Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire...
Transcript of Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire...
![Page 1: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/1.jpg)
![Page 2: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/2.jpg)
Introductions
Dean Sapp, CISO
Braintrace, Inc.
220 S. 200 E., Suite 300
SLC, UT 84111
801-803-7902
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Father, student, author, security researcher, hacker-in-training, Spartan racer, and doer of hard things.
Security Certifications:
CISSP, CISA, CIPP/US, ITILv3, GCCC, GCIH, GSIP, GPEN, GAWN, GSLC, GCPM, GWAPT, G2700, GLEG, GSOC
![Page 3: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/3.jpg)
©2017 Braintrace, Inc. All rights reserved. 3
![Page 4: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/4.jpg)
Combating Cyber Fraud
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 5: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/5.jpg)
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 6: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/6.jpg)
Analogy – Bubble Soccer and Fraud
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 7: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/7.jpg)
Goals – Reduce Fraud and Losses
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 8: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/8.jpg)
Fraud Events Happen
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
https://youtu.be/GF-MALBc5I0
![Page 9: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/9.jpg)
Anyone Affected by this?
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 10: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/10.jpg)
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 11: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/11.jpg)
Classic cons are still effective
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
FBI Unified Crime Reporting lab statistics.
![Page 12: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/12.jpg)
Classic cons have evolved – 2017 Edition
• W-2 Fraud
• KSL / eBay / Craigslist product theft & fraud
• Get Rich Quick schemes • Nigerian Prince Scam – email and mail fraud
• Current versions include ransomware attacks
• Persuasion Tricks and Fake Jobs (Money Mules) • Request for urgent business relationship or wire payments (BEC)
• Check Fraud• Credit card fraud / ATM fraud
• Extortion/Romance Scams • Webcam hacks and social media slander
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 13: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/13.jpg)
Is it getting any better this year?
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 14: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/14.jpg)
The top five cyber attacks we are seeing
1. Business Email Compromise (BEC) / Wire Fraud
2. Ransomware attacks – WannaCry/Petya
3. Unauthorized password, email and document accessa) O-365 b) G-Suite
4. File based malware attacks
5. Targeted social engineering
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 15: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/15.jpg)
Sources
1. 2017 Verizon Data Breach Report (2016 findings)
2. 2017 Cost of Data Breach Study: PonemonInstitute
3. 2016 Rand Institute, Cost and Causes of Cyber Incidents Report
4. nw3c.org & ic3.gov
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 16: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/16.jpg)
Sources
1. 2017 Verizon Data Breach Report (2016 findings)
2. 2017 Cost of Data Breach Study: PonemonInstitute
3. 2016 Rand Institute, Cost and Causes of Cyber Incidents Report
4. nw3c.org & ic3.gov
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 17: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/17.jpg)
Sources
1. 2017 Verizon Data Breach Report (2016 findings)
2. 2017 Cost of Data Breach Study: PonemonInstitute
3. 2016 Rand Institute, Cost and Causes of Cyber Incidents Report
4. nw3c.org & ic3.gov
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 18: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/18.jpg)
Sources
1. 2017 Verizon Data Breach Report (2016 findings)
2. 2017 Cost of Data Breach Study: PonemonInstitute
3. 2016 Rand Institute, Cost and Causes of Cyber Incidents Report
4. nw3c.org & ic3.gov
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 19: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/19.jpg)
Fraud reports from nw3c.org
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 20: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/20.jpg)
IC3.gov
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 21: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/21.jpg)
Cyber crime is big business
• Cyber crime is growing at an alarming rate• Wire fraud / ACH Transfers
• Several local Utah businesses have lost hundreds of thousands of dollars in fraud cases in the past two months…
• Business E-mail Compromise (BEC)• How does a BEC work?
• The FBI recently calculated $5+ billion in losses from US companies over the past few years from wire fraud.
• Hacking at unprecedented levels • Estimated breach costs in 2017 estimated to exceed $80.0 billion.
• Many companies never recover.
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 22: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/22.jpg)
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 23: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/23.jpg)
Almost everyone is a target
• What do the crooks really want? • All your monies! Preferably in Bitcoin
• Or your stuff (inventory, used computers, devices, anything they can monetize)
• EFT/Wires/bank account numbers
• Credit card numbers/health records
• Intellectual property (Panama Papers…watch out law firms!)• Copyrights
• Patents
• Trademarks
• Mergers and Acquisition data• Insider trading information
• Executive dossier (dôsēˌā)
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 24: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/24.jpg)
Verizon report contributors
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
60+ agencies! Collaborating and sharing data!
