The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle...
Transcript of The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle...
![Page 1: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/1.jpg)
The Trojan Horse: Phishing and Ransomware Attacks
DAVID S. LIPKUSKESTENBERG S IEGAL L IPKUS LLP
BARRISTERS & SOLICITORS65 GRANBY STREET, TORONTO, ONTARIO, M5B 1H8
WWW.KSLLAW.COM
TEL: 416-342-1103 FAX: 416-597-6567
![Page 2: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/2.jpg)
![Page 3: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/3.jpg)
Agenda
1) Ke y Te rm s
2) C a se Stud y
3) Pre ve ntio n
4) NO W WHAT? ? ? !!!? ? ?
![Page 4: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/4.jpg)
$445 Billion Year cost to the global economy
![Page 5: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/5.jpg)
7% in 2 yearsNumber of business reporting $1 million loss
![Page 6: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/6.jpg)
The risks are REALBut MANAGEABLE
![Page 7: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/7.jpg)
Key Terms
![Page 8: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/8.jpg)
Key Terms
![Page 9: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/9.jpg)
Key Terms
![Page 10: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/10.jpg)
Key Terms
Social Engineering
![Page 11: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/11.jpg)
![Page 12: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/12.jpg)
Key Terms - Phishing
![Page 13: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/13.jpg)
Spear Phishing
![Page 14: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/14.jpg)
![Page 15: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/15.jpg)
Key Terms
Information Sec urity
Critic a l Infrastruc ture
Intellec tual Property
![Page 16: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/16.jpg)
TECH 101SOME PRACTICAL BASICS
![Page 17: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/17.jpg)
CREATING A PHISHING ATTACK
• A phishing campaign can be launched in as little as fifteen minutes
• Cursory research using Google, LinkedIn, or your company’s website can provide an attacker with enough information to sound convincing to users
• In this example, Google Forms was used to easily create a fillable survey users could be targeted with
![Page 18: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/18.jpg)
CREATING A PHISHING ATTACK
• Although a Gmail account was used here, easily obtained software tools allow large numbers of users to be targeted
• Sophisticated attackers will send less easily detected emails and embed tracking images or even code in their phishing emails
![Page 19: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/19.jpg)
Friday, May 12, 2017
![Page 20: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/20.jpg)
![Page 21: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/21.jpg)
In 1 Day 230,000 infec ted
c o m p ute rs a c ro ss 150 c o untrie s.
Estim a te d Ec o no m ic Lo sse s:
$4 BillionTo p 4 C o untrie s Affe c te d :• Russia
• Ukra ine • Ind ia
• Ta iwa n
![Page 22: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/22.jpg)
Affected Organizations• Andhra Pradesh Police, India• Aristotle University of Thessaloniki,
Greece• Automobile Dacia, Romania• Cambrian College, Canada• Chinese public security bureau• CJ CGV• Dalian Maritime University• Deutsche Bahn• Dharmais Hospital, Indonesia• Faculty Hospital, Nitra, Slovakia• FedEx• Garena Blade and Soul• Guilin University Of Aerospace
Technology• Guilin University Of Electronic
Technology• Harapan Kita Hospital[disambiguation
needed], Indonesia• Hezhou University• Hitachi
• Honda• Instituto Nacional de Salud, Colombia• Lakeridge Health• LAKS• LATAM Airlines Group• MegaFon• Ministry of Internal Affairs of the Russian
Federation• Ministry of Foreign Affairs (Romania)• National Health Service (England)• NHS Scotland• Nissan Motor Manufacturing UK• O2, Germany• Petrobrás• PetroChina• Portugal Telecom• Q-Park• Renault• Russian Railways• Sandvik• São Paulo Court of Justice
• Saudi Telecom Company• Sberbank• Shandong University• State Governments of India• Government of Gujarat• Government of Kerala• Government of Maharashtra• Government of West Bengal• Suzhou Vehicle Administration• Sun Yat-sen University, China• Telefónica• Telenor Hungary, Hungary• Telkom (South Africa)• Timrå Municipality, Sweden• Universitas Jember, Indonesia• University of Milano-Bicocca, Italy• University of Montreal, Canada• Vivo, Brazil
![Page 23: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/23.jpg)
How it worked:
Generally: Will trick you into clicking an e-mail/link/attachment which will then infect your operating system.
WannaCry: In this case, a vulnerability in an operating system.
![Page 24: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/24.jpg)
The question is not “IF” but
“WHEN”
![Page 25: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/25.jpg)
HAVE YOU HAD YOUR
CYBER HEALTH CHECK?
![Page 26: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/26.jpg)
Cyber Health Check
1. Prevention
2. Education & Training
3. Information Sharing
![Page 27: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/27.jpg)
PreventionAN OUNCE OF PREVENTION IS WORTH A POUND OF CURE – BENJAMIN FRANKLIN
![Page 28: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/28.jpg)
#1. REGULARLY BACKUP AND STORE DATA OUTSIDE OF YOUR BUSINESS NETWORK.
Prevention
![Page 29: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/29.jpg)
#2. EDUCATION & TRAINING
Prevention
![Page 30: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/30.jpg)
#2. EDUCATION & TRAININGPrevention
Insider threats are the most common entry point
for cyber criminals
[60%]
![Page 31: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/31.jpg)
#2. EDUCATION & TRAININGPreventionThe “Human Factor”
- People can be the best resource and the weakest link
![Page 32: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/32.jpg)
#3. SOFTWAREPrevention
![Page 33: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/33.jpg)
Virtual Private Network (VPN)
• Originally designed to allow users to securely access a private network across the Internet or other public network
• Often used in a similar manner to proxies, with two key differences:• The connection between the VPN server and the user is encrypted
• VPNs can handle all types of traffic, whereas proxies generally only deal with web traffic (HTTP)
• VPNs used in this manner are generally paid services, allowing users to pick from a variety of locations they wish to appear to be coming from
![Page 34: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/34.jpg)
VPN Demonstration
![Page 35: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/35.jpg)
Information SharingAN EFFECTIVE STRATEGY
![Page 36: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/36.jpg)
- Business are hesitant to share information.
Information Sharing
![Page 37: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/37.jpg)
Sharing information among key players is essential to combating cybercrime.
Information Sharing
![Page 38: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/38.jpg)
CCTX
(Canadian Cyber Threat Exchange)
Information Sharing
• Not-for-profit• Share information about vulnerabilities and
cyber threats among governments, businesses and research institutions.
• Provide analysis of information security issues
• Point of contact for cyber information sharing organizations in other countries.
![Page 39: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/39.jpg)
NOW WHAT???!!!???
• C & D• Registrars/ISPs• Mail Servers
• IT department• Third Parties
http://www.antifraudcentre-centreantifraude.ca/index-eng.htm
![Page 40: The Trojan Horse€¢ Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Sun Yat-sen University, China • Telefónica • Telenor Hungary,](https://reader031.fdocuments.us/reader031/viewer/2022022521/5b2093587f8b9a0b6e8b4645/html5/thumbnails/40.jpg)
The Trojan Horse: Phishing and Ransomware Attacks
DAVID S. LIPKUSKESTENBERG S IEGAL L IPKUS LLP
BARRISTERS & SOLICITORS65 GRANBY STREET, TORONTO, ONTARIO, M5B 1H8
WWW.KSLLAW.COM
TEL: 416-342-1103 FAX: 416-597-6567