January Target (retail). In January, Target announced an additional 70 million individuals’ contact information was taken during the December 2013 breach, in which 40 million customer’s credit and debit card information was stolen. Neiman Marcus (retail). Between July and October 2013, the credit card information of 350,000 individuals was stolen, and more than 9,000 of the credit cards have been used fraudulently since the attack. Sophisticated code written by the hackers allowed them to move through company computers, undetected by company employees for months. Michaels (retail). Between May 2013 and January 2014, the payment cards of 2.6 million Michaels customers were affected. Attackers targeted the Michaels POS system to gain access to their systems. Yahoo! Mail (communications). The e-mail service for 273 million users was reportedly hacked in January, although the specific number of accounts affected was not released. April Aaron Brothers (retail). The credit and debit card information for roughly 400,000 customers of Aaron Brothers, a subsidiary of Michaels, was compromised by the same POS system malware. AT&T (communications). For two weeks AT&T was hacked from the inside by personnel who accessed user information, including social security information. May eBay (retail). Cyber attacks in late February and early March led to the compromise of eBay employee log-ins, allowing access to the contact and log-in information for 233 million eBay customers. eBay issued a statement asking all users to change their passwords. Five Chinese hackers indicted. Five Chinese nationals were indicted for computer hacking and economic espionage of U.S. companies between 2006 and 2014. The targeted companies included Westinghouse Electric (energy and utilities), U.S. subsidiaries of SolarWorld AG (industrial), United States Steel (industrial), Allegheny Technologies (technology), United Steel Workers Union (services), and Alcoa (industrial). Unnamed public works (energy and utilities). According to the Department of Homeland Security, an unnamed public utility’s control systems were accessed by hackers through a brute-force attack on employee’s log-in passwords. June Feedly (communications). Feedly’s 15 million users were temporarily affected by three distributed denial-of-service attacks. Evernote (technology). In the same week as the Feedly cyber attack, Evernote and its 100 million users faced a similar denial-of-service attack. P.F. Chang’s China Bistro (restaurant). Between September 2013 and June 2014, credit and debit card information from 33 P.F. Chang’s restaurants was compromised and reportedly sold online. August U.S. Investigations Services (services). U.S. Investigations Services, a subcontractor for federal employee background checks, suffered a data breach in August, which led to the theft of employee personnel information. Although no specific origin of attack was reported, the company believes the attack was state-sponsored. Community Health Services (health care). At Community Health Service (CHS), the personal data for 4.5 million patients were compromised between April and June. CHS warns that any patient who visited any of its 206 hospital locations over the past five years may have had his or her data compromised. The sophisticated malware used in the attack reportedly originated in China. The FBI warns that other health care firms may also have been attacked. UPS (services). Between January and August, customer information from more than 60 UPS stores was compromised, including financial data, reportedly as a result of the Backoff malware attacks. Defense Industries (defense). Su Bin, a 49-year-old Chinese national, was indicted for hacking defense companies such as Boeing. Between 2009 and 2013, Bin reportedly worked with two other hackers in an attempt to steal manufacturing plans for defense programs, such as the F-35 and F-22 fighter jets. September Home Depot (retail). Cyber criminals reportedly used malware to compromise the credit card information for roughly 56 million shoppers in Home Depot’s 2,000 U.S. and Canadian outlets. Google (communications). Reportedly, 5 million Gmail usernames and passwords were compromised. About 100,000 were released on a Russian forum site. Apple iCloud (technology). Hackers reportedly used passwords hacked with brute-force tactics and third-party applications to access Apple user’s online data storage, leading to the subsequent posting of celebrities’ private photos online. It is uncertain whether users or Apple were at fault for the attack. Goodwill Industries International (retail). Between February 2013 and August 2014, information for roughly 868,000 credit and debit cards was reportedly stolen from 330 Goodwill stores. Malware infected the chain store through infected third-party vendors. SuperValu (retail). SuperValu was attacked between June and July, and suffered another malware attack between late August and September. The first theft included customer and payment card information from some of its Cub Foods, Farm Fresh, Shop ‘n Save, and Shoppers stores. The second attack reportedly involved only payment card data. Bartell Hotels (hotel). The information for up to 55,000 customers was reportedly stolen between February and May. U.S. Transportation Command contractors (transportation). A Senate report revealed that networks of the U.S. Transportation Command’s contractors were successfully breached 50 times between June 2012 and May 2013. At least 20 of the breaches were attributed to attacks originating from China. October J.P. Morgan Chase (financial). An attack in June was not noticed until August. The contact information for 76 million households and 7 million small businesses was compromised. The hackers may have originated in Russia and may have ties to the Russian government. Dairy Queen International (restaurant). Credit and debit card information from 395 Dairy Queen and Orange Julius stores was compromised by the Backoff malware. Snapsave (communications). Reportedly, the photos of 200,000 users were hacked from Snapsave, a third-party app for saving photos from Snapchat, an instant photo-sharing app.
Cyber security awareness for end users
Cyber 101 Training
For SMB End Users
62% of Cyber Attacks are aimed
at Small Business
-- Verizon Cyber Crime Survey
>50% of small-to-medium sized
businesses had experienced at
least one data breach
-- Ponemon Institute
• Money – Ransom-ware
• Your companies data
– Personally Identifiable Info (PII)
– Protected Health Information (PHI)
– CC Numbers and/or Financial Info
– Intellectual property – copyrights, trademarks & patents,
business plans, customer lists, etc.
• Your data & access to your customers networks…
– The Target breach happened due to an HVAC vendor (more)
What are they after?
What Is A Breach Going to Cost Your Company?
A National Cyber Security Alliance study showed that 36 percent of cyber attacks are conducted against
SMBs. Of those, up to 60 percent go out of business within six months of an attack.
• Anti-Virus – Necessary but…
– 92% of infosec professionals have totally lost
confidence in antivirus (here)
• “.. a crypting service takes a bad guy’s piece of malware and scans it against all of the available antivirus tools on the
market today — to see how many of them detect the code as malicious. The service then runs some custom encryption
routines to obfuscate the malware so that it hardly resembles the piece of code that was detected as bad by most of the
tools out there. And it repeats this scanning and crypting process in an iterative fashion until the malware is found to be
completely undetectable by all of the antivirus tools on the market.” (here) -- Brian Krebs
• Firewall – Necessary as a first line of defense
Isn’t a firewall and Anti-Virus enough?
You can have all the Prevention tools (Anti-Virus, Firewalls,
Automatic Patching, Backups, Robust Password Protection etc..) and
still be vulnerable to employees going to bad websites, clicking on
bad links or compromised attachments and allowing the bad guy
through the firewall where they can introduce code onto your
network that can Sniff your traffic, Copy your data &/or Control your
devices… You are the weakest link
• Do you have an Android phone? Have you connected it to your
companies WIFI? Have you downloaded misc apps… You might
just be the problem…
Your are the weakest link…
You probably have received a fake email or text message with a website created
to look like it’s from an authentic company.
What it will do:
• Trick you into giving them information by asking you to update, validate or
confirm your account. It is often presented in a manner than seems official
and intimidating, to encourage you to take action.
• Convince you to download Malware
Did you know 39 Percent of Employees Admit to Opening Suspicious Emails
How Will You Be Attacked: Phishing
(social engineering) – The #1 attack vector!
Example Phishing Phone call
Great article on how to recognize Phishing…
Click this link if video does not play…
• Cross Site Scripting
• Denial of Service
• SQL Injection
• Dictionary Attack
**see appendix for details
Other ways you will get hacked…
Example of items you should see referenced in your companies employee
policy doc’s about cyber security:
• Use of encryption
• Email (corporate and personal)
• Use of social networking
• Password Construction Guidelines
• Security Response Plan
• Remote Access
• Wireless Communication
• Bring Your Own Device To Work (BYOD)
Here are some detailed examples:
• Sample Policy (here)
• SANS (here)
Are you aware of your companies
Corporate Cyber Policy?
Does your company have to comply
with Regulatory/Policy mandates?
If so they are subject to Big Fines
If they are not in compliance
so don’t get them in trouble…
Unfortunately many websites and services today still offer un-encrypted
login. With un-encrypted login, the password is NOT encrypted and considered
"cleartext" and can be easily decoded!
What You Must Do – use HTTPS
More here, and here
Software vendors such as Adobe, Microsoft, Oracle and others produce frequent security
patches that plug holes that can be exploited by bad actors.
If you don't install these patches on a regular basis on your hosts, desktops, laptops and
phones your infrastructure will be at risk and will eventually be compromised.
CVE Details is a good place to keep up on the patches. They consolidate vulnerability data
from the National Vulnerability Database (NVD ) and www.exploit-db.com . Another great
site is Mitre's CVE site here .
Here are 2 examples to give you some perspective on how many vulnerabilities a software
• Here is a list of Adobe Flash vulnerabilities.
• Here is a list of Oracle Java vulnerabilities.
• Here is a simple chart that shows how many vulnerabilities
have been published over the years in the Windows 7 OS
What You Must Do – Keep Software up to date
• BitTorrent - you have no control over what the BitTorrent user is downloading
and you don't want to end up like this guy . ( or these people )
• TOR – You don’t know who is sniffing on the exit nodes (example)
• TFTP – It’s all in clear text (more)
• Misc Android Apps – 97% of mobile malware is on Android (more)
What You Must Do – Don’t use risky software
• Use Secure Passwords (more)
• Use throw away passwords on non-mission critical
• Understand Password Managers may not be that
• Change Default Passwords! (more)
• If available enable two factor authentication (example)
What You Must Do – Passwords…
Here are 7 Tips to Prevent Mobile Malware
• Understand the mobile risks - A mobile device is a computer and should be protected like one. If you
access the corporate network with their mobile device you should understand the risk imposed by
downloading applications and accessing website that are not from trusted sources. You need to also
know the value of keeping your operating system on the device up to date with the latest security
patches from the manufacturer/mobile provider and operating system vendor.
• Only access corporate data via Wi-Fi over a secure tunnel as over the air networks are exposed to
malicious capturing of wireless traffic. There are several mobile Virtual Private Networking
technologies (VPN) that can be deployed that can allow users to connect through these secure
• Understand your companies Bring Your Own Device to work (BYOD) policies
• Ask your company if they have a Mobile Device Management (MDM) platform and Mobile
Application Management Platforms from companies like Good and others.
• Encrypt your devices - It is very difficult for someone to break in a steal data on an encrypted device
(this goes for the SIM card as well).
• If you use Android then use anti-malware software
What You Must Do – Your phone…
• Change the default password and keep the firmware
up to date on your home internet router
• Don’t connect to random WIFI’s (example)
• Don’t allow others to download programs to
computers or phones that will connect to your
companies network. Here is a Minecraft example.
• Use a Virtual Private Network (VPN) (example,
What You Must Do – Home Networks
& Public WIFI’s…
Pornography and Malware… They go together. (more)
Visitors to Pornhub.com, the 63rd most popular website in the
world (and 41st in the US) have a 53% chance of coming into
contact with malware
What You Must Do – Explicit Sites
Great advice from SecurityMetrics (here)
• Disconnect from the Internet by pulling the network cable from the router to stop
the bleeding of data. Do not turn off your computer/phone/tablet
• Follow your company cyber security policy step by step plan. The company will
– Document all network changes, notification/detection dates, and people/agencies involved in the
– Segregate all hardware devices in the payment process, or devices suspected of being compromised (if
possible) from other business critical devices.
– Quarantine instead of deleting.
– Preserve firewall settings and firewall logs
– Restrict Internet traffic to only business critical servers and ports outside of the credit card processing
– Disable (do not delete) remote access capability and wireless access points.
– Call a PFI. Once the breach is contained by steps 1-7, consult with a forensic PFI to plan a compromise
What You Must Do – Know what you should
do if you suspect you have been compromised
You or one of your employees may be pointed to a malicious and
illegitimate website by redirecting the legitimate URL. Even if the
URL is entered correctly, it can still be redirected to a fake
What it can do:
• Convince you that the site is real and legitimate by looking
almost identical to the actual site down to the smallest
details. You may even enter your personal information and
unknowingly give it to someone with malicious intent.
• Convince you to download Malware.
How Will You Be Attacked: Pharming
You or one of your employees opens a website
that has embed hidden scripts, mainly in the
web content, to steal information such as
cookies and the information within the cookie
(eg passwords, billing info).
How Will You Be Attacked: XSS
Cross Site Scripting
A bad actor will attempt to make one of your
network resources unavailable to its intended
users by saturating the target with external
communications requests, so much so that it
cannot respond to legitimate traffic, or responds
so slowly as to be rendered essentially
How Will You Be Attacked:
Denial of Service (DOS)
A bad actor may try to get valuable information
from your website by exploiting vulnerabilities in
the sites databases.
How Will You Be Attacked:
A brute force attempt to guess your network
assets passwords, by using common words and
letter combinations, such as “Password” or
How Will You Be Attacked:
A collection of software robots, or 'bots', that creates an army of
infected computers (known as ‘zombies') that are remotely
controlled by the originator. Yours may be one of them and you
may not even know it.
What they can do:
• Send emails on your behalf
• Spread all types of malware
• Can use your computer as part of a denial of service attack
against other systems
How Will You Be Attacked:
Your hosts are being scanned daily by server farms all over the
world looking for current vulnerabilities (example: Heartbleed)
that you may not have patched yet…
What they can do:
• Take control of your company….
How Will You Be Attacked: