Libraries

Locking down a Hitachi ID Suite server

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Reduce Your Network's Attack Surface

Deep Sea Phishing: Examples & Countermeasures

Who We Are! Natalie Timpone

Best Practices Guide to Electronic Banking

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Stop Ransomware In Its Tracks. Chris Chaves Channel Sales Engineer

Welcome. Password Management & Public Wi-Fi Security. Hosted by: Content by:

Machine-Powered Learning for People-Centered Security

Retail/Consumer Client Internet Banking Awareness and Education Program

BRING SPEAR PHISHING PROTECTION TO THE MASSES

The First 12. An Hour-by-Hour Breakdown of a Threat Actor Inside Your Environment. Dr. Chase Cunningham ECSA,

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Panda Security 2010 Page 1

A General Review of Key Security Strategies

Any conversation about virtualization for small- and medium-sized businesses (SMBs) usually starts around

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Fraud Risks Facing Credit Unions. ALLIED SOLUTIONS LLC SERVICE CENTER 210 East Main Street, Suite 200, Niles, MI Fax:

SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA

Segmentation for Security

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Business Online Banking & Bill Pay Guide to Getting Started

Topics. Ensuring Security on Mobile Devices

Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Symbolic Links 4. Deploy A Firewall 5

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Security Automation Best Practices

Computer Security Trend 2008 from Japan. SQL Injection, DNS cache poisoning, Phishing, Key logger Malware and Targeted Attacks

Fraud Update: Why Fraudsters Love Wires and How to Stop Them. Luis Rojas, Director, Product Management WesPay 2014

DoD Spear-Phishing Awareness Training. Joint Task Force - Global Network Operations

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

AT&T Endpoint Security

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

Are You Avoiding These Top 10 File Transfer Risks?

Remote Desktop Security for the SMB

Simple and Powerful Security for PCI DSS

The tale of one thousand and one ADSL modems

OODA Security. Taking back the advantage!

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Frequently Asked Questions (FAQ)

1) Are employees required to sign an Acceptable Use Policy (AUP)?

ANATOMY OF AN ATTACK!

The Eight Rules of Security

Cyber Security Stress Test SUMMARY REPORT

Franzes Francisco Manila IBM Domino Server Crash and Messaging

Cyber Security Guide. For Politicians and Political Parties

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Treasury Services Group Number Treasury Management Officer

Securing Your Salesforce Org: The Human Factor. February 2016 User Group Meeting

Transcription:

Thanks for attending this session on March 15th. To learn more about Stickley on Security visit www.stickleyonsecurity.com You can contact Jim Stickley at jim@stickleyonsecurity.com Have a great day!

Fraud The new F word Presented by Jim Stickley

Fraud Cybercrime is a growth industry. The returns are great, and the risks are low -McAfee

Fraud How are criminals having so much success? Email is at the root of all major breaches

Why email? Attacking a network via the Internet is hard Employees have access to everything If I can gain access to an employees desktop or credentials, breaking in becomes much easier

Why email? The first click on average happens within 1 minute 40 seconds

How easy it is really?

Starting the attack Objective: Gain access to financial institution employee desktop

Target: Employee desktop Need names of tellers Many options available Phone is an option Google search can help There is a better way

credit union customer service

Targeting personnel I know the tellers at the financial institution Now need their email address

Targeting personnel Finding the email of teller Gmail is great for testing emails Send numerous variations bills@acmefakecu.com billsmith@acmefakecu.com bill.smith@acmefakecu.com b.smith@acmefakecu.com

Targeting personnel Whatever doesn t bounce back is real Send numerous variations bills@acmefakecu.com billsmith@acmefakecu.com bill.smith@acmefakecu.com b.smith@acmefakecu.com

ecard scams Starting the attack Send email from Hallmark

Online viewer exploits

http://www.hallmark-e-card.com/ecard-link/id=1178jaj8s87hjffkjk1212

Online viewer exploits

http://www.hallmark-e-card.com/ecard-link/id=1178jaj8s87hjffkjk1212

Online viewer exploits We got one System connected on device 7 Have fun.

Online viewer exploits Microsoft Windows [Version 6.1.7601] (C) Copyright 2009 Microsoft Corp. C:\Documents and Settings\Administrator> Active Connections netstat -na Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:554 0.0.0.0:0 LISTENING TCP 0.0.0.0:902 0.0.0.0:0 LISTENING TCP 0.0.0.0:912 0.0.0.0:0 LISTENING TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING

Online viewer exploits What is at risk? Complete compromise of computer Launch point for other attacks Can call home at scheduled times

Online viewer exploits You don t need to download anything to be infected Adobe Flash player prime target

Online viewer exploits You don t need to download anything to be infected Adobe Flash player prime target

Online viewer exploits Patches can t always solve this issue

Have a web cam? This can be used to watch what you are doing without your knowledge

What can you do? Never trust an email Employee education Limited network access

What about email blacklists? Many companies and security products depend on blacklists to filter email Block based on sender IP Block based on sender domain Block authentication SPF / DKIM Block based on content

What about email blacklists? Do they work?

