Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

Similar documents
To learn more about Stickley on Security visit You can contact Jim Stickley at

This is the title text box. perspective on threats

How Breaches Really Happen

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Cyber security tips and self-assessment for business

Security Breaches: How to Prepare and Respond

Cyber Security Stress Test SUMMARY REPORT

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL

PBX Fraud Information

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Cybersecurity The Evolving Landscape

Understanding the Changing Cybersecurity Problem

Automated Context and Incident Response

Sage Data Security Services Directory

Heavy Vehicle Cyber Security Bulletin

IT & DATA SECURITY BREACH PREVENTION

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Wire Fraud Scams: How to Protect

This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

Cybersecurity Today Avoid Becoming a News Headline

AKAMAI CLOUD SECURITY SOLUTIONS

2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016

50+ Incident Response Preparedness Checklist Items.

10 FOCUS AREAS FOR BREACH PREVENTION

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

BRING SPEAR PHISHING PROTECTION TO THE MASSES

Employee Security Awareness Training

The BUSINESS of Fraud. Don t let it put you out of business. AFFILIATE LOGO

Layer by Layer: Protecting from Attack in Office 365

Take Risks in Life, Not with Your Security

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Network Security Platform Overview

Must Have Items for Your Cybersecurity or IT Budget in 2018

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Train employees to avoid inadvertent cyber security breaches

Cyber Security Guide. For Politicians and Political Parties

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

RSA NetWitness Suite Respond in Minutes, Not Months

How to Build a Culture of Security

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Protecting from Attack in Office 365

COMPLETING THE PAYMENT SECURITY PUZZLE

Cyber Insurance: What is your bank doing to manage risk? presented by

ANATOMY OF AN ATTACK!

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Incident Response Tools

A Comedy of Errors: Assessing and Managing the Human Element of Cyber Risk

9 Steps to Protect Against Ransomware

with Advanced Protection

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Getting Started with Cybersecurity

Cyber Hygiene Guide. Politicians and Political Parties

Privileged Account Security: A Balanced Approach to Securing Unix Environments

External Supplier Control Obligations. Cyber Security

Topics. Ensuring Security on Mobile Devices

IBM Security Vaš digitalni imuni sistem. Dejan Vuković Security BU Leader South East Europe IBM Security

2018 Edition. Security and Compliance for Office 365

KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

Security and Compliance for Office 365

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

A Security Model for Space Based Communication. Thom Stone Computer Sciences Corporation

Who We Are! Natalie Timpone

Ransomware A case study of the impact, recovery and remediation events

Troubleshooting and Cyber Protection Josh Wheeler

Cybercrime and Information Security for Financial Institutions. AUSA Jared M. Strauss U.S. Attorney s Office So. District of Florida

SECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Top 10 Considerations for Securing Private Clouds

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

Caribbean Cyber Security: Not Only Government s Responsibility

The Cyber War on Small Business

GUIDE. MetaDefender Kiosk Deployment Guide

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

THE ACCENTURE CYBER DEFENSE SOLUTION

Carbon Black PCI Compliance Mapping Checklist

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

The Eight Rules of Security

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

Checklist: Credit Union Information Security and Privacy Policies

BASELINE GENERAL PRACTICE SECURITY CHECKLIST Guide

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

WHITEPAPER. Protecting Against Account Takeover Based Attacks

Kaspersky Enterprise Cybersecurity. Kaspersky Security Assessment Services. #truecybersecurity

SECURING DEVICES IN THE INTERNET OF THINGS

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Security Automation Best Practices

OPEN SOURCE SECURITY ANALYSIS The State of Open Source Security in Commercial Applications

Transcription:

Thanks! Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at jim@stickleyonsecurity.com Don t forget to checkout Stickley on Security and learn about our employee and member education products. Get BadPhsih Phishing Simulator for $1 per employee. Seriously. Unlimited testing for an entire year! www.stickleyonsecurity.com 619-713-0803

Fraud The new F word Presented by Jim Stickley

Fraud Cybercrime is a growth industry. The returns are great, and the risks are low McAfee June 2014

Fraud How are criminals having so much success? Email is at the root of all major breaches

Why email? Attacking a network via the Internet is hard Employees have access to everything If I can gain access to an employees desktop or credentials, breaking in becomes much easier

Phishing success on the rise Previous years, overall effectiveness of phishing campaigns was between 10% and 20%* 2015 study showed that of 150,000 malicious emails sent, 50% of users opened the email and clicked on the phishing link within the first hour* The first click on average happened within 1 minute 22 seconds* *Verizon 2015 Data Breach Investigations Report http://www.verizonenterprise.com/dbir/2015/

How easy is it really?

