Introductions
Dean Sapp, CISO
Braintrace, Inc.
220 S. 200 E., Suite 300
SLC, UT 84111
801-803-7902
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Father, student, author, security researcher, hacker-in-training, Spartan racer, and doer of hard things.
Security Certifications:
CISSP, CISA, CIPP/US, ITILv3, GCCC, GCIH, GSIP, GPEN, GAWN, GSLC, GCPM, GWAPT, G2700, GLEG, GSOC
©2017 Braintrace, Inc. All rights reserved. 3
Combating Cyber Fraud
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Analogy – Bubble Soccer and Fraud
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Goals – Reduce Fraud and Losses
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Fraud Events Happen
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
https://youtu.be/GF-MALBc5I0
Anyone Affected by this?
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Classic cons are still effective
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
FBI Unified Crime Reporting lab statistics.
Classic cons have evolved – 2017 Edition
• W-2 Fraud
• KSL / eBay / Craigslist product theft & fraud
• Get Rich Quick schemes • Nigerian Prince Scam – email and mail fraud
• Current versions include ransomware attacks
• Persuasion Tricks and Fake Jobs (Money Mules) • Request for urgent business relationship or wire payments (BEC)
• Check Fraud• Credit card fraud / ATM fraud
• Extortion/Romance Scams • Webcam hacks and social media slander
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Is it getting any better this year?
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
The top five cyber attacks we are seeing
1. Business Email Compromise (BEC) / Wire Fraud
2. Ransomware attacks – WannaCry/Petya
3. Unauthorized password, email and document accessa) O-365 b) G-Suite
4. File based malware attacks
5. Targeted social engineering
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Sources
1. 2017 Verizon Data Breach Report (2016 findings)
2. 2017 Cost of Data Breach Study: PonemonInstitute
3. 2016 Rand Institute, Cost and Causes of Cyber Incidents Report
4. nw3c.org & ic3.gov
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Sources
1. 2017 Verizon Data Breach Report (2016 findings)
2. 2017 Cost of Data Breach Study: PonemonInstitute
3. 2016 Rand Institute, Cost and Causes of Cyber Incidents Report
4. nw3c.org & ic3.gov
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Sources
1. 2017 Verizon Data Breach Report (2016 findings)
2. 2017 Cost of Data Breach Study: PonemonInstitute
3. 2016 Rand Institute, Cost and Causes of Cyber Incidents Report
4. nw3c.org & ic3.gov
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Sources
1. 2017 Verizon Data Breach Report (2016 findings)
2. 2017 Cost of Data Breach Study: PonemonInstitute
3. 2016 Rand Institute, Cost and Causes of Cyber Incidents Report
4. nw3c.org & ic3.gov
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Fraud reports from nw3c.org
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
IC3.gov
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Cyber crime is big business
• Cyber crime is growing at an alarming rate• Wire fraud / ACH Transfers
• Several local Utah businesses have lost hundreds of thousands of dollars in fraud cases in the past two months…
• Business E-mail Compromise (BEC)• How does a BEC work?
• The FBI recently calculated $5+ billion in losses from US companies over the past few years from wire fraud.
• Hacking at unprecedented levels • Estimated breach costs in 2017 estimated to exceed $80.0 billion.
• Many companies never recover.
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Almost everyone is a target
• What do the crooks really want? • All your monies! Preferably in Bitcoin
• Or your stuff (inventory, used computers, devices, anything they can monetize)
• EFT/Wires/bank account numbers
• Credit card numbers/health records
• Intellectual property (Panama Papers…watch out law firms!)• Copyrights
• Patents
• Trademarks
• Mergers and Acquisition data• Insider trading information
• Executive dossier (dôsēˌā)
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Verizon report contributors
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
60+ agencies! Collaborating and sharing data!
Verizon executive summary
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Verizon executive summary
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Who was targeted in 2016?
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Who was targeted in 2016?
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Incident classification patterns
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Cost to a businessAccording to the Ponemon Institute:
“In 2016, data breaches cost the most in the US and Germany… The average cost per capita of a data breach is $225 per record…and the average total organizational cost in the US was $7.35 million.”
-The most valuable individual records for the crooks to steal for identity theft purposes are medical records. They are also the most expensive breaches at $380 per record.
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
2017 Ponemon Breach Report
Braintrace Intelligent CyberSecurityCopyright©2017 Braintrace, Inc.
Cost per record in the U.S.
Financial Records are approximately $336 each
2017 Ponemon Breach Report
Cost per breach in the U.S. ~ $200,000
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
2016 RAND Breach Report
Cost per breach in the U.S. ~ $200,000
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
2016 RAND Breach Report
Information is Beautiful
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Total cost is hard to pinpoint
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
2016 RAND Breach Report
It may be a combination of detection and cleanup, victim recovery services and litigation expenses
Very Common Attacks
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
• BEC Email compromises
• Account / Password Theft
• Phishing Attacks
• Ransomware
• Attacks from missing patches
• IoT Attacks
• Mobile device compromise
• General hacking, whatever is easiest…
Phishing Risks
• If they can’t guess your password, they likely will go phishing! • Phishing is the most successful way to compromise a computer and then
gain access to a user’s account and password
• Dozens of phishing tools have been written to help the bad guys conduct phishing campaigns
• Some phishing variants:• whaling
• spear phishing (91% of the phishing attacks)
• clone phishing
• phone phishing (my nephew “Ugh…Uncle Dean, I need some help”)
• Results often include stolen passwords, ransomed computer, wire fraud, and potentially a cyber breach
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Business email compromise (BEC)
• Since 2013, 14,032 US companies have lost ~960M• Average loss of $68,415
• Since January 2015, 1,300% increase in losses• All 50 states, and 100 countries impacted.