![Page 25: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/25.jpg)
Verizon executive summary
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 26: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/26.jpg)
Verizon executive summary
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 27: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/27.jpg)
Who was targeted in 2016?
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 28: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/28.jpg)
Who was targeted in 2016?
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 29: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/29.jpg)
Incident classification patterns
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 30: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/30.jpg)
Cost to a businessAccording to the Ponemon Institute:
“In 2016, data breaches cost the most in the US and Germany… The average cost per capita of a data breach is $225 per record…and the average total organizational cost in the US was $7.35 million.”
-The most valuable individual records for the crooks to steal for identity theft purposes are medical records. They are also the most expensive breaches at $380 per record.
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
2017 Ponemon Breach Report
![Page 31: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/31.jpg)
Braintrace Intelligent CyberSecurityCopyright©2017 Braintrace, Inc.
Cost per record in the U.S.
Financial Records are approximately $336 each
2017 Ponemon Breach Report
![Page 32: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/32.jpg)
Cost per breach in the U.S. ~ $200,000
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
2016 RAND Breach Report
![Page 33: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/33.jpg)
Cost per breach in the U.S. ~ $200,000
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
2016 RAND Breach Report
![Page 34: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/34.jpg)
Information is Beautiful
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
![Page 35: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/35.jpg)
Total cost is hard to pinpoint
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
2016 RAND Breach Report
It may be a combination of detection and cleanup, victim recovery services and litigation expenses
![Page 36: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/36.jpg)
Very Common Attacks
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
• BEC Email compromises
• Account / Password Theft
• Phishing Attacks
• Ransomware
• Attacks from missing patches
• IoT Attacks
• Mobile device compromise
• General hacking, whatever is easiest…
![Page 37: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/37.jpg)
Phishing Risks
• If they can’t guess your password, they likely will go phishing! • Phishing is the most successful way to compromise a computer and then
gain access to a user’s account and password
• Dozens of phishing tools have been written to help the bad guys conduct phishing campaigns
• Some phishing variants:• whaling
• spear phishing (91% of the phishing attacks)
• clone phishing
• phone phishing (my nephew “Ugh…Uncle Dean, I need some help”)
• Results often include stolen passwords, ransomed computer, wire fraud, and potentially a cyber breach
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 38: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/38.jpg)
Business email compromise (BEC)
• Since 2013, 14,032 US companies have lost ~960M• Average loss of $68,415
• Since January 2015, 1,300% increase in losses• All 50 states, and 100 countries impacted.
• Majority of the money still going to banks in China.
• A large local financial company was targeted• Hacked the Managing Shareholder’s business email
• Sent an email with wire transfer instructions to Accounts Payable Manager.
• Instructions to wire $45,000 over the weekend for an urgent and time sensitive deal.
• Follow up email to wire an additional $120,000 to a different bank.
http://www.tripwire.com/state-of-security/latest-security-news/business-email-compromise-scams-have-cost-victims-3b-report-feds/
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 39: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/39.jpg)
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Documents and Browsers!
![Page 40: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/40.jpg)
Ransomware
• If they can’t convince you to give them money, they encrypt your data.• FBI/RSA held a Ransomware open house on 8/22/2017
• They discussed popular variants• WannaCry (May, 12, 2017)
• Largest scale cyber attack – 200 countries and counting with a SMBv1 vulnerability
• Microsoft provided a patch in March 2017 (NSA Zero-Day)
• Locky version 2.0 (February 19, 2017)• Utilizes a similar SPAM delivery mechanism as the Drisdex banking trojan
• Encrypted files are renamed with a unique hexadecimal file name *.locky
• MSIL/Samas.A SAMSAM (January 22, 2017)• Exploits vulnerabilities in JBOSS, targeting hospitals
• TeslaCrypt version 4.0 (May 29, 2015) • Decryption key published
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 41: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/41.jpg)
Password theft / credential theft
• Passwords are the primary way attackers get into corporate networks
• Sometimes the hackers will just ask for user passwords…why work hard when you don’t have too? • Would you give me your password for a piece of chocolate?
• What about a candy bar?
• Not even for some bacon?
• What if I gave you 100 bucks? What about $25,000?
• People will often give out their passwords • Including someone acting like the IT department, the help desk, or to the highest
bidder.
• If not, the hackers may try to guess them if they are short or simple.
• Or they might just go search the dark web for a password that is common across personal and business accounts.
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 42: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/42.jpg)
Crime as a Service (CaaS)
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 43: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/43.jpg)
Crime as a Service (CaaS)
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 44: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/44.jpg)
Threat areas to review
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 45: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/45.jpg)
What do we do about all this?
1. Understand how the attackers work to compromise email.
2. Start using SPF, DMARC and DKIM across your organization.
a) Sender Policy Framework (SPF)
b) Domain-based Message Authentication, Reporting and Conformance (DMARC)
c) DomainKeys Identified Mail
3. Turned on logging for your email accounts
4. Monitor automatic rule changes to your email accounts
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 46: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/46.jpg)
And, use Two-Factor or Two-Step Authentication
• A second factor of authentication reduces risks significantly
• Avoid SMS text messages
• Use Google Authenticator
• Or Microsoft Authenticator
• Or Okta, Duo, etc…
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 47: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/47.jpg)
Passwords are still the weak link
1. Use Passphrases instead of passwords
2. Use a Password Vault and good password hygienea) Change all default passwords
b) Use a strong one
c) Change it occasionally
d) Don’t reuse the same password for different accounts
3. See next slide…
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 48: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/48.jpg)
Use a strong password
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 49: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/49.jpg)
Configuration of Privacy Settings
• Turn on the settings for protecting your rights• Block or restrict
Cookies
• Know your rights
• Opt–Out when you can…
• Geo-Tagging
• Tracking
• Monitoring
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 50: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/50.jpg)
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 51: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/51.jpg)
Keep Plugins up to date
• Use a current, supported browser and ensure all plugins are up to date.
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 52: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/52.jpg)
Use Helpful Plugins
• Consider using browser plugis to protect your privacy online• HTTPS Everywhere
• Privacy Badger
• Ghostery
• NoScript
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 53: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/53.jpg)
Apply your patches regularly…
• If you have it on your network, patch it!• Computer Hardware
• Computer Software• Operating Systems
• Browsers
• Plugins
• Applications
• SCADA systems
• Firewalls, Routers
• Websites
• IoT Devices
• Smart phones and Tablets
• Printers
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 54: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/54.jpg)
Patching is our Achilles’ heel!
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
2017 Verizon Data Breach Reports
![Page 55: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/55.jpg)
Secure Powershell on your network.
• Have your IT team upgrade to Powershell (PS) 5 for all Windows computers• Turn on PS logging
• Restrict who can use Powershell
• Send automatic alerts when someone use Powershell on the network
• Secure Windows computers with Group Policy Objects (GPOs)
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 56: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/56.jpg)
Five things to start doing tomorrow…1. Harden your email systems
a) Turn on DKIM, SPF, DMARC
b) Digitally signing your email and quarantine unsigned emails for review
2. Lock down your firewalla) Block Blacklisted IPs (inbound and outbound)
b) Geo-block if possible (inbound and outbound)
3. Secure your endpoints and serversa) Use a very good endpoint product with the security features enabled
b) Turn on the local firewall, and turn off PowerShell and native tool access
4. Turn on multi-factor authentication for most valuable systemsa) Especially email and systems to move money
5. Patch your stuff! Especially public facing systems!
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
![Page 57: Introductions...•Hacked the Managing Shareholder’s business email •Sent an email with wire transfer instructions to Accounts Payable Manager. •Instructions to wire $45,000](https://reader031.fdocuments.us/reader031/viewer/2022041101/5eda404bb3745412b5710731/html5/thumbnails/57.jpg)
What should we do over the next 12 months?
1. Get a cyber risk assessment and penetration test
2. Start using 2FA strong authentication for everything
3. Continue to patch your systems (especially public facing ones)
4. Consider managed security services
5. Deploy next generation endpoint protection
6. Set up an active breach detection system
7. Use a next-generation firewall
8. Encrypt your data and use offline backup options
9. Investigate CyberSecurity insurance options
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.