NAU Summer Seminar Series - Protect Yourself from Cybercrime
Upcoming SlideShare
Loading in...5
×
 

NAU Summer Seminar Series - Protect Yourself from Cybercrime

on

  • 479 views

Presentation by Jane Ginn on how to protect data from the acts of online cyber-criminals. She covers the industrialization of cyber-crime, the use of botnets and DDoS attacks, and vulnerabilities and ...

Presentation by Jane Ginn on how to protect data from the acts of online cyber-criminals. She covers the industrialization of cyber-crime, the use of botnets and DDoS attacks, and vulnerabilities and threat vectors. Finally, she provides a list of countermeasures people can take to protect themselves.

Statistics

Views

Total Views
479
Views on SlideShare
464
Embed Views
15

Actions

Likes
0
Downloads
5
Comments
0

1 Embed 15

http://sedonacyberlink.com 15

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

NAU Summer Seminar Series - Protect Yourself from Cybercrime NAU Summer Seminar Series - Protect Yourself from Cybercrime Presentation Transcript

  • Protecting Yourself from Online Cyber-Criminals Practical Tips and Tools By: Jane Ginn, MRP, AIT With Guest Artist: Tony Carito Sponsors:
  • Protecting Your Data & Online Identity •Scope of the Problem •Threat Vectors/ Vulnerabilities • Growing Sophistication of Cybercriminal Networks •Protection/ Countermeasures
  • Scope of the Problem The Industrialization of Cyber-Crime
  • Motivation of Cyber-Criminals
  • Origin of Attack – 2011 Data Source: Trustwave – Spider Labs
  • Location Info Can Be Deceptive Tor Node Locations on February 27, 2013 Source: HackerTarget.com
  • Growth of Malware Source: Panda Security
  • Types of Malware Source: 2012 - Panda Security Source: 2013 - Solutionary
  • How Data Are Lost or Compromised Source: 2011 Ponemon Benchmark Study – Sponsored by Symantec
  • What types of companies are being breached the most? What are the criminals after? Source: Trustwave 2013 Report
  • Source: Trustwave 2013 Report
  • Source: Trustwave 2013 Report
  • Source: Trustwave 2013 Report
  • Fraud Incidence Increasing Source: Javelin 2013
  • The Use of Toolkits: ZeuS  Emerged in 2007  Most prevalent malware toolkit in banking and financial services sector  Many variants  Form „Botnets‟ for exploiting innocent victims  Toolkit goes for +(-) $4,000 on black market w/ many add-ons for $800 - $1,500  Most prevalent in countries that don‟t enforce cybercriminal activity http://www.symantec.com/connect/blogs/zeus-king- underground-crimeware-toolkits
  • The Use of Toolkits: Spy Eye
  • What Are Botnets? Source: McAfee 2011 Report http://www.youtube.com/watch?v=l0y9RA6jrSY
  • Spam Down w/ Botnet Take-Downs Source: M86 Security
  • DDoS Attacks http://flowingdata.com/2013/05/30/ddos-attack-animation/ DDoS also deployed by: Low Orbit Ion Cannon (LOIC) • Jan. 19, 2012 – FBI, DOJ, US Copyright Office, Warner Brothers Music, MPAA, RIAA
  • http://globalsecuritymap.com/ Interactive Map of Global Activity
  • Interview with a Black Hat Hacker Audio recording adapted from an interview with a real hacker by Robert Hansen of White Hat Security
  • Dialogue of Interview – Part 1 Can you describe what you think your hacking related skills are? My personal expertise and area of knowledge is in social engineering. I think it is pretty obvious I‟m a black hat, so I social engineer to “card”. Another area of hacking is botnet building. What attracted you to the Black Hat way of life? Money. I found it funny how watching T.V. and typing on my laptop would earn me a hard worker‟s monthly wage in a few hours. It was too easy in fact. Can you recall a tipping point at which you started considering yourself a Black Hat? It‟s difficult really. We never called ourselves Black Hats, I don‟t know, it was just too James Bond like.
  • Dialogue of Interview – Part 2 How many machines do you think you directly controlled at the peak of your Botnet activity? Erm, depends. I had two separate botnets (although some bots cross over). The DDoS botnet contained the bots which were public computers or computers that were in offices. Then there was my carding botnet, definitely the most valuable. The DDoS botnet has about 60-70k bots at the moment, most in the U.S. The carding botnet had a lot less at around 5-10k, most in Asia. How much money do you think you made, after expenses, per year, at the peak, doing Black Hat activities? I can‟t really go into specifics but when 9/11 happened we were making millions.
  • Dialogue of Interview – Part 3 How much do you think you made last year? Off the top of my head? Around about 400-500k. Last year was kind of s**t. People became wiser, patches became more frequent. This year we have 3/4 of that amount already. How easy is it for you to compromise a website? I like to watch the news; especially the financial side of it. Most of these websites have admins behind them who have no practical experience of being the bad guy and how the bad guys thinks. Which types of browsers tend to be the most vulnerable? If you asked me this a few years ago I‟d have said, almost 100% was Internet Explorer. That is hugely vulnerable, but now people have taken to the better, faster browsers such as Chrome and Firefox.
  • Dialogue of Interview – Part 4 Is there any line you personally never crossed as a Black Hat? I refuse to allow my botnet to be used to attack charities or soldier memorial pages. Apart from that it‟s fair game. How do you perceive the owners of the websites you have compromised and the victims of the machines that your Botnets have infected? I kind‟a feel sorry for the people who become victims of fraud, although if you‟re stupid enough to click a link, you probably deserved it!
  • THREAT VECTORS/ VULNERABILITIES  Point-of-Sale (POS) Systems  Restaurants/Hotels/Retail Shops  Gas Stations/Grocery Stores  Networks (Wired & Wireless)  Home/Work/School  Coffee Shops  Airport Hot Spots  Computers/Laptops/Tablets/Mobiles  Email  Web Applications  ATM Machines  Social Media & Social Engineering
  • Vulnerabilities: Point-of-Sale Systems o Why? Improperly Installed/Poorly Configured o Regulated by the Payment Card Industry (PCI) Data Security Standard (DSS)
  • Vulnerabilities: Networks (Wired & Wireless)  All Networks  No Firewalls  Firewalls Using Out-of-Date Software  Use of Default Passwords on Routers  Wireless  Wireless Networks Configured without Encryption  Wired  Easy physical access in buildings with wired networks
  • Vulnerabilities: Laptops/Tablets/Cell Phones/PDAs  All Devices  Use of Weak Passwords  Use of Same Passwords for all Accounts  Sharing of Passwords  Single Authentication  No Encryption  No Anti/Virus (A/V) Programs  Yes, Apple Products need A/V, too.  Operating Systems & Applications Not Patched  Installation of infected Apps400% increase in malware targeting smartphones in 2012  Lost or Stolen Devices Source: Kaspersky Labs
  • ATM Vulnerabilities
  • Vulnerabilities: Social Media & Social Engineering  Online Exploits  Using Social Media Sites  Phishing (419 Attacks)  Persuading victims to click on an infected link  Too-Good-To-Be-True offers  Web Application Attacks  MitM, MitB, MitS Attacks  In Person Social Engineering Exploits  Dumpster diving  Infected FLASH drive Photo Source: DiegoFuego via Flickr
  • Help Desk Blame Dramatization of how we take our frustration with cyber-criminals out on Help Desk personnel….
  • Growing Sophistication of Cybercrime Supply Chain  Mature Market  Product Specialization  Automation of Offerings  Intellectual Property Protection (Sophisticated Licensing)  Inter-market Communications  Expertly designed eCommerce Sites  Use of digital payment systems providing anonymity  Affiliate Marketing Schemes  Movement of Advanced Exploits to Mobile Platforms  ZitMo & SpitMo
  • Online eCommerce Site
  • Affiliate Marketing Schemes
  • The Move Towards Automation  Use of crime-ware toolkits  Implements Automatic Transfer System (ATS) code in banking trojans  Easy drag-and-drop functionality  Use of botnets  Rental of botnet time using digital money Malware-as-a-Service Business Model
  • Use of Money Mules: $45M Heist in 2013  February 19th, 2013  2,904 ATM‟s withdrawing $2.4M  8 „Money Mules‟ arrested in NY  Law enforcement agencies in 17 other countries involved  $24M withdrawn worldwide in global coordinated attack  Demonstrated vulnerability of global banking system  Used PrePaid MC & Visa Cards  Targeted banks in Oman & UAE ATMs hit on Manhattan in NYC
  • Interview with a Money Mule Dramatization of one key part of the cyber-crime supply chain: Statement from money mule sitting in the jail house in the Eastern District of New York United States attorney's office, Eastern District of New York
  • PROTECTION/ COUNTERMEASURES  Point-of-Sale (POS) Systems  Networks  Computers/Laptops/Mobiles  Online Banking  Browsing & Online Purchases  ATMs  eMail
  • o Small business owners should  Take audits seriously  Do penetration testing  Ensure wireless network is encrypted  Use third-party contractor if unsure of checklist criteria o Users should:  Use credit card rather than debit card at unknown stores  Monitor statements Point-of-Sale (POS) System Security
  • Networks  Wired Networks  Limit physical access  Set-up logging and monitor logs  Control access to computers and Ethernet outlets  Wireless Networks  Use WPA2 for encryption  Visit WiFi Alliance for approved products  Use 3rd-Party to set-up if necessary
  • Using Computers/Laptops/Mobiles o Use Strong Passwords  Change Passwords regularly  Use Different Passwords for Different Sites o Store Passwords in a Vault o Patch Operating Systems (OSs) o Patch Applications o Upgrade to more current versions of OSs when possible
  • Using Online Banking Services  Use Product That Protects Data in Transit & In-Storage  Some banks have Enterprise-Level products customers can download • Example: Trusteer Rapport  If You Use Mobile Online Banking:  Make sure to have A/V protection • Example: Trusteer Mobile (Android)
  • Internet Browsing & Online Purchases https://  Internet Browsing  Keep browsers up-to-date  Avoid “iffy” sites  Online Purchases  Make sure page where enter credit card is using Secure Socket Layer (SSL)
  • Avoid ATM Skimming Fraud  Check for different color metals or uneven edges  Use ATMs at banks or inside stores rather than on the street  Cover your hand when entering PIN
  • Email Protection  Avoiding Spam & Phishing  Use Blacklist/Whitelist feature  Set up spam filter  Set up alternate Email for occasional sites requiring registration  Don‟t respond to 419 scams  Register for Federal Trade Commission Scam Alerts  Maintaining Privacy  Get Email on an Encrypted Service  Avoid Registering on „iffy‟ websites  Use Browser Add-in of your Anti/Virus protection program
  • Social Media & Social Engineering  Social Media  Take care who you “follow” or “friend”  Monitor site‟s blog for announcements of fraud attempts and exploits  Social Engineering  Monitor FraudWatch International  Develop healthy attitude of skepticism
  • • Hushmail • Runbox.com Some Tools • Secunia PSI • SQLmapPC Scans • Trusteer Rapport • Kaspersky Internet Security 2013 • Bitdefender Total Security 2013 • Symantec 360 Banking Trust • PrivateWiFi • Enterprise VPNs WiFi Security Encrypted email
  • Avoid Becoming a Victim from the Industrialization of Cyber-Crime
  • RESOURCES  Identity Theft  Privacy Rights Clearinghouse  Electronic Privacy Information Center  Banking Fraud  Federal Trade Commission  Consumer Financial Protection Bureau  Phishing Intelligence  FraudWatch International  DMARC.org
  • Q & A Protect Yourself Online