• Majority of the money still going to banks in China.
• A large local financial company was targeted• Hacked the Managing Shareholder’s business email
• Sent an email with wire transfer instructions to Accounts Payable Manager.
• Instructions to wire $45,000 over the weekend for an urgent and time sensitive deal.
• Follow up email to wire an additional $120,000 to a different bank.
http://www.tripwire.com/state-of-security/latest-security-news/business-email-compromise-scams-have-cost-victims-3b-report-feds/
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Documents and Browsers!
Ransomware
• If they can’t convince you to give them money, they encrypt your data.• FBI/RSA held a Ransomware open house on 8/22/2017
• They discussed popular variants• WannaCry (May, 12, 2017)
• Largest scale cyber attack – 200 countries and counting with a SMBv1 vulnerability
• Microsoft provided a patch in March 2017 (NSA Zero-Day)
• Locky version 2.0 (February 19, 2017)• Utilizes a similar SPAM delivery mechanism as the Drisdex banking trojan
• Encrypted files are renamed with a unique hexadecimal file name *.locky
• MSIL/Samas.A SAMSAM (January 22, 2017)• Exploits vulnerabilities in JBOSS, targeting hospitals
• TeslaCrypt version 4.0 (May 29, 2015) • Decryption key published
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Password theft / credential theft
• Passwords are the primary way attackers get into corporate networks
• Sometimes the hackers will just ask for user passwords…why work hard when you don’t have too? • Would you give me your password for a piece of chocolate?
• What about a candy bar?
• Not even for some bacon?
• What if I gave you 100 bucks? What about $25,000?
• People will often give out their passwords • Including someone acting like the IT department, the help desk, or to the highest
bidder.
• If not, the hackers may try to guess them if they are short or simple.
• Or they might just go search the dark web for a password that is common across personal and business accounts.
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Crime as a Service (CaaS)
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Crime as a Service (CaaS)
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Threat areas to review
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
What do we do about all this?
1. Understand how the attackers work to compromise email.
2. Start using SPF, DMARC and DKIM across your organization.
a) Sender Policy Framework (SPF)
b) Domain-based Message Authentication, Reporting and Conformance (DMARC)
c) DomainKeys Identified Mail
3. Turned on logging for your email accounts
4. Monitor automatic rule changes to your email accounts
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
And, use Two-Factor or Two-Step Authentication
• A second factor of authentication reduces risks significantly
• Avoid SMS text messages
• Use Google Authenticator
• Or Microsoft Authenticator
• Or Okta, Duo, etc…
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Passwords are still the weak link
1. Use Passphrases instead of passwords
2. Use a Password Vault and good password hygienea) Change all default passwords
b) Use a strong one
c) Change it occasionally
d) Don’t reuse the same password for different accounts
3. See next slide…
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Use a strong password
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Configuration of Privacy Settings
• Turn on the settings for protecting your rights• Block or restrict
Cookies
• Know your rights
• Opt–Out when you can…
• Geo-Tagging
• Tracking
• Monitoring
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Keep Plugins up to date
• Use a current, supported browser and ensure all plugins are up to date.
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Use Helpful Plugins
• Consider using browser plugis to protect your privacy online• HTTPS Everywhere
• Privacy Badger
• Ghostery
• NoScript
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Apply your patches regularly…
• If you have it on your network, patch it!• Computer Hardware
• Computer Software• Operating Systems
• Browsers
• Plugins
• Applications
• SCADA systems
• Firewalls, Routers
• Websites
• IoT Devices
• Smart phones and Tablets
• Printers
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Patching is our Achilles’ heel!
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
2017 Verizon Data Breach Reports
Secure Powershell on your network.
• Have your IT team upgrade to Powershell (PS) 5 for all Windows computers• Turn on PS logging
• Restrict who can use Powershell
• Send automatic alerts when someone use Powershell on the network
• Secure Windows computers with Group Policy Objects (GPOs)
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Five things to start doing tomorrow…1. Harden your email systems
a) Turn on DKIM, SPF, DMARC
b) Digitally signing your email and quarantine unsigned emails for review
2. Lock down your firewalla) Block Blacklisted IPs (inbound and outbound)
b) Geo-block if possible (inbound and outbound)
3. Secure your endpoints and serversa) Use a very good endpoint product with the security features enabled
b) Turn on the local firewall, and turn off PowerShell and native tool access
4. Turn on multi-factor authentication for most valuable systemsa) Especially email and systems to move money
5. Patch your stuff! Especially public facing systems!
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
What should we do over the next 12 months?
1. Get a cyber risk assessment and penetration test
2. Start using 2FA strong authentication for everything
3. Continue to patch your systems (especially public facing ones)
4. Consider managed security services
5. Deploy next generation endpoint protection
6. Set up an active breach detection system
7. Use a next-generation firewall
8. Encrypt your data and use offline backup options
9. Investigate CyberSecurity insurance options
Braintrace Intelligent CyberSecurity Copyright©2017 Braintrace, Inc.
Top Related