Presentation is loading. Please wait.

Presentation is loading. Please wait.

Are Things Always as They Seem?

Published byOpal Haynes Modified over 7 years ago

Similar presentations

Presentation on theme: "Are Things Always as They Seem?"— Presentation transcript:

1 Are Things Always as They Seem?
Steven Mains, PhD, CEO

2 Or: When is Ping Pong Ball Just a Ping Pong Ball?
Steven Mains, PhD, CEO

3 A Day Starts Like Any Other

4 Then Turns Bad This not only encrypts your files, but steals your data too. Looks like their English poor and they mean $50 in BTC – not the equivalent of $50k

5 Or……

6 Seasons Greetings!

7 “Change your password”
Or Worse…. Google says: “Change your password”

8 So You Ask the Experts Security Guy Podesta Aide

9 You Forget About It And Months Later…
….On 7 October 2016 Wikileaks began publishing thousands of s from Podesta's Gmail account Headline: “WikiLeaks’ Podesta release reveals massive Clinton ‘hits’ file on Sanders”

10 What Hackers Steal Business Data – Intellectual Property and connections Tech Data on Weapons, C2 and Inventions To get large company data go through a small company – Australian F35 Breach Personal Data on Clients and Employees s AUS F35 subcontractor: Parts of the network, the subcontractor also used internet-facing services that still had their default passwords “admin” and “guest”. is particularly sensitive – we saw what happened with Podesta’s s, but who has sent an talking about a client? is also valuable because it reveals banking or broker information, privileged correspondence that would lead a hacker to other, valuable information.

11 But it Isn’t Just Data They Are After
The “Internet of Things” (IoT) means more than just data can he held for ransom How much would you pay to get AC turned back on immediately? Could your webcam be launching a Denial of Service attack right now? (It could if it is made by Xiongmai or marketed by Digital View ID)

12 How Big Is This Problem? Time Frame Target Haul 2016 NSA
50 Terabytes of sensitive files 2017 Verizon 14,000,000 client records Bell Canada 19,000,000 client records Virginia State Police Accounts locked for weeks TSA Security lapses revealed WannaCry / Petya Massive Ransomware Attack Cellebrite 900GB Corporate Data Not-Petya Destroyed untold amounts of data to cripple Ukrainian business -- Maersk=$200M CIA Numerous exploits Dallas Emergency Services Outdoor Emergency Sirens set off at same time causing panic Equifax 143,000,000 Credit Records NSA: enough room for 25,000 movies, 20th C Fox made 2117 movies since Dante’s Inferno in 1935 starring Spencer Tracy, Claire Trevor and Rita Hayworth Infrastructure attacks include Bowman Avenue Dam in Rye, NY by Iranian hackers Not-Petya cost Maersk over $200M in delays and disruptions

13 How Can This Happen? Like this, but…

14 More Likely Its This Guy
Evgeniy M. Bogachev. $3M bounty. Had over 1M computers under his control. Evgeniy M. Bogachev

15 How Does He Do It? Most Times, Phishing
85% of organizations suffered a phishing attack in 2016 Number of attacks up 250% from 2015 Where do they come from? — Eastern Europe — Nigeria — Insiders — College Students 30% of Phishing s are opened In the United States, 65 percent of survey respondents correctly answered the question, "What is phishing?" -- It is not an education problem

16 Or MalWare Attacks Can Come From…
Surfing Dodgy Sites What sites pose the greatest threat? Video game cheat sites Celebrity gossip sites Porn sites Other risky sources: Pirated software Mass file sharing sites

17 Or Like This… Social Engineering A company is targeted:
Maybe a Large Sports Apparel Company located near Boston Reconnaissance on social media identifies: Founder Director of Social Responsibility and Founder Founder and Executive Director President, North America Operations Chief Marketing Officer Chief Technology Officer VP and GM-Merchandise 5x General Managers D/GM Finance Senior Vice President and Chief Human Resources Senior Emergency Ops Center Controller “LinkedIn Member” Head of Global IT Evelyn XXXX, EA to President

18 Available information provides numerous approaches for phishing attack
A Good Entry Point EA to President Worked for Regional VPs incl Head of Latin America At company since 1994 (knows everyone) Fluent Spanish Graduated Salem State Rabid Patriots Fan 2 boys in youth football Grad Salem State, Go Vikings Available information provides numerous approaches for phishing attack

19 Then a Phishing Email Like This
This is [President] Dave, I’m locked out of my account, can you have IT reset my password and send it to me, please? Yo soy Esteban de Bogotá. Estoy en Boston para las reuniones, pero estoy bloqueado de mi cuenta. ¿Puede ayudarme a desbloquear, por favor? The Salem Vikings are hosting a Batting, Throwing and Baserunning competition for kids of alumni before the first game against Roger Williams. Sign up now, slots are limited, prizes include VIP tix.

20 Or One of the “Usuals” Bogus invoice (#1 approach in 2017)
Your account will be locked, disabled or suspended unless you login [Your Bank] Irregular/fraudulent activity detected or your account requires a security update [USAA] You’ve received a secure or important message [American Express] Attachment-based phishing with a variety of themes

21 So What Can We Do About It?
Vet subs and vet the cloud NIST Compliance Keep AV, OS and Firewalls up to date Change passwords (on internet-facing systems) Identify and segregate sensitive data and networks Role Separation -- sensitive authorities dispersed Check identity exposure of key people on Dark Web Backup, backup – locally, 20+ miles away, long-term Improve employee sensitivity and communication Prepare for an incident Ransomware Action Plan ─ Data Theft Detection and Continuity of Operations Plan Reaction Plan Make separation decisions quickly and completely Close all accounts and cut access immediately

22 But What Can I do About It?
Two Factor Authorization Personal backups Don’t over-share sensitive info on Social Media Don’t click on links just because it came over social media – you may not know that person or they may have fallen for a scam Don’t re-use passwords for sensitive sites Use a password manager Don’t access social media, entertainment sites or shopping at work

23 First Some Predictions Then Your Questions
For Information contact: Steven Mains, PhD, CEO

24 HBGary Incident HBGary, a computer security company, said they were going to unmask “Anonymous”, a notorious hacking ring at a conference Attack means: Social engineering, SQL injection Haul: Credentials, s addresses and passwords for people authorized to make changes to system Result: Locked senior employees out of Stole and published internal s where employees talked about how stupid the clients were to pay HBGary what they were paying them Massive embarrassment for the company and loss of clients

25 Combining Behavioral Science and Computer Science to Protect Data
Cyber Security Protecting Data 24/7 Combining Behavioral Science and Computer Science to Protect Data Comprehensive protection: Phishkill – Shown to reduce susceptibility to social engineering attacks by over 80%. Comprehensive Risk Assessments to understand employee behavior and modify it through training and rewards Active defenses through password and penetration testing Tigerphish – Mitigate damage if a breach occurs ID hardware and software vulnerabilities Structure data to minimize accessibility Security Policy analysis Cleanphish – Get back to full operations quickly Intrusion detection Incident response Recovery and remediation Understanding Employee Behavior Anticipating Hacker Behavior Network Security Measures Increased Network Protection Current and Recent Clients US Cyber Command

26 Top Secret Facility Clearance, Cage Code: 3L8X7
About TechMIS Top Secret Facility Clearance, Cage Code: 3L8X7 Key People: Steven Mains CEO and Managing Partner Former Director, Center for Army Lessons Learned PhD, Computer Science, College of William and Mary MS, Computational Operations Research, College of William and Mary Burt Squires VP and Partner Former Systems Integration Engineer, NASA BS and MS, Engineering, Columbia University Harvey Glasgow Controller and Partner Former CFO, Clayton Group Relevant NAICS Codes: Administrative Management and General Management Consulting Other Scientific and Technical Consulting Services Data Processing, Hosting, and Related Services News Syndicates Internet Publishing and Broadcasting and Web Search Portals Marketing Research and Public Opinion Polling All Other Professional, Scientific, and Technical Services Professional and Management Development Training

27 Flags to Look For From: "Michael Hxxxxxxxx" xxxxxxxx@verizon.net
Addresses are different. Never seen yahoo acct before. SAM Assy is 226, not 266 From: "Michael Hxxxxxxxx" Reply-To: "Michael Hxxxxxxx" To: Subject: Payment Request Date: Tue, 05 Jul :41: I need you to make a payment for the Assembly, confirm if you can process it today so I can forward you the beneficiary details Regards, Michael Hxxxxxxx Poor punctuation. No discussion of a payment at previous meeting Never goes by Michael

28 More Red Flags From: "Michael Hxxxx" xxxxxx@verizon.net
Reply-To: "Michael Hxxxxxx" To: Subject: Payment Request Date: Wed, 06 Jul :25: Hope you had a nice rest, Don't forget to go to Wells Fargo today to make the deposit in her account. Not common US English USA? MARY HELEN GARCIA..BANK WELLS FARGO BANK BANK ADDRESS 240 N , EUCLID AVE ONTARIO CALIFORNIA USA ACCOUNT NUMBER ROUTING NUMBER ABA NUMBER=3D SWIFT CODE 3DWDBIUS Make a payment of $1300 to Her. SWIFT Code not used in US Not common US use of uppercase

29 More Red Flags From: xxxx <xxxx.xxxx@gmail.com>
To: Michael Hxxxxxx Date: Tue, 05 Jul :27: OK I will try to do that. If I can't get it done today, I can physically go to Wells Fargo tomorrow and make the deposit into her account From: Michael Hxxxxxx To: Subject: Payment Request Date: Tue, 05 Jul :55: Hi Steve, Give me an update, where you able to make the payment today? becomes more urgent

30 More Red Flags Date: Tue, 5 Jul 2016 14:58:18 -0400
Subject: Re: Payment Request From: XXXXXXX To: Michael XXXXXXXX Mike - I think I can do that today. Will take a couple days for the bank check to get to them, but, short answer, yes I can do that. From: "Michael Hxxxxxxxx" Reply-To: "Michael Hxxxxxxx" To: Subject: Payment Request Date: Tue, 05 Jul :21: XXXX, I'd prefer you do a cash deposit or a wire transfer to the Vendor's account. She operates a Wells Fargo account. Urgency is odd given no previous discussion

31 Or Like This… Insider Threats Disgruntled Employees
Fired/Laid-off Employees SysAdmins with too many privileges

32 Office of Personnel Management
How Big Is This Problem? Time Frame Target Haul 2015 Target Stores 70,000,000 records eBay 145,000,000 records Home Depot 56,000,000 records JPMorgan 76,000,000 records Anthem 80,000,000 records Ashley Madison 37,000,000 very sad records Experian 15,000,000 records Office of Personnel Management 22,000,000 security clearances Yahoo 1,000,000,000 records 2016 MySpace 427,000,000 records SWIFT $81,000,000 Anthem likely a foreign government

Download ppt "Are Things Always as They Seem?"

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) =.00625 * 5,349.44 = $33.434 What happens to the.004?.004+.004+.004=.012.004.

Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Personal Privacy and Security Zenia C. Bahorski Ph.D. Department of Computer Science Eastern Michigan University Personal Privacy & Security - Z. Bahorski,

Personal Privacy and Security Zenia C. Bahorski Ph.D. Department of Computer Science Eastern Michigan University Personal Privacy & Security - Z. Bahorski,
Minding your business on the internet Kelly Trevino Regional Director October 6,2015.

Minding your business on the internet Kelly Trevino Regional Director October 6,2015.
Friday, October 23, 2015. Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.

Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via email.

CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
Unit 4 Protecting Your Information Section C. Chapter 1, Slide 2Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting.

Unit 4 Protecting Your Information Section C. Chapter 1, Slide 2Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting.

Similar presentations

Ads by Google