December 4 th 2015 Intelligence Briefing NOT PROTECTIVELY MARKED.

Slides:

Advertisements

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Advertisements

Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

Cyber security refers to the technologies and processes designed to protect computers, networks and data from unauthorized access and attacks delivered.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

What is identity theft, and how can you protect yourself from it?

Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

The Most Dangerous Places on The Web (according to PC World)

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

Scams Stevie's Scam School videos

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Hierarchical file system Hierarchical file system - A hierarchical file system is how drives, folders, and files are displayed on an operating system.

Contents  Viruses Viruses  Computer Worms Computer Worms  Trojans Trojans  Spyware Spyware  Adware Adware  Spam Spam  Hoaxes and Scams Hoaxes and.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.

Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories:  PHISHING – Fraudulent s.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

Staying Safe Online Keep your Information Secure.

IT security By Tilly Gerlack.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

End User Cyber Security Awareness Training. Who should complete this training This training is required for all individuals that owns a computer, mobile.

Safe Use of Social Media Cadets – Air Force’s Future.

Protecting and Sharing Documents Lesson 13. Objectives.

Computer Security Hacking, Phishing, Passwords Kausalya S. And Sushil Mujumdar (CCCF) 04 - Aug - 15.

BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)

How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.

Computer Viruses and Worms By: Monika Gupta Monika Gupta.

What is Spam? d min.

Alert against Online Shopping Frauds. Online Shopping A form of electronic commerce whereby consumers directly buy goods or services from a seller over.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

December 11 th 2015 Intelligence Briefing NOT PROTECTIVELY MARKED.

January 07 th 2016 Intelligence Briefing NOT PROTECTIVELY MARKED.

INTRODUCTION & QUESTIONS.

January 21 st 2016 Intelligence Briefing NOT PROTECTIVELY MARKED.

January 15 th 2016 Intelligence Briefing NOT PROTECTIVELY MARKED.

Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,

Protecting Yourself from Fraud including Identity Theft Personal Finance.

Cybersecurity Test Review Introduction to Digital Technology.

Protecting Yourself from Fraud including Identity Theft Advanced Level.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.

Do you know who you’re dealing with? Social Engineering: Minimise the risk of becoming a victim.

ONLINE SECURITY Tips 1 Online Security Online Security Tips.

Outline of this module By the end of this module, you will be able to: Identify the benefits of using social networking to communicate with family and.

The internet is a place of both useful and bad information. It has both good and bad side- and it’s all too easy for kids to stray into it. And no parents/guardian.

Zeus Virus By: Chris Foley. Overview  What is Zeus  What Zeus Did  The FBI investigation  The virus for phones  Removal and detection  Conclusion.

Computer Security Keeping you and your computer safe in the digital world.

Avoiding Frauds and Scams Barbara Martin-Worley Director, Consumer Fraud Protection 18 th Judicial District Attorney’s Office Serving Arapahoe, Douglas,

Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.

Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.

Cyber security. Malicious Code Social Engineering Detect and prevent.

Knowledge Hub Walkthrough August

Knowledge Hub Walkthrough August

Information Security.

Robert Leonard Information Security Manager Hamilton

Protecting Yourself from Fraud including Identity Theft

Protecting Yourself from Fraud including Identity Theft

Internet Safety – Social Media

Protecting Yourself from Fraud including Identity Theft

Thames Valley Chamber / Claire Logic

Online Safety; Privacy and Sharing

Presentation transcript:

December 4 th 2015 Intelligence Briefing NOT PROTECTIVELY MARKED

Current Threats  SWRCCU Investigation Update  Phishing Action Fraud Reports from the South West Region  Hacking Extortion Miscellaneous  CiSP  New non-protectively marked briefing NOT PROTECTIVELY MARKED

Investigation Update  The South West Regional Cyber Crime Unit are currently investigating a malware attack against a company based in Devon. Whilst we originally thought and reported that this malware was the banking trojan Shifu, analysis has now identified it to be Dridex.  An element of the attack which is of note was that the company initially reported that the hard drive had been wiped by the malware. Analysis has revealed that the hard drive was not wiped - the malware caused the Master Boot Record (MBR) to move sectors making it look as though the hard drive had been wiped.  It has also been reported elsewhere that a new version of Dridex leaves an image file of Russian President Vladimir Putin on the hard drive, although this did not occur in this case.  If organisations come across any of these characteristics then please report via Action Fraud and let us know in order for an accurate picture of the scale of the threat to be developed. NOT PROTECTIVELY MARKED

Investigation Update (cont) The SWRCCU has reported on Dridex many times over the last year. Media reporting suggested that the Dridex infrastructure had been disrupted but we are continuing to see Dridex infections targeting Councils and businesses throughout the South West on a regular basis. In order to reduce the chances of becoming a victim of this banking malware please consider:  Have anti-virus installed and up-to-date.  Keep operating systems up-to-date and patched.  Ensure software is up-to-date, for example internet browsers, Java and Adobe.  Restrict the type of websites staff/ you can access.  Prevent employees from using their own devices at work eg USB devices  Remove any banking Smartcard from the reader when you are not conducting a transaction, logging on or making amendments as a system administrator.  Log out from online banking when finished with banking tasks.  Look out for unusual prompts at login.  Change passwords often.  Ideally organisations should utilise a stand alone machine for all online banking kept separate from their platform. NOT PROTECTIVELY MARKED

Phishing  The National Fraud Intelligence Bureau (NFIB) has been made aware of a phishing attack whereby an containing two attachments has been sent in order to socially engineer the end user into unpacking compressed files.  The malicious s claim to come from counter terrorism departments at national police forces, including Dubai Police Force. Attached to the is a PDF file and a.jar file.  The PDF is not harmful, but is included as a decoy file. The malware is in the archive.jar file.  To make the s seem legitimate, the criminals have included the names of people employed by the police forces in the signature and included names of employees at the organisation being targeted. The reads  “We got a terror alert regarding your business area. Be advised to follow the protective measures (Security Tips) as attacked to keep yourself, your company and your family secured.”  Organisations targeted with the malware have generally been in the energy, defence, finance, government, marketing and IT industries based in Bahrain, Turkey and Canada. Although at present the has not been seen in the UK, with recent events it is thought that this may well spread to other countries. NOT PROTECTIVELY MARKED

Phishing (cont): Prevention  Do not click or open unfamiliar links in s or on websites  Check the legitimacy of the with the company that has supposedly sent it. It is a good idea to find a telephone number for them independently from the as the phone number provided may be fake or go straight to the suspect.  Ensure you have up-to-date anti-virus software and perform regular scans.  If you have clicked or activated the link you should seek professional advice from a reputable company. NOT PROTECTIVELY MARKED

Hacking Extortion An individual from the Bristol area reported being a victim of an extortion whereby he engaged in live video chat of an explicit nature with a person purporting to be a female. ‘She’ then contacted the victim demanding that $300 be paid via Western Union to prevent the video being shared with friends/ family and work colleagues. Advice: There is no guarantee that paying the demand would prevent further demands or that the criminal will not post the video anyway. In order to avoid becoming the next victim:  Do not get lured into compromising situations such as removing clothes or performing intimate acts online. You do not know who may see the images.  Always remember that what goes online often stays online.  Be wary about who you invite or accept invitations from on social networking sites. Do not accept friend requests from complete strangers… you wouldn’t do this in real life.  Update your privacy settings on social networking accounts so only people you know can view your account.  Do not include any sensitive, private or personal information in profiles.  If you use online dating sites, choose those that offer the ability to prospective dates using a service that conceals both parties’ true addresses or consider setting up a separate account that does not use your real name. NOT PROTECTIVELY MARKED

CiSP - 30,000 Individual Cyber Crime Threats Shared The Cyber Security Information Sharing Partnership (CiSP), which is co-run by the National Crime Agency and Cert-UK, has flagged and shared the details of 30,000 cyber crime threats. The customised alerts that are sent out allow members to take remedial action and modify their organisations to prevent cyber attacks. If you would like to join the CiSP then please sign up at and contact us as we can sponsor you. A regional South West CiSP is being planned which will launch March 2016; more details will be shared in due course. NOT PROTECTIVELY MARKED

Additional Briefing Dissemination This document has been given the protective marking of NOT PROTECTIVELY MARKED and may be disseminated outside law enforcement with no restriction. If you know anyone else who would like to receive this, please send us their address and we will add them to the distribution list. Any comments or queries please South West Regional Cyber Crime Unit at: NOT PROTECTIVELY MARKED