Cyber ID Sleuth Data Security Forensics
Upcoming SlideShare
Loading in...5
×
 

Cyber ID Sleuth Data Security Forensics

on

  • 126 views

 

Statistics

Views

Total Views
126
Views on SlideShare
123
Embed Views
3

Actions

Likes
0
Downloads
1
Comments
0

1 Embed 3

http://btr-security.com 3

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Cyber ID Sleuth Data Security Forensics Cyber ID Sleuth Data Security Forensics Presentation Transcript

  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™ Data Security Forensics Prepared by: Robert A. Listerman, CPA, CITRMS
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Robert Listerman (Bob) is a licensed Certified Public Accountant, State of Michigan and has over 30 years of experience as a process improvement business consultant. He graduated from Michigan State University and became a CPA while employed at Touche Ross & Co., Detroit, now known as a member firm of Deloitte & Touche USA LLP Bob added the Certified Identity Theft Risk Management Specialist (CITRMS) designation issued by The Institute of Fraud Risk Management in 2007. The designation is in recognition of his knowledge and experience in identity theft risk management. Today Bob focuses his practice on data security compliance. Over 50% of identity theft can be traced back to unlawful or mishandling of non-public data within the workplace. Currently Bob serves his professional community as an active Board Member for the Institute of Management Accountants (IMA), Mid Atlantic Council “IMA-MAC.” He is currently servicing as President of IMA-MAC (2011-2013). He is a regular seminar presenter for the IMA, Pennsylvania Institute of CPAs (PICPA), and the Michigan Association of CPAs (MACPA). Bob serves on, and is a past chair of the MACPA’s Management Information & Business Show committee which enjoys serving over 1000 CPAs in attendance each year. He is Continuing Education Chair of the PICPA’s IT Assurance Committee. Bob serves his local community as a member of the Kennett Township, PA Planning Commission, Communications, Business Advisory, and Safety Committees. He is an active board member of the Longwood Rotary Club. He serves his Rotary District 7450 as their Interact Club Chair (Rotary in High School) since 2010. Past professional and civic duties include serving on the Board of Directors for the Michigan Association of Certified Public Accountants (1997-2000), past board member of the Delaware Chapter of the IMA and past Chapter president for the IMA Oakland County, Michigan (1994-1995). www.linkedin.com/in/boblistermanidriskmanager/
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com A DATA BREACH of “PII” IS DEFINED AS A FIRST NAME, FIRST INITIAL OR LAST NAME PLUS: A Social Security Number A Driver’s License Number or State-Issued ID Number An Account Number, Credit Card Number or Debit Card Number Combined with any Security Code, Access Code, PIN or Password
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com A REAL“BREACH” IS DEFINED AS ANY INTRUDER TO YOUR ENTERPRISE Your Trade Secrets Access To Your Servers By a “Hactivism” Criminal Whatever Is Important To Your Enterprise
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com  When a hacker gets anyone’s credentials, it is easy for them to build a profile of the individual to gain even more information from social media sites.  From there they can “spearPhish” more information from the victim OR THEIR CONTACTS!  Examples of profile building follow:
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com LOST CREDENTIALS PUT YOU UNDER ATTACK Name: Lucas Newman Extraction Date: 12/30/20XX Email: lnewman@firstrepublic.com Hometown: Portland, Oregon Hashed Password: 16b90b178faff0e3e2f92ec647b50b1 1 Occupation: Managing Director and Portfolio Manager Extraction Type: Hack Source:
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Name: Robyn Mondin Extraction Date: 12/30/20XX Email: robyn.mondin@firstcitizens.com Hometown: Asheville, North Carolina Clear Password: 36f76603a2212c7fc6ff4fb8ec77a64 c Occupation: Mortgage Banker Extraction Type: Hack Source:
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com EVERY EMPLOYEE, PARTNER, AND SYSTEM IS A WEAK LINK Name: Pat Grundish Extraction Date: 8/13/20XX Email: pat.grundish@53.com Hometown: Englewood, Ohio Clear Password: p_grundish Occupation: Mortgage Loan Officer Extraction Type: Hack Source: Name: Mandy Knerr Extraction Date: 8/13/20XX Email: mandy.knerr@53.com Hometown: Huber Heights, Ohio Clear Password: m_knerr Occupation: Sr. Marketplace Loan Officer Extraction Type: Hack Source:
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com STOLEN CREDENTIALS REPEATEDLY USED TO BREACH FINSERV 16 Financial Services institutions publically reported a data breach in 2012, totaling 1.1M breached records. We harvested 6 credentials belonging to Independent Capital Management in December 2011. As recently as 4/1/2013, we have found Citi credentials for a total of 1,688 February 22, 2012 • An unauthorized party misused Accucom credentials to make fraudulent $1.00 charges March 2, 2012 • A user ID assigned to Independent Capital Management used to access consumer credit reports March 13, 2012 • Hacker logged onto Citi's credit card online account access system by using passwords and user IDs October 29, 2012 • Hackers use stolen employee credentials to hack Abilene Telco, resulting in the theft of 847 credit reports
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com THE LONG-TERM EFFECTS OF LOST CREDENTIALS 2005 •An employee of a Kansas City investment bank registers for the free Stratfor newsletter December 2011 •Stratfor becomes aware of its breach January 2012 Stratfor initiates a massive breach response, including removing all related data from the Web February 2013 •Hactivist group identifies the credential/password combo that still accesses the investment banks’s webmail February 2013 •Hacktivist group publishes the investment bank’s client information on the it’s home page It took nearly eight years to feel the full effect of a duplicate password. Over 300,000 individuals had their personal information leaked, such as credit card numbers, addresses, phone numbers, and more. Employee used same password to access the Stratfor newsletter as his password to the investment bank’s webmail account.
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com MULTIPLE VECTORS OF ATTACK RESULT IN BREACHES Data Breaches Point of Sale Systems Email Web Mobile Lost/ Stolen DeviceFTP Cloud Services Employees Hacking Social Media
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com THREE PRIMARY CAUSES DRIVE DATA BREACHES Data Breaches Monetization NegligenceEgo
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com USA Breaches* * From 2005 to June 11, 2014 Source: http://www.PrivacyRights.Org 867,525,654* Records Known to Have Been Breached in The USA!
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com IT Administrators harden their networks by building walls with Anti-Virus software to keep out the bad guys The Result is that Anti-Virus software can’t keep up and the bad guys are already inside your walls The Problem is that 76,000 new malware strains are released into the wild every day The Problem is that 73% of online banking users reuse their passwords for non- financial websites PROVIDING VISIBILITY BEYOND THE IT WALLS
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com STOLEN CREDENTIALS EXPOSE YOU TO UNKNOWN RISK 30,000 The number of new malicious websites created every day 1 80%Of breaches that involved hackers used stolen credentials 14% Of data breaches were due to employees using personal email accounts 2 SOURCES: 1. Sophos, 2012; 2. Verizon Data Breach Investigations Report, 2013 76%of network intrusions exploited weak or stolen credentials. 2
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com MALWARE EVADES TRADITIONAL ANTI-VIRUS SOFTWARE 200,000 – 300,000 The estimated number of new viruses discovered each day 1 52% Of malware in a recent study focused on evading security 2 24.5% Antivirus software’s average detection rate for e-mail based malware attacks 3 40%Of malware samples in a recent study went undetected by leading antivirus software 2 SOURCES: 1. Comodo Group, 2012; 2. Palo Alto Networks, 2013 3. Krebs on Security, 2012
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com DO YOU KNOW WHAT THESE ARE? "automatedtest", "automatedtester", "bagle-cb", "c_conficker", "c_confickerab", "c_confickerc", "c_pushdo ", "c_trafficconverter", "c_zeroaccess", "childpredator", "citadel", "condo", "cutwail", "d_tdss", "darkmailer", "darkmailer2", "darkmailer3", "darkmailer4", "darkmailer5", "deai", "esxvaql", "fakesendsafe", "festi", "fraud", "gamut", "gheg", "grum", "hc", "kelihos", "lethic", "maazben", "malware", "manual", "mip", "misc", "netsky", "ogee", "pony", "relayspammer", "s_kelihos", "s_worm_dorkbot", "sendsafe", "sendsafespewage", "slenfbot", "snowshoe", "spamaslot", "spamlink", "spamsalot", "special", "spyeye", "ss", "synch", "w_commentspammer", "xxxx", "zapchast", "zeus" Prewritten Malware coding available to hackers to modify enough to get through your security
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CASE STUDY: Sony PlayStation®Network April 19, 2011 •Sony discovers its network had been compromised but did not announce anything April 20, 2011 •Sony closed down the network but did not disclose what it already knew April 22, 2011 •Sony reveals that an “external intrusion” caused the network outages April 26, 2011 •Sony released a detailed account of incident and reveal for the first time that PII was leaked April 29, 2011 •Sony shares drop 4.5% and the company reveals 2.2 million credit card numbers were stolen March 2014 •Sony is still attempting to resolve issues from the 50+ different class actions law suits brought against it Current estimates of the total financial impact to Sony is $171 million Sony provided affected individuals with 12 months of identity theft protection and insurance coverage 100M user accounts compromised , exposing Full Name, Address, Phone Number, Date of Birth, Credit Card Number, User Name, and Password
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CASE STUDY: Target Corporation Nov. 27 – Dec. 15 2013 •Hacker execute extended attach against Target’s point-of-sale system Dec. 18, 2013 •News of the breach is reported by data and security blog KrebsOnSecurity Dec. 20, 2013 •Target acknowledges the breach, saying it is under investigation Dec. 21, 2013 •JP Morgan announces it is placing daily spending caps on affected customer debit cards Dec. 22, 2013 •Customer traffic drops over the holiday season, resulting in a 3-4% drop in customer transactions Jan. 10, 2014 •Target lowers its fourth- quarter financial projections, saying sales were “meaningfully weaker-than-expected” Current estimates of the total financial impact to Target is $200 million Target provided affected individuals with 12 months of identity theft protection and insurance coverage 110M user accounts compromised , exposing credit and debit card numbers, CVN numbers, names, home addresses, e- mail addresses and or phone numbers
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com “Ongoing forensic investigation has indicated that the intruder stole a vendor's credentials which were used to access our system.” Molly Snyder, Target Corporation January 2014
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Email Attack on Vendor Set Up Breach at Target* * Source: http://krebsonsecurity.com/ The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware- laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation. KrebsOnSecurity reported that investigators believe the source of the Target intrusion traces back to network credentials that Target had issued to Fazio Mechanical, a heating, air conditioning and refrigeration firm in Sharpsburg, Pa.
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com ANATOMY OF A SPEARPHISHING ATTACK Target Victim 1 Install Malware 2 Access Network 3 Collect & Transmit Data 4 Breach Event 5
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com THE PROFILE OF AN ATTACKER The malware used to hack Target’s POS system was written by a Ukrainian teen • Andrey Hodirevski from southwest Ukraine carried out the attack from his home • The card details that he stole were sold through his own forum as well as other communities • CyberID-Sleuth™ investigated the breach when it occurred and was able to verify various discussions and identifiers pointing to this suspect
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com An Internet service provider (ISP, also called Internet access provider) is a business or organization that offers users access to the Internet and related services. Source: http://en.wikipedia.org/wiki/Internet_service_provider#Access_providers Definition
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com a.k.a: the “CLOUD”
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com The Internet “Web” Topography
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Can you identify what these numbers are?
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com IP Tracer Source: http://www.ip-adress.com/ip_tracer/
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com An IP Address gives the hacker access to your computer to run command and control botnet malware – you have been breached!
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™ PROVIDES MORE THAN AUTOMATED ALERTS Credential Monitoring Identifying email addresses from a corporate domain that have been hacked, phished, or breached IP Address Scanning Identifying devices in a corporate network connected to a known malware command and control server Doxing awareness and hacktivist activity monitoring Locating the individuals and exchanges involved in intellectual property theft Hacks, exploits against networks, glitches, leaks, phishing/keylogging monitoring Identification of communities targeting brands, networks or IP addresses Identification of intellectual property distribution Identification of individuals posing a risk to any IP address
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™ IDENTIFIES-PROVIDES EARLY WARNING AT TWO POINTS CyberID-Sleuth™ scours botnets, criminal chat rooms, blogs, websites and bulletin boards, Peer-to-Peer networks, forums, private networks, and other black market sites 24/7, 365 days a year CyberID-Sleuth™ harvests 1.4 million compromised credentials per month Dark Web CyberID-Sleuth™ identifies your data as it accesses criminal command- and-control servers from multiple geographies that national IP addresses cannot access CyberID-Sleuth™ harvests 7 million compromised IP addresses every two weeks
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com REMEMBER WHAT THESE ARE? "automatedtest", "automatedtester", "bagle-cb", "c_conficker", "c_confickerab", "c_confickerc", "c_pushdo ", "c_trafficconverter", "c_zeroaccess", "childpredator", "citadel", "condo", "cutwail", "d_tdss", "darkmailer", "darkmailer2", "darkmailer3", "darkmailer4", "darkmailer5", "deai", "esxvaql", "fakesendsafe", "festi", "fraud", "gamut", "gheg", "grum", "hc", "kelihos", "lethic", "maazben", "malware", "manual", "mip", "misc", "netsky", "ogee", "pony", "relayspammer", "s_kelihos", "s_worm_dorkbot", "sendsafe", "sendsafespewage", "slenfbot", "snowshoe", "spamaslot", "spamlink", "spamsalot", "special", "spyeye", "ss", "synch", "w_commentspammer", "xxxx", "zapchast", "zeus"
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Zeus Infection targeted towards multiple entities within the Hotel Industry within India CyberID-Sleuth™ identified a targeted Zeus campaign which appears to have been focused and distributed to Hotel chains, mainly within the India region. The attack in question caused active compromises against a number of systems. CyberID-Sleuth™ ’s main focus is the type of data often held within Reservation and other Hotel systems. Personal information such as credit card data, as well as passport scans or copies, are often held on Hospitality systems and the data identified next highlights that these same systems are compromised and under direct control of malicious actors. CyberID-Sleuth™ CASE STUDY ACTUAL CREDENTIAL DATA
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™ IDENTIFIES ACTUAL MALWARE VARIANT Infection Type: Zeus Infection - V2.1 Payload: Theft of all credentials, Key logging of all data, Remote access to devices Total Infection Count: 487 Total Credential Count: 12894 ( including duplicates ) Command and Control (C2) Domain: matphlamzy.com
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™ IDENTIFIES ACTUAL CREDENTIAL DATA bwstarhotel.com - 111.68.31.202 ,('92', 'RSV1_E532648A3D69E5DE', '-- default --', '33619969', '', '', '1394590108', '7557047', '0', '±00', '1033', 'C:Program FilesMicrosoft OfficeOffice14OUTLOOK.EXE', 'RSV1owner', '101', 'pop3://reservation@bwstarhotel.com:starrsv1 *@116.251.209.92:110/', '111.68.31.202', 'ID', '1394590104') Date extracted and listed below is related to valid and legitimate accounts which are still active. These are not passwords taken from Breach events or other untrusted sources. They are taken directly from devices that are still infected/compromised!
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™ IDENTIFIES ACTUAL CREDENTIAL DATA bwmegakuningan.com - 139.0.16.90 ('447', 'USER-PC_E532648A9824115F', '-- default --', '33619969', '', '', '1394593039', '162643491', '0', '±00', '1033', 'C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE', 'user-PCuser', '101', 'pop3://reservation@bwmegakuningan.com: 79r2mz5xrx@116.251.209.92:110/', '139.0.16.90', 'DE', '1394593037')
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™ IDENTIFIES ACTUAL CREDENTIAL DATA townsquare.co.id - '180.250.172.36 ('453', 'RESERVATION_1F3D59E96522DF69', '-- default --', '33619969', '', '', '1394592970', '14267024', '0', '± 0', '1033', 'C:Program Files (x86)Microsoft OfficeOffice12OUTLOOK.EXE', 'TSPDCvitha', '101', 'pop3://reservation.seminyak@townsquare.co.id:tsbali1234@ 103.31.232.210:110/', '180.250.172.36', 'ID', '1394593095')
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Over 257 unique credit cards were stolen during the attack. CyberID-Sleuth™ identified the botnet, which was made up of infected devices. CyberID-Sleuth™ CASE STUDY ANATOMY OF THE FINDINGS Q. How many credit cards were captured? Q. Specifically what data did it steal and report back that you could see? CyberID-Sleuth™ could see EVERYTHING that was entered on a user’s device or saved as a password or credential. Q. How much did this breach cost the client? No “price” could be put on the damage caused to a victim after a fraudster has stolen their credentials. The data stolen would allow the fraudster access to internal systems, either via the stolen credentials or via backdoor access to affected systems.
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Q. What data about the attacker were we able to find? Limited details. Any information about the attackers are not shared with clients unless a directed attack, and is only shared with US and UK Law Enforcement. Q. How did the authorities use the data to capture the intruders The individual responsible for running the botnet in question is so far still at large. CyberID-Sleuth™ CASE STUDY ANATOMY OF THE FINDINGS
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™ Credential Monitoring Demo * * Let us see if your credentials are for sale, at no obligation Tier I
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com A STANDARD RESPONSE TIMELINE SHOULD BE FOLLOWED Incident Detection / Discovery Incident Notification & Resolution RemediationEfforts Internal and External Communication of Event, Reaction, and Remediation Notification Capabilities Go Live Coordinate Breach Notification Copy and Distribution with Breach Remediation Vendor Establish internal or third party communication channel to affected population Contact and or activate contract with Data Breach Remediation Vendor Prepare Internal and External Communication Plan & Copy Determine Organization’s Public Response Plan (including notification type, verbiage, and remediation offering if any) Implement Breach Response Plan Determine total scope of event, size of affected population, type of data lost or compromised, necessary legal and industry specific guidelines Activate technical / security focused breach response team processes and procedures based on Data Breach Plan Initial Internal Reporting, notifications, and security triage of the “event” AssessmentEfforts Plan Ahead By Forming a Breach Response Plan CyberID-Sleuth Tiers II & III
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com THE COSTS OF A DATA BREACH ARE VARIED • Detection or Discovery—”Activities that enable a company to reasonably detect the breach of personal data either at risk (in storage) or in motion” • Escalation—”Activities necessary to report the breach of protected information to appropriate personnel within a specified time period.” • Notification—physical mail, e-mail, general notice, telephone • Victim Assistance—card replacement, credit monitoring offer, identity theft protection offer, access to customer service representatives • Churn of existing customers / personnel • Future Diminished Acquisition of customers or employees
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com RECOMMENDATIONS TO REDUCE DATA BREACH EXPOSURE & COSTs • Promote Employee Data Management Training & Education • Require GC / CISO and their teams to understand industry, state, federal, and event specific data breach response guidelines and recommendations • Establish an internal data breach response plan and process flow • Prior to a data breach event contract with a data breach remediation, notification, and or forensics provider • Utilize and maintain available data loss prevention technologies such as CyberID-Sleuth™ • Require advance encryption and authentication solutions be in place across the organization • Contractually require notification from vendors who manage data from your organization to alert you of they incur a breach of any data • Support enactment of legislation that clearly dictates rules and guidelines for organizations to follow in advance of, and following a data breach event
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Take this 20 Question Assessment to Score Your Risk Level Give us a call and we can even do this over the phone!
  • Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com 1. Remember to ask us for a no-obligation credential search for your enterprise 2. Allow us to give you your 20 Question Assessment Score on your risk level Email your questions to CyberIDSleuth@BTR-Security.com or to get two no-obligation services mentioned below