Attacks through PayPal How is that possible?

Not just PayPal Numerous cloud based solutions offer the ability to send emails with custom messages These organizations are trusted by most mail security Even legitimate emails can contain malicious data

Tiny links Be cautious of tiny or bity links. Tiny URL s often hide where you are really going http://tinyurl.com/hescmk2 http://bit.ly/2adfq25

Tiny links Before following tiny links, confirm where they go http://bit.ly/2adfq25

Tiny links

Domain verification stickleyonsecurity.com

Domain verification

Domain verification

Technology is not a guarantee Blacklists and filters are not full proof Tiny (hidden) links commonly used for attacks When in doubt, research link first

Targeting Employees Hybrid Social Engineering

Starting the attack Objective: Use social engineering and malware to gain access to desktop

Targeting personnel I already know the employees at the organization Used LinkedIn I already know their email address Used email bounce technique To complete this attack I also need to know the IT security manager Get that through LinkedIn or simply call the organization and ask

Targeting personnel We are ready to start the attack Start with social engineering

The security update Employee calls the 800 number Operator conducts validation process

The security update Ask user to go to GoToMeeting.com Once there give them meeting code to connect GoToMeeting allows a free trial of their account This allows criminals to use the solution without using real information

The security update Now we assist them with their update Video

What does this mean? Kathy thinks everything is ok and her computer is secure Reality: Complete compromise of her desktop Bypassed security on the desktop / network Launch point for more attacks including core processor Warm handoff to other employee

What can you do? Never trust an email Never allow remote control of your desktop Never install software or allow others to install software on your desktop without approval

What can you do? Never pass calls to co-workers Never assume a call passed from a co-worker is trusted. When in doubt, pick up the phone and ask someone in your IT department

Targeting Employees System Administrators

Attacking the admins Why target an admin? IT Managers & System Administrators have all the access When compromised, criminals now have all the access Easy to find IT admins

Attacking the admins Use their vendor relationships against them Most organizations work with many vendors Often these relationships are public

Attacking the admins Use their vendor relationships against them Most organizations work with many vendors Often these relationships are public

credit union chooses

Attacking the admins What we know We have the name of the admin We have the email address We know their financial institution works with Fiserv What else do we need? Name of employee at Fiserv

Fiserv customer services

Fiserv customer services

Putting it all together We found an IT Admin via LinkedIn Bill Smith We know our plan of attack Email attachment We know a banking solution they use Fiserv We know who the email will come from Katrin Rollins

Attacking the admins Lets start the attack

Attack the admins This will be the email Vice President, Professional Services & Customer Support

Attack the admins This will be the email

Attacking the admins Yep, it s on! New remote connection confirmed. Device: 3 Have a great day. :)

Attacking the admins Microsoft Windows [Version 6.1.7601] (C) Copyright 2009 Microsoft Corp. C:\Documents and Settings\Administrator> Active Connections netstat -na Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:554 0.0.0.0:0 LISTENING TCP 0.0.0.0:902 0.0.0.0:0 LISTENING TCP 0.0.0.0:912 0.0.0.0:0 LISTENING TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING

Attacking the admins What happened?

Other attachments It s not just Adobe ---

Using Admin Access

Administrators have access High risk servers: Core processor Web servers Document management servers Database servers ATM s Patch Management Routers, firewalls, switches

Now that we are on Once on the network, what to do first? Install root-kit which includes Keyboard logging Audio monitor Camera monitor Screen scrape software Web traffic monitor

Systematic attack Started with email attack Gained access to administrators desktop Used desktop to gain access to secured ATM network segment Once on network segment found server used as upgrade site for ATM s (No access to ATM s directly)

Upgrade server How did it work?

Upgrade server How did it work?

What does this mean? How could this be used to our advantage? We don t have access to connect to ATM servers We cant exploit any known vulnerabilities What if we make our own upgrade installer?

What does this mean? What could it do?

What does this mean? What could it do?

What does this mean? What could it do?

What does this mean? What should the malicious code do? Avoid trying to modify existing software Install code that accesses the cash dispenser Tell the ATM to dispense cash at a specified time

What does this mean? Can this really be done? Video

What can be done? Employee awareness & education Install security patches Be cautious of ALL attachments Even non-executable Be cautious of all websites Flash is not your friend Limit and monitor outbound data connections

In the end

In the end You can t prevent every security risk Education and awareness are an important defense against cyber attacks Remember that you can spend hundreds of thousands on security products and it just takes one human mistake to bypass it all

-Register for weekly security news letter-

Employee Education Solutions Jim Stickley jim@stickleyonsecurity.com www.stickleyonsecurity.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback