1 / 47

Cyber Threats

Cyber Threats. Computer Scientist James M.T. Morrison FBI – Houston Division. Introduction. CS James M.T. Morrison (aka Uglymother ) 18+ Years of Experience with the FBI, 4+ years as a Computer Scientist in the Houston Office 27+ Years in the IT field

traviswilliams
Télécharger la présentation

Cyber Threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Threats Computer Scientist James M.T. Morrison FBI – Houston Division

  2. Introduction CS James M.T. Morrison (aka Uglymother) • 18+ Years of Experience with the FBI, 4+ years as a Computer Scientistin the Houston Office • 27+ Years in the IT field • BS in Computer Engineering, MBA Technical Management, MA US History • GSEC, GREM, GCIA, GCIH, GCFE, GPEN, GWAPT, GMOB, A+, Net+ UNCLASSIFIED

  3. “We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology.” Carl Sagan

  4. Timex Sinclair ZX80

  5. TRS80 Model 1

  6. The Actors International Criminal Enterprise State Sponsored Domestic Internal Criminal Enterprise Insider Threat Others(Hacktivists,Joyriders, etc)

  7. Insider Threat

  8. Threats • Website Defacing • DDOS • Phishing • Ransomware • Exploit Kits

  9. Website Defacement www.bbyinhang.com soneribankonline.com Iowa State Bank

  10. Website Security

  11. Distributed Denial of Service – (DDOS)

  12. DDOS Impact • 63% of companies have experienced at least one Denial of Service attack in the past 12 months • 11% of those reported more than six attacks in the same period • 67% said a website downtime of any kind would affect their customers • 51% reported a loss of revenue

  13. Phishing • Also known as • Spear-phishing • Whaling • Vishing • SMShing

  14. Phishing

  15. Spear-Phishing • Spear-phishing is frequently the first step in an attack. • Once such an attack has gained a foot-hold, it is both difficult to detect and difficult to remediate. • More than 90% of successful attacks start via spear-phishing. • Avoiding phishing may be the best defenses against malware attacks.

  16. Domain Twisting Use 'spoofed' domain names designed to fool recipients. www.receiver.com becomes www.receiiver.com Or www.colonel.com becomes www.co1onel.com

  17. Ransomware • Usually begins with a Phishing e-mail or other Social Engineering Attack • Triggered by clicking on the link or opening the attachment • All files on your machine will be encrypted (including on the cloud if you are connected) • You will be instructed to call or e-mail the attackers who may unlock you after you pay a ransom – anywhere between $300 - $1000

  18. Ransomware Defenses • Regularly back up data and verify the integrity of those backups • Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. • Scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails.

  19. Ransomware Response • Date of Infection • Ransomware Variant (identified on the ransom page or by the encrypted file extension) • Victim Company Information (industry type, business size, etc.) • How the Infection Occurred (e-mail, browsing websites, etc.) • Requested Ransom Amount

  20. Phishing Avoidance • Be suspicious of any email with urgent requests • Don't use the links in an email, type them in • Always ensure that you're using a secure website • Consider installing a Web browser tool bar • Consider alternate browser • Ensure Browser Used is Up-to-Date • Turn off HTML graphics for Email

  21. Third Party Vendors • Watch those trust relationships • What access does the vendor need? • Data flows to third parties also need to be monitored • When writing a contract with a third party, data breach incident handling should be included. • If you carry cyber insurance, how is the third party handled?

  22. Computer Truths • Your personal computer and your work computer are not impervious to an attack • There is no “magical” appliance or software that can 100% guarantee protection against an attack • Many networks and computers are misconfigured which allow hackers to attack a weak link and then they can move easily within your system • Every person and every company has something that somebody else wants • If an attacker truly wants access to your network, sooner or later, he/she will gain access

  23. Intrusion Vectors

  24. Malware Detection

  25. Recommendations to Avoid Breaches • Use Strong Passwords • Default passwords for simplicity on initial setup • Business owners should change passwords to their POS systems on a regular basis, using unique account names and complex passwords • Update POS Software Applications • Ensure that all software is using the latest updated software • POS systems, in the same way as computers, are vulnerable to malware attacks when required updates are not downloaded and installed on a timely basis. • A Firewall should be utilized to protect POS systems

