Hackers have "monetized" their activity



Yüklə 461 b.
tarix14.04.2018
ölçüsü461 b.
#38356



Mark Eich is the Managing Principal of the Information Security Services Group at CliftonLarsonAllen. He has over 26 years’ experience in auditing and technology consulting and has actively led many IT audits and security assessments for clients in a range of industries

  • Mark Eich is the Managing Principal of the Information Security Services Group at CliftonLarsonAllen. He has over 26 years’ experience in auditing and technology consulting and has actively led many IT audits and security assessments for clients in a range of industries



Hackers have “monetized” their activity

  • Hackers have “monetized” their activity

    • More hacking
    • More sophistication
    • More “hands-on” effort
    • Smaller organizations targeted
  • Social engineering on the rise

  • Hackers targeting businesses more than banks



Employees that are aware and savvy

  • Employees that are aware and savvy

  • Networks resistant to malware

  • Relationships with banks maximized



Organized Crime

  • Organized Crime

    • Wholesale theft of personal financial information
  • Payment Fraud – Corporate Account Takeover

    • Use of online credentials for ACH, CC and wire fraud
  • Ransomware

    • CryptoLocker


Target

  • Target

  • Neiman Marcus

  • University of Maryland

  • University of Indiana

  • Olmested Medical Center

  • Etc etc etc…………

  • Main street hardware store??



Catholic church parish

  • Catholic church parish

  • Hospice

  • Collection agency

  • Main Street newspaper stand

  • Electrical contractor

  • Health care trade association

  • Rural hospital

  • Mining company

  • On and on and on and on……………..



Malware encrypts everything it can interact with

  • Malware encrypts everything it can interact with

    • i.e. anything the infected user has access to
  • CryptoLocker

  • Kovter

    • Also displays and adds child pornography images


May 20, 2014 – Ransomware attacks doubled in last month (7,000 to 15,000)

  • May 20, 2014 – Ransomware attacks doubled in last month (7,000 to 15,000)

  • http://insurancenewsnet.com/oarticle/2014/05/20/cryptolocker-goes-spear-phishing-infections-soar-warns-knowbe4-a-506966.html



Zip file is preferred delivery method

  • Zip file is preferred delivery method

    • Helps evade virus protection
  • Working (tested) backups are key



Norton/Symantec Corp:

  • Norton/Symantec Corp:

  • Cost of global cybercrime: $388 billion

  • Global black market in marijuana, cocaine and heroin combined: $288 billion

  • Hackers are lazy - go for the “easy money”

  • Bank customers are much easier targets than the banks themselves



  • Intrusion Analysis: TrustWave

    • January 2010 and April 2011
    • https://www.trustwave.com/GSR
  • Intrusion Analysis: Verizon Business Services

    • July 2010 and April 2011
    • http://securityblog.verizonbusiness.com/2011/04/19/2011-data-breach-investigations-report-released/


Top Methods of Entry Included:

  • Top Methods of Entry Included:





Social Engineering

  • Social Engineering

  • Email Phishing

    • “Spear Phishing”
  • On-line banking trojans



“Amateurs hack systems, professionals hack people.”

  • “Amateurs hack systems, professionals hack people.”

  • Bruce Schneier

  • Social Engineering uses non-technical attacks to gain information or access to technical systems

    • Pre-text telephone calls
    • Building penetration
      • Seeding
    • Email attacks


“Second Generation” phishing

  • “Second Generation” phishing

  • Goal is to “root the network”

  • Install malware

    • Log system activity to harvest passwords
    • Use automated tools to execute fraudulent payments
  • Trick users into supplying credentials (passwords)



With so much money at stake hackers are putting in more effort to increase the likelihood that the emailed link will be followed:

  • With so much money at stake hackers are putting in more effort to increase the likelihood that the emailed link will be followed:

    • “Spoof” the email to appear that it comes from someone in authority
    • Create a customized text that combines with the spoofing to create pressure to act quickly (without thinking)






Our information security strategy should have the following objectives:

  • Our information security strategy should have the following objectives:

  • Users who are more aware and savvy

  • Networks that are resistant to malware

  • Relationship with our FI is maximized



Strong Policies -

  • Strong Policies -

    • Email use
    • Website links
    • Removable media
    • Users vs Admin
    • Insurance


2. Defined user access roles and permissions

  • 2. Defined user access roles and permissions

    • Principal of minimum access and least privilege
    • Users should NOT have system administrator rights
      • “Local Admin” in Windows should be removed (if practical)


Hardened internal systems (end points)

  • Hardened internal systems (end points)

    • Hardening checklists
    • Turn off unneeded services
    • Change default password
    • Use Strong Passwords (see tip next slide)
  • Encryption strategy – data centered



Vulnerability management process

  • Vulnerability management process

    • Operating system patches
    • Application patches
    • Testing to validate effectiveness –
      • “belt and suspenders”


Well defined perimeter security layers:

  • Well defined perimeter security layers:

    • Network segments
    • Email gateway/filter
    • Firewall – “Proxy” integration for traffic in AND out
    • Intrusion Detection/Prevention for network traffic, Internet facing hosts, AND workstations (end points)
  • Centralized audit logging, analysis, and automated alerting capabilities



Defined incident response plan and procedures

  • Defined incident response plan and procedures

    • Be prepared
    • Including data leakage prevention and monitoring
    • Forensic preparedness


Know / use Online Banking Tools

  • Know / use Online Banking Tools

    • Multi-factor authentication
    • Dual control / verification
    • Out of band verification / call back thresholds
    • ACH positive pay
    • ACH blocks and filters
    • Review contracts relative to all these
    • Monitor account activity daily
    • Isolate the PC used for wires/ACH


10. Test, Test, Test

  • 10. Test, Test, Test

    • “Belt and suspenders” approach
    • Penetration testing
      • Internal and external
    • Social engineering testing
      • Simulate spear phishing
    • Application testing
      • Test the tools with your bank
      • Test internal processes


  • Hang on, it’s going to be a wild ride!!

  • Mark Eich, Principal

  • Information Security Services Group

  • mark.eich@claconnect.com

  • ***

  • (612)397-3128



Yüklə 461 b.

Dostları ilə paylaş:




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©genderi.org 2024
rəhbərliyinə müraciət

    Ana səhifə