1. Security Trends and Threats Affecting Innovations in Technology

2. Meet Andrew 𝒜𝓃𝒹𝓇𝑒𝓌 𝒟𝑒𝓇𝒷𝑜𝒷𝑒𝓃
Sr. Director, Head of Global Security Operations
Over 15 Years of Security Experience
Specializing in Security Operations, Incident Response, and Computer Forensics
B.S. System & Network Administration – Bellevue University
MBA – Cornell University 2

3. Current Threat Landscape Impacting Financial Community
Cybercriminal
Attackers intent on making money and often tied to organized crime or other criminal endeavors. These groups are primarily responsible for the current prevalence of ransomware and cryptojacking.
Nation-State
Attackers intent on gaining intellectual property or conducting espionage. Attackers are usually advanced and persistent- an attacker will gain a foothold within a target’s network and remain there for months and even years.
Advanced Persistent Threat (APT)
An attack in which an unauthorized person gains access to a network and remains undetected for a long period of time. The intention of an APT attack is often to steal data rather than cause damage to a network or organization.
Insider Threat
Internal users who ignore Information Security policies and unknowingly grant access to potential threats.
Hacktivist
Attackers who aim to promote a social or political cause. Could be tied to collectives and triggered by current events. The goal of these attackers is typically to cause disruption (e.g., bring down a web site).

4. Current Threat Landscape – Today’s Discussion
Cybercriminal
Attackers intent on making money and often tied to organized crime or other criminal endeavors. These groups are primarily responsible for the current prevalence of ransomware.
Nation-State
Attackers intent on gaining intellectual property or conducting espionage. Attackers are usually advanced and persistent- an attacker will gain a foothold within a target’s network and remain there for months and even years.
Advanced Persistent Threat (APT)
An attack in which an unauthorized person gains access to a network and remains undetected for a long period of time. The intention of an APT attack is often to steal data rather than cause damage to a network or organization.
Insider Threat
Internal users who ignore Information Security policies and unknowingly grant access to potential threats.
Hacktivist
Attackers who aim to promote a social or political cause. Could be tied to collectives and triggered by current events. The goal of these attackers is typically to cause disruption (e.g., bring down a web site).
Cybercriminal
Attackers intent on making money and often tied to organized crime or other criminal endeavors. These groups are primarily responsible for the current prevalence of ransomware and
CRYPTOJACKING

5. Why Are Attackers Using Cryptojacking?
Cryptojacking Overview
“Cryptojacking is a form of cyber attack in which a hacker hijacks a target's processing power in order to mine cryptocurrency on the hacker's behalf.”
Why Are Attackers Using Cryptojacking?
Money: This falls in line with many other types of cyber attacks traditionally seen.
Low Risk of Getting Caught: Businesses are reluctant to pursue attackers because data is NOT taken or destroyed.
Cryptojacking Definition | Investopedia

6. Traditional Cyber Attacks vs Cryptojacking
Similarities
Several exploitation techniques and vectors of attack (e.g. phishing, malware, exploiting existing app vulnerabilities)
Attack payloads may involve installation of software on a compromised system
Goal is to make money off the exploit
Differences
Cryptojacking makes it easier for a bad actor to turn an exploit into money. No need to find and sell stolen data. Could mine servers or clients of affected services (Download vs Drive-by)
Cryptojacking is a safer for bad actors as some currencies, such as Monero, can provide anonymity
Depending on environment and attack, it may be harder to detect cryptojacking without proper controls in place.

7. Traditional Cyber Attacks vs Cryptojacking
Traditional Attacks
Cryptojacking Attacks

8. The Good and Bad News
Good News: Due to cyber incidents trending towards cryptojacking attacks, attackers are less interested in sensitive data, which needs to be found and sold, and are more focused on using your hardware resources. This type of behavior leads to reduced chances of customer data compromise, brand damage control, or expensive legal situations.
Bad News: Even though cryptojacking attacks may not often result in situations where a company may be fined for data loss, these type of attacks can potentially cost companies as much as or more than a traditional attack.
Hardware usage translated to $$ amount (wear and tear)
Affect services on compromised hardware
Cloud environment: Scalable and charge for usage

9. Impact to Innovations in Technology
Cloud Services
Smartphone Ecosystems
Internet of Things
Personal Assistant Devices
(Amazon, Google)

10. Cryptojacking Impact to Cloud Services

11. Cloud Services – Dynamic Scaling

12. Cloud Services – Dynamic Scaling

13. Cloud Services – Dynamic Scaling

14. Cryptojacking Impact to Cloud Services

15. Cryptojacking Impact to Cloud Services

16. Cryptojacking Impact to Cloud Services

17. Cryptojacking Impact to Cloud Services

18. Cryptojacking Impact to Cloud Services

19. Cryptojacking Impact to Cloud Services

20. Cryptojacking Impact to Cloud Services

21. Cryptojacking Smart Phones

22. Cryptojacking Smart Phones

23. Cryptojacking Impact to Smart Phones
Thank you for mining Cryptocurrency on my behalf!

24. Potential Effects of Smartphone Cryptojacking
67.3% of U.S. Citizens Have A Smartphone
In 2018, it is estimated the total number of smartphone users will grow to more than 230 million users in the U.S. alone
What happens if .5% of U.S. smartphone users were infected with cryptojacking malware:
$460k/month USD
Calculation based on 1.15 million infected users capable of mining $0.40 per day
Source:

25. Cryptojacking Internet of Things (IoT)

26. Cryptojacking Personal Devices

27. Why Should You Care?
Symantec Threat Intelligence report stated cryptojacking attacks increased by 8500% in 2017, and according to many sources, it has overtaken Ransomware as the preferred form of cyber attack due to its low barrier of entry and ability to easily turn a profit. With cryptocurrency’s growth in popularity in 2017 and the ability to offer anonymity with some coins, its use in cyber attacks continues to increase.

28. What Can you Do – Cloud Services
Patch/Vulnerability Management
The code needs to be introduced into the environment some way
Monitor for Zero Day vulnerabilities in your environment
Performance Management and Monitoring
Allows detection of abnormal resource usage, which may be indicative of a cryptojacking attack
CPU, Memory, New Processes
Behavior Analysis
Monitoring for abnormal behavior or actions on a system such as suspicious downloads, installations, system commands or processes can help detect potential cryptojacking attacks
Increase in traffic to particular sites
Network Segmentation and Security Controls
Proper network and security controls can reduce the likelihood of successful exploitation and help limit the number of compromised systems in the event of a successful attack

29. What Can You Do – Smart Phones
Deploy Whitelisting MDM Solution to Monitor Installed Applications
Only allow applications specifically reviewed and evaluated for business purposes only
Perform Website Monitoring/Blocking on Mobile Devices
Block access to malicious, unknown, and unauthorized business related websites
Implement Mobile Device Threat Detection
Have company devices monitored for malicious code/activity
Monitor for high CPU usage on mobile devices

30. What Can You Do – IoT/Personal Assistant Devices
Network Segmentation and Security Controls
Segment IoT devices away from the production network
Monitor for increased in network activity from IoT networks
Whitelist Required Sites/Destinations Only
Conduct an assessment of the sites/destinations required to be accessed by the device
Only allow the known good/expected sites
Third-party skills servers for Alexa should be only approved by individual basis
Physically Secure Device If Possible
Do not allow non-permitted users to conduct unauthorized actions on the device

31. Thank you!