  26. Recommendations (Cont) • Use Antivirus • Antivirus work to recognize software that fits current definitions of being malicious and attempts to restrict that malware’s access to the systems • Restrict Access to Internet • POS systems should only be utilized online to conduct POS related activities and not for general Internet use. • Disallow Remote Access • Remote access on POS systems can be exploited to gain access to these networks

  27. Passwords • Use complicated passwords on EVERYTHING • Do not use the same password for all websites

  28. Passwords – Commonly Used

  29. Social Media • Over the last decade, the growth and popularity of social media has increased. Social media has revolutionized the way people interact with others and has become an integral part of life for people of all ages. Criminals have exploited social media by phishing for unwary users to fall victim to their scams. The IC3 complaint data shows 12% of the complaints submitted in 2014 contained a social media aspect.

  30. Social Media: Suggested Settings • Only establish and maintain connections with people you know and trust. • Review your connections often. • Assume that anyone can see any information about your activities, personal life, or professional life that you post and share. • Use secure browser settings.

  31. Wi-Fi Safety: Public

  32. Wi-Fi Safety: Public (Cont) • Do Not Access Personal or Corporate Financial Networks • Understand ANY traffic you put on a Public Wi-fi can be read (including Text Messages from a phone) • Turn Off The Wireless Card on your device when not needed. • Consider using a personal hotspotif you find yourself accessingpublic wifi networks a lot

  33. Wi-Fi Safety: Private • Password protect your wireless network with WPA2 encryption and do not label your wireless network with a personally identifiable naming convention • Do not broadcast your SSID (Wireless Name) • Change the name and password when you install it • Check your network for unwanted users • Turn Off the Network When it wont be used (i.e. Vacation, etc) • Change the network administrator passwords regularly • Keep the hardware updated

  34. Smart Phone Safety: Threats Physical Theft Malicious Applications Application Vulnerabilities Phishing (Vishing and Smishing) Ransomware Juice Jacking Bluetooth Attacks

  35. Smart Phone Safety: Suggestions Treat it like a computer Secure your device (use Auto-Lock) Don't share your device with others Back up and protect your data regularly Delete any text messages or emails that contain sensitive information Download secure applications Be aware that malware and fraudulent applications exist. Don't "jailbreak" or "root" your device. - Taken from Intuit website

  36. Avoiding Becoming the next “Target” • Listen to your IT Staff • Get them involved in Infragard or other external “support groups” • Track incidents • Handle Incidents “correctly” • Don’t be afraid to get help • Has your network been “Pen-tested?”

  37. Breach Notification Laws • No Federal Breach Notification Law • Most States have Breach Notification Laws but they are all different. • When do you engage the Federal Government? • Certain losses of information require it (HIPAA, etc) • Most of the time this is internal policy • Attorneys are almost always contacted before an external entity (such as the FBI)

  38. Incident Handling(Seven Deadly Sins) (courtesy of sans.org) • Failure to report or ask for help • Incomplete/non-existent notes • Mishandling/Destroying Evidence • Failure to create working images • Failure to contain or eradicate • Failure to prevent follow-on compromise months later • Failure to apply lessons learned

  39. Internet Crime Complaint Center(www.IC3.gov)

  40. Internet Fraud (Texas)

  41. Infragard InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Designed to help protect the 16 Critical Infrastructures One of which is Healthcare and Public Health Sector

  42. Infragard Membership • Individual • FREE • Requirements: • 18 years or Older • U.S. Citizen • Pass Periodic Criminal Background Checks • Agree to Adhere to the IG Code of Ethics • Apply Online at https://www.infragard.org

  43. Houston Chapter Events • Chapter Meetings • New Member Orientation Meetings • SIG Meetings • Conference Sessions & Booths • VIP Tours • Workshops • Joint-Organization Meetings • FBI InfraGard Appreciation Events • Holiday Social/Year-end Wrap-up UNCLASSIFIED

  44. Special Interest Groups (SIGs) • Retail • Maritime • Bryan/College Station • Phishing Task Force • Others Pending • Oil & Gas • Technology • Financial Services • Public Safety • Healthcare • Legal • Power & Utilities UNCLASSIFIED

  45. Questions?? FBI HoustonComputer Scientist James Morrison GSEC, GFCE, GPEN, GWAPT, GCIA, GCIH, GREM, GMOBMBA, MA 1 Justice Park Drive Houston, Texas 713-693-5000

More Related