Your SlideShare is downloading. ×
0
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Operation High Roller:  The need for a security ally!
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Operation High Roller: The need for a security ally!

242

Published on

Operation High Roller was a dramatic change in the way cyber criminals went after their victims. This presentation will focus on the specifics of this attack against corporations, which was focused …

Operation High Roller was a dramatic change in the way cyber criminals went after their victims. This presentation will focus on the specifics of this attack against corporations, which was focused on small to medium sized organizations, the use of analytics to signal out the victims, and the advanced methodologies to hide the attack. Jeff will also discuss the need for specialization in the security marketplace and the need to ally yourself with other organizations as well as working with your General and Outside counsel to prepare for the inevitable battle.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
242
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • The marketplace is crowded with companies offering assessment services under various names. But while they all claim to do roughly the same thing, not all security assessments are created equal. Accuvant has built a successful assessment practice by employing the best assessment team in the industry. Accuvant’s assessment resources are security industry thought leaders, several are published authors, all have years of information security experience, and all have benefited from a broad exposure to different client environments, consulting methodologies, assessment techniques, and security technologies. Accuvant combines this talent and experience with an innovative approach to produce the most cost-effective and comprehensive assessment offerings in the industry
  • Transcript

    • 1. Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 2. Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 3. Not Sci ence Fi ct i on
    • 4. The Need f or a Secur i t y Al l y Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 5. AgendaAccuvant: • Who am I? • Operation: High Roller • Debrief • Soldiers win the Battles, Allies win the warsTactics & techniques: • Issues currently seen from the field • Prediction time!Conclusions Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 6. Jef f Dani el sonComputer Forensics specialist since 2003 and is a SecurityEvangelist for a large national research-driven security partner. Previously, Jeff was a Principal Solutions Consultant for aleading Computer Forensics/eDiscovery and Cybersecuritysoftware solutions corporation as well as a lead investigator at aLarge financial services organization. Certifications•SANS GIAC Certified Forensic Analyst (GCFA)•GIAC Certified Incident Handler (GCIH)•EnCase certified Forensic Examiner (EnCE)•EnCase certified eDiscovery Practitioner (EnCEP). Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 7. I n t he bl i nk of an eye
    • 8. Oper at i on Hi gh- Rol l er Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 9. Ol d Tr i cksThe usual suspects: Definition Spyeye: A proxyhorse A Definition Zues: A Trojan Trojan Definition Spear Phishing: Man-in-the-Browser: • Multiple Attack Strategies thattype that infectsinformationon a Process of banking credentials for horse to attack thatweb browser steals harvest a focuses by • Phish/Spear Phishing email online accounts and also initiateof Man-in-the-browser keystroke single user oradvantage by taking department logging and Form Grabbing. security transactionswithin an organization, vulnerabilities in person is logged as a browser Zeus is • Utilization of Past Malware into their mainly through drive-by it spread account, literally someone to modify web pages, modify addressed from making • Zeus downloadswithin content or insert possible to watch their bank in a transaction the company and phishing schemes. • SpyEye First identified in by the second. inita balance drop July 2007 of all additional transactions, trust. position when was used to steal information from completely covert fashion invisible • Man-in-the-browser the to bothStates Departmentweb United the user and host of Transportation application. Non-patched systems was the biggest culprit. Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 10. New SkewlNew and Improved: Fraudulent Server: A server Automation allowed repeated The • Server-side components that interacts with the has been client-side malware kills banking thefts once the system the links • Heavy automation launched at a portal to process given bank or for a to printable statements. It also banking searches for and erases the actual The account platform. transaction • Targeted to Large accounts (1M+ data is always updated confirmation and current balance) with heavy utilization. (including emails and email copies of the • Automated Bypass of Two-Factor account login). Normally statement. Finally, it also changes Physical Authentication located in a crime-friendly ISP, the transactions, transaction and moved frequently. values, • Links and code are obfuscated and account balance in the • Small Population statement displayed on the victim’s • Avoid Fraud Detection and Hide screen so the amounts are what Evidence the account holder expects to see. Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 11. Debr i efFast MovingHighly Knowledgeable of Banking processesFocused and targetedHybrid Automation • Spear Phishing • Bank Account Usage AnalysisHighly Creative techniques, no new code.The Focus is on small to medium-sized businesses and wealthyconsumers Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 12. A St or m I s Her e
    • 13. W Secur i t y Consul t ant s? hy15 Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 14. Sol di er s W n Bat t l es i • Specialists are key. • Tools and Weapons • “Thin and wide” vs “Deep and Narrow” • Internal Battles should not be overlooked. “Soldiers win the battle, the generals get the credit for them” -Napoleon Bonaparte Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 15. Al l i es W n The W i ar • Cyber Threat Intelligence • Attribution “Who is attacking you” • Regional and Vertical Partners • Maturity of Weapons • Can you • Communicate Risk? • Value of Weapons? • Free or Commercial Intelligence? • Be open to Trusted Advisors • Get a good understanding of what is working, and what is not in the industry • Build a good relationship with local, state, and federal Law Enforcement. Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 16. Debr i efTargeted Attacks increasing • Red October Made popularin inthe 2012, Focused Operation started2010, yetand was First detected June recent believe Discovered by in 2007 attacks foundbe middle-eastInfiltrated over on Twitter, Facebook andStuxnet toon Dec 2012. 2009*, banking in older than online Apple. • Stuxnet records, capablefocused on nucleur This attack of stealing 1K+ High level government was aimed at Iran’s Natanz specific • Watering Hole attacks datacomputers and likelyfocused users browser habits and were plant. Most was from a such as passwords, banking infected by malware Nation/State credentials, cookiesdownloaded specifically on government and specific • Gauss when the user clicked on normally esponiage, most likely from configurations. Hactivist groups, trusted links. but could be supported by a private firm or rogue nation. Current Global IT Security spend is 60 Billion Visibility and Maturity of IT Security programs is necessary. Everyone is now a target, not just highly visible targets. Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 17. Toget her a W W n*Or have e i Chance
    • 18. I ss ues Seen i n t he Fi el d
    • 19. I ssues • Time • Vet Security Partner (s) • References • External Vendors • Vertical Professionals • Why only one? • Daily security vs Security projects • Vice-versa • Money • Talk to the Asset owner • Executive Buy-In program • Threat Intelligence Report Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 20. Pr edi ct i ons f or 2013 • Legal will be put on “notice” • IT Security will be brought under the Legal umbrella • Fundamental Shifting • The Bad Actors • Containment • Push to Pull • Security is a Critical Business Function 2015 The Int ernet w l l no l onger be a ri ght , i t w l l i i be a pri vi l ege Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 21. Questions & Answers Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 22. Thank You Jef f Dani el s on Sec uri t y Evangel i s t GCIH GCFA, EnCE, EnCEP , 970- 407- 8307 j dani el s on@ Ac c uvant . c om Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 23. Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 24. Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 25. Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 26. Copyright © 2013. Accuvant, Inc. All Rights Reserved
    • 27. Copyright © 2013. Accuvant, Inc. All Rights Reserved

    ×