Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

What you need to know about all the breaches v1.0

150 views

Published on

What do you as a consumer need to know about all the company breaches?
Malware Archaeology
LOG-MD

Published in: Technology
  • Be the first to comment

  • Be the first to like this

What you need to know about all the breaches v1.0

  1. 1. With all the breaches What YOU need to know Michael Gough – Co-Founder MalwareArchaeology.com IMFSecurity.com LOG-MD.com
  2. 2. Who am I • Blue Team Defender Ninja, Incident Responders, Malware Archaeologist • I help people recover from breaches, evaluate malware • Co-Creator of “Log-MD” – The Log and Malicious Discovery Tool Podcast - “Brakeing Down Incident Response” LOG-MD.com
  3. 3. Where to find me • Twitter - @HackerHurricane • Blog – HackerHurricane.com • Website – MalwareArchaeology.com • Windows Incident Response Tool – LOG-MD.com LOG-MD.com
  4. 4. Why we here? LOG-MD.com
  5. 5. You’re Next 97,000 76 Mil + 8 Mil 1000+ Businesses395 Stores 4.5 Million 25,000 4.9 Million 4.03 Million 105k trans 40 Million 40+70 Million $148 Mil 33 locations 650k - 2010 ?????? 76,000 670,000 1900 locations 145 Million 20,000 3 Million 35,000 60,000 alerts 990,000 56 Mil 550,000 TBD Citigroup, E*Trade Financial Corp., Regions Financial Crop, HSBC Holdings and ADP ??????
  6. 6. Yup, our Personal Info is gone MalwareArchaeology.com
  7. 7. ATM Fraud via Malware LOG-MD.com
  8. 8. Malware focuses on one main OS LOG-MD.com
  9. 9. MAC Malware • So get a MAC • 90+% less chance of getting malware • MUCH safer to use • Than Windows • Stats do not lie LOG-MD.com
  10. 10. Debit Card Fraud LOG-MD.com
  11. 11. Debit Cards • They are a REALLY bad idea these days • With fraud so high, your checking account is at risk • Remember the movie ‘Catch me if you can’? LOG-MD.com
  12. 12. Debit Cards • Use it at ONE place and ONE place only !!! – The Grocery Store • You can pay for food AND get cash, so it is an ATM too • Use the SAME chain when traveling • Then if it gets compromised you know EXACTLY where LOG-MD.com
  13. 13. Credit Cards • They are insured • No risk to you • 30 days or so until you have to pay your bill • Debit Cards are taken directly out of your checking account • It is always better to use someone else's $$$ before yours LOG-MD.com
  14. 14. Shredding • People do not do enough of this • It is cheap and easy • Shred your stuff • Even Frank says so • Don’t throw away mail, shred it ! LOG-MD.com
  15. 15. Credit Monitoring LOG-MD.com I’m a Security Monitor… You are being robbed
  16. 16. Credit Monitoring • It let’s you know something has occurred • Usually way too late for you to do anything about it • 10 days was my experience when I unfroze my credit to buy our property here in Salado • We already closed the deal before I was notified • It is NOT worth the money… unless FREE LOG-MD.com
  17. 17. Credit Freeze – Your BEST Friend • There are FIVE (5) agencies – Bet you thought there were only 3 • Equifax • Experian • Trans Union • Innovis • NCTUE (Telco’s) – Serviced by Equifax LOG-MD.com
  18. 18. How to Place a Freeze • Equifax – https://help.equifax.com/s/article/What-are-the-security- freeze-fees-in-my-state • Experian – https://www.experian.com/freeze/center.html • Trans Union – https://www.transunion.com/credit-freeze • Innovis – https://www.innovis.com/personal/securityFreeze • NCTUE – 1-866-349-5355 LOG-MD.com
  19. 19. Credit Freeze • Security researcher and author Brian Krebs does more research on this subject than anyone • https://krebsonsecurity.com/2015/06/how-i- learned-to-stop-worrying-and-embrace-the- security-freeze/ • You can see articles on ATM skimmers and other credit card fraud LOG-MD.com
  20. 20. Credit Offers • Placing a security alert at ChexSystems, which is used by thousands of banks to verify customers that are requesting new checking and savings accounts. In addition, consumers can opt out of pre-approved credit offers by calling 1-888-5-OPT-OUT (1-888-567-8688), or visit optoutprescreen.com LOG-MD.com
  21. 21. Salary History • How to Opt Out of Equifax Revealing Your Salary History • To place a security freeze on your The Work Number employment report, send your request via mail to: • TALX Corporation ATTN: Employment Data Report Dept 19-10 11432 Lackland Road St. Louis, Missouri 63146 • Or, you may contact them at http://www.theworknumber.com • or call 800-996-7566. LOG-MD.com
  22. 22. RoboCalls • They are annoying • Your Cell provider offers a service for around $3/mo. • There are apps for your phone too, also around $3/mo. • It is about all you can do until Congress changes the law – So send them an email and/or call them LOG-MD.com
  23. 23. Email.. Is EVIL • Please learn NOT to open attachments • Or click on Links/URLs in emails LOG-MD.com
  24. 24. Passwords • Use a Password Manager • LastPass is my favorite • DON’T REUSE PASSWORDS • Different for every website LOG-MD.com
  25. 25. Two-Factor - MFA • Anywhere you can USE IT !!! • It is an App on your phone that provides an expiring token every minute that you enter in websites or applications that support it • Even if you password is stolen, if you are using 2-Factor then they would need your phone to get the tokens • Google Authenticator for LastPass is awesome LOG-MD.com
  26. 26. Questions • You can find us on the Twitters – @HackerHurricane – @Boettcherpwned • LOG-MD.com • MalwareArchaeology.com • Preso will be on SlideShare and linked on MalwareArchaeology.com • Listen to the BDIR PodCast to hear more on email phishing – BDIRPodcast.com LOG-MD.com

×