Rob looked at who the first people you should call when suffering a data breach or a hack. He also explained how the first response unit deals with attacks and the practical steps to take.
This slideshare was originally presented at the East Midlands Cyber Security Forum's Autumn event on 19th October 2017 at University of Nottingham.
https://emcsf.org.uk/
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Cyber Crime - Who do you call?
1. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Robert Pugh (CISMP)
East Midlands Special Operations Unit
Cyber Security Advisor
2. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Cyber Crime :-
Who Do You Call ?
6. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Do You Report Cyber Crime ?
If not why not ?
Share Price Sensitivity ?
Brand Risk ?
What's the Benefit !
Adverse Publicity
7. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Business
Arson
Blackmail / Kidnap
Burglary
Theft / Theft from motor vehicle
Criminal Damage
Theft by Employee
CEO Fraud
Do You Report Crime ?
Individual
Arson
Blackmail / Kidnap
Burglary
Theft / Theft from motor vehicle
Assault / Public Order
Fraud
Criminal Damage
8. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Business
Virus / Malware /Spyware
Denial of Service
Hacking Server
Hacking Social Media / E-Mail
DDOS –Extortion
Hacking -Extortion
Do You Report Cyber Crime ?
Individual
Virus / Malware /Spyware
Denial of Service
Hacking Server
Hacking Social Media / E-Mail
DDOS –Extortion
Hacking -Extortion
90 % 10 %
11. EMSOU CYBER CRIME UNIT
Accept
that Cyber Incidents will occur
&
Plan Accordingly
DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
12. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Reporting of Cyber Crime
Call Action Fraud 24/7
0300 123 2040
If current press option 9
13. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
TICAT:- Triage, Incident, Coordination & Tasking
NCSC – National Cyber Security Centre
NCA – National Cyber Crime Unit
EMSOU - Cyber Crime Unit
--------------------------------------------------
Police – Local Constabulary
14. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Law Enforcement
EMSOU NCA
local
Derby Leicester Lincoln Northant Notts
Investigators
Technical
R and D
Protect
Prevent
15. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Local Cyber Crime Teams
High Tech Crime Units
Digital Media Investigators
Main Streaming Cyber Crime
New Recruits
16. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Incident Handling & Response
Business
Recovery
Evidence
Gathering
Incident
Response Team
What is the Incident
Timeline, who knows what
Network Map
Explaining
Witness Statement
17. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Cloud Storage
Pros and Cons
18. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Current Threats
19. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Data Theft
The Rogue Employee
Data Removal/Deletion
Web Defacement
Network Manipulation
20. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
30 per week
€ 40,000,000 Euro
£1,600,000
>£1,000,000 no police
£155,000
CEO Impersonation
21. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Subject: Request
Hi ?????????,
Good day, hope you are having a nice day.
Please I will need you to take care of a financial obligation for me today.What are the
required information need for you to process a Wire bank transfer?
Thanks
?????
22. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Friday Afternoon
Transferred £12,700 within 20 minutes
Business Account – High Street Bank
Personal Account – High Street Bank
Personal Acc holder arrested on Saturday
No further action
23. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Series of Pre Order Enquiries
DPA to peer account
On Line Banking
Major Crime Unit deployed for arrest
Money had been further dissipated
IP resolution
24. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
PII Data Theft
Use of Emails
Network Intrusion
Data Encryption
Abuse of Network
Bitcoin Mining
25. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Banking Credentials
Malware
26. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Data Theft
Ransomware
Data Deletion
RDP brute force
& traditional reason
Decoy
27. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Protect
Coordinated at the national level by NCSC
Engage with Industry
Promote Cyber Security
Share threat / risk intelligence
28. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Prevent
Coordinated at the national level by the NCA
Engage with children and young adults
Education
Diversion from Cyber Criminality
31. 31
OFFICIAL | NCSC Briefing
(CiSP)| Jan 2017
• Cyber Incident Sharing
• Alerts
• Best practice
• Analysis
• Conversation
• Support
• Government, Industry and Academia
• UK only - free to join
• ~10,000 users and ~3,000
organisations
32. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Cyber Essentials and Cyber Essential +
UK Government Approved
Accreditation Bodies
CREST
IASME
QG Management Standards
APM Group
33. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
CNR Reporting
CERT-UK Network Reporting (CNR) reports
34. type observation time ip source portport destination ipdestination portdestination domain nameurl malware familyprotocol description
botnet drone 2017-08-15 08:17:31Z185.xxx.xxx.xxx39262 80 googleapiserver.netmobile http
vulnerable service2017-08-15 11:20:04Z185.xxx.xxx.xxx 111 port mapperThis host is most likely running a publicly accessible portmapper
botnet drone 2017-08-15 12:20:04Z185.xxx.xxx.xxx34676 80 wkntaqndyl.cz.cc zeus http
botnet drone 2017-08-15 18:23:10Z185.xxx.xxx.xxx50956 80 winhelp.winxplenovo.comapt http
botnet drone 2017-08-15 21:25:01Z185.xxx.xxx.xxx33906 tn69abi.com sality http
botnet drone 2017-08-15 21:25:02Z185.xxx.xxx.xxx34946 80 www.3pindia.in sality http
brute-force 2017-08-16 02:30:18Z185.xxx.xxx.xxx ssh This host is most likely performing SSH brute-force attacks.
brute-force 2017-08-16 02:30:19Z185.xxx.xxx.xxx ssh This host is most likely performing SSH brute-force attacks.
brute-force 2017-08-16 02:30:19Z185.xxx.xxx.xxx ssh This host is most likely performing SSH brute-force attacks.
botnet drone 2017-08-16 02:49:18Z185.xxx.xxx.xxx60380 104.xxx.xxx.xxx conficker This host is most likely infected with malware.
botnet drone 2017-08-16 03:28:58Z185.xxx.xxx.xxx42838 80 digivehusyd.eu shiz http
botnet drone 2017-08-16 03:28:58Z185.xxx.xxx.xxx42990 80 xugiqonenuz.eu shiz http
botnet drone 2017-08-16 05:29:30Z185.xxx.xxx.xxx44548 80 ygiudewsqhct.in sality http
botnet drone 2017-08-16 07:16:58Z185.xxx.xxx.xxx 39038 208.100.26.251 80 sacheverellaraminta.netnivdort This host is most likely infected with malware.
botnet drone 2017-08-16 07:17:42Z185.xxx.xxx.xxx 51718 87.106.18.141 443 thethallegingrecipient.rugozi This host is most likely infected with malware.
botnet drone 2017-08-16 07:17:59Z185.xxx.xxx.xxx 57586 87.106.18.112 80 bzfdcp.com zeus This host is most likely infected with malware.
botnet drone 2017-08-16 07:18:58Z185.xxx.xxx.xxx 45022 208.100.26.251 80 pufuee.com virut This host is most likely infected with malware.
botnet drone 2017-08-16 07:19:44Z185.xxx.xxx.xxx 56722 208.100.26.251 80 l7ha25bubcxqtu2w45.ddns.netcorebot This host is most likely infected with malware.
botnet drone 2017-08-16 07:19:53Z185.xxx.xxx.xxx 49438 208.100.26.251 80 p8vucre9h82di1a4.comchinad This host is most likely infected with malware.
botnet drone 2017-08-16 07:19:57Z185.xxx.xxx.xxx 57032 208.100.26.251 80 mplusworldofficeupdates.comwauchos This host is most likely infected with malware.
botnet drone 2017-08-16 07:20:20Z185.xxx.xxx.xxx 40196 192.42.116.41 80 sonic4us.ru citadel This host is most likely infected with malware.
botnet drone 2017-08-16 07:21:06Z185.xxx.xxx.xxx 40174 208.100.26.251 80 85yj8dqb0pe3.comqadars This host is most likely infected with malware.
botnet drone 2017-08-16 07:25:27Z185.xxx.xxx.xxx 43572 192.42.116.41 80 tfndlavds.in nymaim This host is most likely infected with malware.
botnet drone 2017-08-16 07:27:23Z185.xxx.xxx.xxx 51390 212.227.20.93 80 voligon.at unknown This host is most likely infected with malware.
botnet drone 2017-08-16 07:28:13Z185.xxx.xxx.xxx 45892 104.17.39.137 80 www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comwannacrypt This host is most likely infected with malware.
botnet drone 2017-08-16 07:28:46Z185.xxx.xxx.xxx 47596 208.100.26.251 80 ertionaferdogalo.comdownloader This host is most likely infected with malware.
botnet drone 2017-08-16 07:32:11Z185.xxx.xxx.xxx 57614 208.100.26.251 80 gqyrepdi.com srizbi This host is most likely infected with malware.
botnet drone 2017-08-16 07:44:45Z185.xxx.xxx.xxx42898 216.218.185.16280 fppeextdusum.ru avalanche-tiny-bankerThis host is most likely infected with malware.
botnet drone 2017-08-16 07:44:59Z185.xxx.xxx.xxx35868 216.218.185.16280 ecea77943ed4.comavalanche-panda-bankerThis host is most likely infected with malware.
botnet drone 2017-08-16 07:45:50Z185.xxx.xxx.xxx44984 216.218.185.16280 qtvttmllwcaajyjel.comavalanche-ranbyus This host is most likely infected with malware.
35. DDOS HACKING PHISHING VIRUS CYBER DOS NETWORK
INTRUSION
EMSOU CYBER CRIME UNIT
Many thanks
Robert Pugh
01623 608210
07703 746346
robert.pugh@leicestershire.pnn.police.uk