Starting the attack Objective: Gain access to financial institution employee desktop

Target: Employee desktop Need names of tellers Many options available Phone is an option Google search can help There is a better way

credit union customer service

Targeting personnel I know the tellers at the financial institution Now need their email address

Targeting personnel Finding the email of teller Gmail is great for testing emails Send numerous variations bills@acmefakecu.com billsmith@acmefakecu.com bill.smith@acmefakecu.com b.smith@acmefakecu.com

Targeting personnel Whatever doesn t bounce back is real Send numerous variations bills@acmefakecu.com billsmith@acmefakecu.com bill.smith@acmefakecu.com b.smith@acmefakecu.com

ecard scams Starting the attack Send email from Hallmark

Online viewer exploits

http://www.hallmark-e-card.com/ecard-link/id=1178jaj8s87hjffkjk1212

Online viewer exploits

http://www.hallmark-e-card.com/ecard-link/id=1178jaj8s87hjffkjk1212

Online viewer exploits We got one System connected on device 7 Have fun.

Online viewer exploits Microsoft Windows [Version 6.1.7601] (C) Copyright 2009 Microsoft Corp. C:\Documents and Settings\Administrator> Active Connections netstat -na Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:554 0.0.0.0:0 LISTENING TCP 0.0.0.0:902 0.0.0.0:0 LISTENING TCP 0.0.0.0:912 0.0.0.0:0 LISTENING TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING

Online viewer exploits What is at risk? Complete compromise of computer Launch point for other attacks Can call home at scheduled times

Online viewer exploits You don t need to download anything to be infected Adobe Flash player prime target

Online viewer exploits You don t need to download anything to be infected Adobe Flash player prime target

Online viewer exploits What about patches?

Have a web cam? This can be used to watch what you are doing without your knowledge

What can you do? Never trust an email Employee education Limited network access

Targeting employees

Starting the attack Objective: Use social engineering and malware to gain access to desktop

Targeting personnel I already know the employees at the organization Used LinkedIn I already know their email address Used email bounce technique To complete this attack I also need to know the IT security manager Get that through LinkedIn or simply call the organization and ask

Targeting personnel We are ready to start the attack Start with social engineering

The security update Employee calls the 800 number Operator conducts validation process

The security update Ask user to go to GoToMeeting.com Once there give them meeting code to connect GoToMeeting allows a free trial of their account This allows criminals to use the solution without using real information

The security update Now we assist them with their update Video

What does this mean? Kathy thinks everything is ok and her computer is secure Reality: Complete compromise of her desktop Bypassed security on the desktop / network Launch point for more attacks including core processor Warm handoff to other employee

What can you do? Never trust an email Never allow remote control of your desktop Never install software or allow others to install software on your desktop without approval

What can you do? Never pass calls to co-workers Never assume a call passed from a co-worker is trusted. When in doubt, pick up the phone and ask someone in your IT department

Targeting employees?

Attacking the admins Why target an admin? IT Managers & System Administrators have all the access When compromised, criminals now have all the access Easy to find IT admins

Attacking the admins Use their vendor relationships against them Most organizations work with many vendors Often these relationships are public

credit union chooses

Attacking the admins What we know We have the name of the admin We have the email address We know their financial institution works with Fiserv What else do we need? Name of employee at Fiserv

Fiserv customer services

Fiserv customer services

Putting it all together We found an IT Admin via LinkedIn Bill Smith We know our plan of attack Email attachment We know a banking solution they use Fiserv We know who the email will come from Katrin Rollins

Attacking the admins Lets start the attack

Attack the admins This will be the email Vice President, Professional Services & Customer Support

Attack the admins This will be the email

Attacking the admins Yep, it s on! New remote connection confirmed. Device: 3 Have a great day. :)

Attacking the admins Microsoft Windows [Version 6.1.7601] (C) Copyright 2009 Microsoft Corp. C:\Documents and Settings\Administrator> Active Connections netstat -na Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:554 0.0.0.0:0 LISTENING TCP 0.0.0.0:902 0.0.0.0:0 LISTENING TCP 0.0.0.0:912 0.0.0.0:0 LISTENING TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING

Attacking the admins What happened?

Attacking the admins When document opened, malware automatically installed Anything could be run and or installed on the PC In our malware we made basic program to start remote communication

Using Admin Access

Administrators have access High risk servers: Core processor Web servers Document management servers Database servers ATM s Patch Management Routers, firewalls, switches

Now that we are on Once on the network, what to do first? Install root-kit which includes Keyboard logging Audio monitor Camera monitor Screen scrape software Web traffic monitor

Systematic attacks Use access from compromised employee to gain access to other servers If employee has access to upgrade ATM s then we could upgrade ATM s as well Real case where ATM s would receive updates provided by admin employee

Systematic attacks Started with email attack Gained access to admins desktop Used desktop to gain access to secured ATM network segment Once on network segment was limited to single server Used that server as a delivery mechanism to install malware on the ATM servers Once malware on ATM, just waited for cash to be delivered

What does this mean? What could it do?

What does this mean? What could it do?

What does this mean? How could this be used to our advantage? We don t have access to connect to ATM servers We cant exploit any known vulnerabilities What if we make our own upgrade installer?

What does this mean? What could it do?

What does this mean? What could it do?

What does this mean? What could it do?

What does this mean? What should the malicious code do? Avoid trying to modify existing software Install code that accesses the cash dispenser Tell the ATM to dispense cash at a specified time

What does this mean? Can this really be done? Video

What can be done? Employee awareness & education Install security patches Be cautious of ALL attachments Even non-executable Be cautious of all websites Flash is not your friend Limit and monitor outbound data connections

Breach Preparedness

Prepare for the breach It s better to be prepared and never need it

Best place to start Create an incident response team layout Each breach is different so determining ahead of time the exact people to be on a team is not realistic The basic framework may include personnel from the following areas Legal (Often team lead) CSO IT Department Law Enforcement Member care Vendors Forensics PR Breach remediation

The breach lifecycle When an organization experiences a breach, there is a typical lifecycle that will take place Part of the preparedness plan is to understand the complete lifecycle

The breach lifecycle Discover the breach This is obviously the most important step in the lifecycle The longer the breach goes undetected the more damage that can occur Deploy internal response team

The breach lifecycle Begin initial investigation There are reasons beyond criminal activity for a data breach It is important to begin the initial investigation to eliminate non-criminal activity Also determining the type of data lost is important

The breach lifecycle Contact law enforcement Employ vendors Employ vendors Forensics Breach resolution PR Legal council

The breach lifecycle Initiate notification process Compromised members need to receive a notification regarding the breach Breach notification laws exist in almost every state in the US plus the District of Columbia, the Virgin Islands and Puerto Rico Work with PR company and legal to ensure proper messaging Members main concern is what is at risk and how are you protecting them

The breach lifecycle Make public announcement This should take place at almost the exact same time as member notifications Work with PR company and legal to ensure proper messaging In most cases comprehensive details are not necessary

The breach lifecycle Be prepared for questions Customers will have questions Make sure all employees are well versed and prepared on what they can and can t say In many cases outsourcing the inquiries will be your best bet

Breach conclusion Every financial institution requires a breach preparedness (Incident Response) plan The board should review and approve the plan Documenting services and vendors that will be required in the plan can reduce stress, costs and time in the event of a breach

One for the road

One for the road Hacking is not the only threat to organizations

Bypassing the initial hack How do you gain complete control of an organizations internal network? The Cleaning Crew

After hours concerns Why go after the cleaning crew? Cleaning crews have complete access to the facility Employees often are recognized by cleaning crew No one ever knows you were there Video

93

After hours concerns Other ways to get in An ID card is as good as a key

After hours concerns What can you do to protect your organization? Strict policies for cleaning crew Do not allow anyone in after hours without a key Even if you know the person, they are not allowed in When they exit to take out trash, do not prop open doors Contact list available for cleaning crew Easy to access list of contacts in case of problems / questions Test cleaning crew Send real employees from time to time after hours and see if they can gain access

After hours concerns What happens when cleaning crews follow proper procedures?

After Hours Concerns

In The End

In the end You can t prevent every security risk Education and awareness are an important defense against cyber attacks Remember that you can spend hundreds of thousands on security products and it just takes one human mistake to bypass it all

Employee & Member Education & Awareness Solutions

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback