Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Rui Miguel FeioSharing knowledge with the world
Cybersecurity
Lisboa,	Portugal	(2017)
Rui Miguel FeioSharing knowledge with the world
RUI MIGUEL FEIO
• Working	with	computers	since	9	years	old,	back	in	1984
•...
Rui Miguel FeioSharing knowledge with the world
The ”online world” is
worth trillions of British
Pounds and it’s being
tar...
Rui Miguel FeioSharing knowledge with the world
VALUE OF ONLINE BUSINESS
*	https://www.emarketer.com/Article/Worldwide-Ret...
Rui Miguel FeioSharing knowledge with the world
CRIMINALS FROM THE PAST
Al Capone Pablo Escobar
Rui Miguel FeioSharing knowledge with the world
CRIMINALS FROM THE PRESENT
Rui Miguel FeioSharing knowledge with the world
01
HACKERS
The	term	hacker	is	used	in	popular	
media	to	describe	someone	w...
Rui Miguel FeioSharing knowledge with the world
CYBER CRIME
• 80%	of Hackers	work with or are	part of an organised crime	
...
Rui Miguel FeioSharing knowledge with the world
TYPICAL BUSINESS ORGANISATION
CEO
CFO
Management
Sales	People
CIO
Manageme...
Rui Miguel FeioSharing knowledge with the world
“CYBERCRIME INC.” ORGANISATION
CEO
(Boss)
CFO
(Underboss)
Management	
(Lie...
Rui Miguel FeioSharing knowledge with the world
Innovative Marketing Inc. (aka IMI)
• Founded	by	Sam	Jain	and	Daniel	Sundi...
Rui Miguel FeioSharing knowledge with the world
Innovative Marketing Inc. (aka IMI)
Photograph taken in 2003
BJORN DANIEL ...
Rui Miguel FeioSharing knowledge with the world
Carbanak Group (aka Anunak)
• “Found”	early	in	2015	by	Kaspersky	Lab
• Use...
Rui Miguel FeioSharing knowledge with the world
COST OF CYBER CRIME IN THE UK
https://www.getsafeonline.org/news/fraud-cyb...
Rui Miguel FeioSharing knowledge with the world
ONLINE SECURITY THREATS
Risks
Virus
X-Site	
Scripting
Spoofing
Denial-of-S...
Rui Miguel FeioSharing knowledge with the world
THE DARK WEB
Dark	Web
Accessible only through special browsers like
TOR, t...
Rui Miguel FeioSharing knowledge with the world
CRYPTO CURRENCIES HELP CYBER CRIME
Rui Miguel FeioSharing knowledge with the world
HACKING-AS-A-SERVICE
http://5eme2auqilcux2wq.onion/
Rui Miguel FeioSharing knowledge with the world
HACKING-AS-A-SERVICE
http://hacker4hhjvre2qj.onion/
Rui Miguel FeioSharing knowledge with the world
HACKING-AS-A-SERVICE
http://hacker4hhjvre2qj.onion/
Rui Miguel FeioSharing knowledge with the world
AVAILABLE TOOLS
SOFTWARE HARDWARE
Rui Miguel FeioSharing knowledge with the world
AVAILABLE TOOLS
TRAINING AND TUTORIALS BOOKS AND ARTICLES
Rui Miguel FeioSharing knowledge with the world
INTERESTING FACTS
• Approximately 3.2	billion people use	the internet
• 30...
Rui Miguel FeioSharing knowledge with the world
THE VALUE OF DATA
• How	much	do	you	value	your	privacy?
• How	about	your	f...
Rui Miguel FeioSharing knowledge with the world
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-b...
Rui Miguel FeioSharing knowledge with the world
The	data	breach	cost	per	record	
is	in	average	of	$154	(USD)	
world	wide.	...
Rui Miguel FeioSharing knowledge with the world
VALUE OF DATA TO HACKERS
• Allows	for	identity	theft
• Blackmail:
• Financ...
Rui Miguel FeioSharing knowledge with the world
VALUE OF DATA TO COMPANIES
• Have	you	ever	wondered	why	Facebook	or	Google...
Rui Miguel FeioSharing knowledge with the world
EVERYONE WANTS DATA
• Data	broker	company	Acxiom	Corporation:
• Has	more	t...
Rui Miguel FeioSharing knowledge with the world
THE IMPORTANCE OF AN EMAIL
Rui Miguel FeioSharing knowledge with the world
THE IMPORTANCE OF AN EMAIL
https://www.wired.com/2016/12/yahoo-hack-billio...
Rui Miguel FeioSharing knowledge with the world
THE IMPORTANCE OF AN EMAIL
http://www.fraud-magazine.com/article.aspx?id=4...
Rui Miguel FeioSharing knowledge with the world
SYSTEM Z – IBM’S MAINFRAME
• There’s	this	idea	that	the	mainframe	is	an	ol...
Rui Miguel FeioSharing knowledge with the world
MAINFRAME – THE CROWN JEWELS
• The	mainframe	processes	and	stores	larges	v...
Rui Miguel FeioSharing knowledge with the world
HACKING THE MAINFRAME
Rui Miguel FeioSharing knowledge with the world
INTERNET OF THINGS
IoT
Manufacturers of the IoT
devies are under
pressure ...
Rui Miguel FeioSharing knowledge with the world
MOBILITY
• Mobile devices are moving targets
• Most mobile devices are eas...
Rui Miguel FeioSharing knowledge with the world
THERE ARE NO
PERFECT SYSTEMS
Rui Miguel FeioSharing knowledge with the world
WHAT’S THE SOLUTION?
Rui Miguel FeioSharing knowledge with the world
CYBERSECURITY MUST BE
A PRIORITY AND TAKEN
SERIOUSLY
Rui Miguel FeioSharing knowledge with the world
SOLUTION
• More	legislation	and	regulation	is	required.	For	example:	Gener...
Rui Miguel FeioSharing knowledge with the world
BUT WE ALSO NEED
• Companies,	governments	and	individuals	need	to	change	t...
Rui Miguel FeioSharing knowledge with the world
ON A BUSINESS TRIP
Rui Miguel FeioSharing knowledge with the world
ON A LARGE CLIENT
Rui Miguel FeioSharing knowledge with the world
BE PROACTIVEBE AWAREBE MINDFUL
THREE Bs TO BE SECUREDThese	are	the	3	Bs to...
Rui Miguel FeioSharing knowledge with the world
CONTACTS
ruif@rmfconsulting.com
+44	(0)7570	911459
+351	96	2211	564
www.Ru...
2017 - Cibersecurity v1.0 (English version)
Upcoming SlideShare
Loading in …5
×

2017 - Cibersecurity v1.0 (English version)

342 views

Published on

In this session Rui will discuss the importance and relevance of cibersecurity in the modern world. From the evolution of the online world, to data privacy and criminal organisations. The internet; the "online" world that can bring down individuals, companies, and even nation states. An entertaining approach of the online dangers and what to do to avoid them.

Published in: Internet
  • Be the first to comment

2017 - Cibersecurity v1.0 (English version)

  1. 1. Rui Miguel FeioSharing knowledge with the world Cybersecurity Lisboa, Portugal (2017)
  2. 2. Rui Miguel FeioSharing knowledge with the world RUI MIGUEL FEIO • Working with computers since 9 years old, back in 1984 • Worked for Citibank, IBM, Xerox • Worked with many Blue Chip companies around the world • Specialises in Cyber Security • Experience in different systems(Mainframe, Linux, Windows, Unix,…) • Works with RSM Partners as a Senior Technical Lead • Gives lectures and presentations all over the world Key facts:
  3. 3. Rui Miguel FeioSharing knowledge with the world The ”online world” is worth trillions of British Pounds and it’s being targeted by the criminal world. But How Safe is It? Almost every business requires an online presence today Online Presence 20 % 30 % 25 % 40 % 30 % Contact people / institutions Customers Online Education Social Media Collaboration E-commerce Institutions Increase Revenue Security Business Goals World Wide Markets New Ideas Internet Search YOUR BUSINESS ONLINE
  4. 4. Rui Miguel FeioSharing knowledge with the world VALUE OF ONLINE BUSINESS * https://www.emarketer.com/Article/Worldwide-Retail-Ecommerce-Sales-Will-Reach-1915-Trillion-This-Year/1014369
  5. 5. Rui Miguel FeioSharing knowledge with the world CRIMINALS FROM THE PAST Al Capone Pablo Escobar
  6. 6. Rui Miguel FeioSharing knowledge with the world CRIMINALS FROM THE PRESENT
  7. 7. Rui Miguel FeioSharing knowledge with the world 01 HACKERS The term hacker is used in popular media to describe someone who attempts to break into computer systems. Typically, this kind of hacker would be a proficient programmer or engineer with sufficient technical knowledge to understand the weak points in a security system. 02 CRIMINAL ORGS Criminal activities carried out by criminal organisations by means of computers or the Internet. 03 HACKTIVISTS Hacktivist is a person who gains unauthorised access to computer files or networks in order to further social or political ends. 04 NATION STATES The Nation State actor has a 'Licence to Hack'. They work for a government to disrupt or compromise target governments, organisations or individuals to gain access to valuable data or intelligence, and can create incidents that have international significance. 05 CYBER TERRORISTS A cyber-terrorist is a criminal who uses computer technology and the Internet, especially to cause fear and disruption. Some cyber- terrorists spread computer viruses, and others threaten people, organisations and nations electronically. ‘ACTORS’ OF THE ONLINE THREATS
  8. 8. Rui Miguel FeioSharing knowledge with the world CYBER CRIME • 80% of Hackers work with or are part of an organised crime group * • Traditional criminal organiSations have ‘opened’ cybercrime divisions: • Cosa Nostra (Italian Mafia) • Japanese Yakuza • Chinese Triads • Russian Mafia • Nigerian mobs • Mexican cartels • They have a “business oriented” mentality (Cybercrime Inc.) * 2014 study by the Rand Corporation
  9. 9. Rui Miguel FeioSharing knowledge with the world TYPICAL BUSINESS ORGANISATION CEO CFO Management Sales People CIO Management Researchers Developers Engineers QA Testers Tech Support HR Director CMO Management Distributors Affiliates
  10. 10. Rui Miguel FeioSharing knowledge with the world “CYBERCRIME INC.” ORGANISATION CEO (Boss) CFO (Underboss) Management (Lieutenant) Money Mules (Soldiers & Associates) CIO (Underboss) Management (Lieutenant) Researchers (Soldiers) Developers (Soldiers) Engineers (Soldiers) QA Testers (Soldiers) Tech Support (Soldiers) HR Director (Underboss) CMO (Underboss) Management (Lieutenant) Distributors (Soldiers) Affiliates (Associates)
  11. 11. Rui Miguel FeioSharing knowledge with the world Innovative Marketing Inc. (aka IMI) • Founded by Sam Jain and Daniel Sundin (HQ in Ukraine) • Developed scareware rogue security programs (WinFixer e WinAntiVirus) • Offices in 4 continents with hundreds of employees • Support centres in Ohio, Argentina and India • Marketed products under more than 1,000 different brands and in 9 languages • From 2002 to 2008 IMI generated hundreds of millions of dollars in profit. * https://www.wired.com/2011/09/mf_scareware/
  12. 12. Rui Miguel FeioSharing knowledge with the world Innovative Marketing Inc. (aka IMI) Photograph taken in 2003 BJORN DANIEL SUNDIN Wire Fraud; Conspiracy to Commit Computer Fraud; Computer Fraud DESCRIPTION Alias: David Sundin Date(s) of Birth Used: August 7, 1978 Place of Birth: Sweden Hair: Red Eyes: Hazel Height: 5'10" Weight: 136 pounds Sex: Male Race: White Occupation: Internet Entrepreneur Nationality: Swedish Languages: English, Swedish NCIC: W10511664 REWARD The FBI is o6ering a reward of up to $20,000 for information leading to the arrest and conviction of Bjorn Daniel Sundin. REMARKS
  13. 13. Rui Miguel FeioSharing knowledge with the world Carbanak Group (aka Anunak) • “Found” early in 2015 by Kaspersky Lab • Used an Advanced Persistent Threat (APT) campaign targeting financial institutions • Estimated $1 Billion US dollars have been stolen in an attack against 100 banks and private customers • Targeted primarily Russia, United States, Germany, China and Ukraine • Rumours of being associated with a computer security company in Russia : • https://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/ https://www.symantec.com/connect/blogs/carbanak-multi-million-dollar-cybercrime-gang-focuses-banks-rather-their-customers
  14. 14. Rui Miguel FeioSharing knowledge with the world COST OF CYBER CRIME IN THE UK https://www.getsafeonline.org/news/fraud-cybercrime-cost-uk-nearly-11bn-in-past-year/
  15. 15. Rui Miguel FeioSharing knowledge with the world ONLINE SECURITY THREATS Risks Virus X-Site Scripting Spoofing Denial-of-Service attack is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users. Malicious Software is a computer program designed to infiltrate and damage computers without the users consent. It’s the general term covering all the different types of threats to your computer such as viruses, spyware, worms, trojans, rootkits and so on. Virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Phishing is the attempt to obtain sensitive information such as usernames, passwords, and confidential data, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Cross-site Scripting (XSS) refers to client- side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. Spoofing is the act of falsifying the origin of an internet communication in order to mislead the recipient. It's widely used to create bogus emails or web pages in order to steal money, passwords or banking credentials.
  16. 16. Rui Miguel FeioSharing knowledge with the world THE DARK WEB Dark Web Accessible only through special browsers like TOR, that are designed for anonymity. Website addresses are not in clear text (e.g. http://3g2upl4pq6kufc4m.onion) You can get access to drugs, weapons, illegal information, hacking tools, hackers, criminals, credit cards details, private confidential data, login credentials, etc. Internet The visible internet that we see when we browse. E.g. Google, Facebook, BBC, company websites, etc.
  17. 17. Rui Miguel FeioSharing knowledge with the world CRYPTO CURRENCIES HELP CYBER CRIME
  18. 18. Rui Miguel FeioSharing knowledge with the world HACKING-AS-A-SERVICE http://5eme2auqilcux2wq.onion/
  19. 19. Rui Miguel FeioSharing knowledge with the world HACKING-AS-A-SERVICE http://hacker4hhjvre2qj.onion/
  20. 20. Rui Miguel FeioSharing knowledge with the world HACKING-AS-A-SERVICE http://hacker4hhjvre2qj.onion/
  21. 21. Rui Miguel FeioSharing knowledge with the world AVAILABLE TOOLS SOFTWARE HARDWARE
  22. 22. Rui Miguel FeioSharing knowledge with the world AVAILABLE TOOLS TRAINING AND TUTORIALS BOOKS AND ARTICLES
  23. 23. Rui Miguel FeioSharing knowledge with the world INTERESTING FACTS • Approximately 3.2 billion people use the internet • 30.000 web sites are hacked every day • Approximately 204 million emails are sent every minute and 70% of them are spam • The majority of internet traffic is not generated by humans, but by bots and malware. According to a recent study conducted by Incapsula, 61.5% or nearly two- thirds of all the website traffic is caused by Internet bots * https://fossbytes.com/10-interesting-facts-internet-really-need-know/
  24. 24. Rui Miguel FeioSharing knowledge with the world THE VALUE OF DATA • How much do you value your privacy? • How about your friends and family’s privacy? • What do you think could happen if your data was misused? • Have you ever searched or visited an online website that you would rather like to keep it a ‘secret’? • Criminal organisations and hackers aim to access private and confidential data • But legitimate companies are also targeting for private data…
  25. 25. Rui Miguel FeioSharing knowledge with the world http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ DATA BREACHES ARE FREQUENT
  26. 26. Rui Miguel FeioSharing knowledge with the world The data breach cost per record is in average of $154 (USD) world wide. In the UK, the average cost per record is of $159 (USD) / £128 (GBP). $154 COST PER RECORD The most targeted sector by attackers was the Healthcare, followed by Education, Financial, Services, Life Science, Retail, Communications, Industrial, Energy and Technology. HEALTH TARGETED SECTOR The global average number of breached records was 23,834. In the UK, the average number was of 22,759 breached records. 23,834 RECORDS BREACHED Globally, malicious or criminal attacks accounted for 48% of the root cause of the data breach, followed by 27% for system glitch and 25% for human error. In the UK these numbers were 51%, 24%, and 25% respectively. 48% ROOT CAUSE 2016 RESEARCH * Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC June 2016
  27. 27. Rui Miguel FeioSharing knowledge with the world VALUE OF DATA TO HACKERS • Allows for identity theft • Blackmail: • Financial gaining • Access to private data • Access to systems • Access to privileged information that could lead to compromise or access the data of another person or entity • Selling of the data to third parties (including legitimate companies)
  28. 28. Rui Miguel FeioSharing knowledge with the world VALUE OF DATA TO COMPANIES • Have you ever wondered why Facebook or Google are worth billions of US dollars? • A study published by the Wall Street Journal on Facebook: • Each long-term user is worth $80.95 • Each friendship is worth $0.62 • Your profile page is worth $1,800 • A business page and associated ad revenues are worth $3.1 million • Google in the other hand: • Processes around 24 Petabytes of data each day • Produces ”online profiles” of its users • The data is then stored and sold for publicity
  29. 29. Rui Miguel FeioSharing knowledge with the world EVERYONE WANTS DATA • Data broker company Acxiom Corporation: • Has more than 23,000 servers • These servers collect, collate and analyse more than 50 trillion unique data transactions per year • 96% of American households are in its databases • Has more than 700 million user profiles from around the world • Each profile has more than 1,500 specific traits • One quote stated ‘This is the age of the stalker economy’…
  30. 30. Rui Miguel FeioSharing knowledge with the world THE IMPORTANCE OF AN EMAIL
  31. 31. Rui Miguel FeioSharing knowledge with the world THE IMPORTANCE OF AN EMAIL https://www.wired.com/2016/12/yahoo-hack-billion-users/ • According to Yahoo the data included: • Names • Email addresses • Contacts • Date of Birth details • Hashed passwords • A mix of questions and answers encrypted and not encrypted • Also, according to Yahoo, the data did not include: • Unencrypted passwords • Credit card details • Bank account details • Are we to trust what Yahoo says?...
  32. 32. Rui Miguel FeioSharing knowledge with the world THE IMPORTANCE OF AN EMAIL http://www.fraud-magazine.com/article.aspx?id=4294987206
  33. 33. Rui Miguel FeioSharing knowledge with the world SYSTEM Z – IBM’S MAINFRAME • There’s this idea that the mainframe is an old and obsolete technology • IBM keeps releasing new mainframes every few years. Recently they have released the z13 that cost IBM more than US $1 billion in R&D • Who uses the mainframe? • 96 of the 100 largest banks in the world • 23 of the 25 largest retail companies in the US • 9 of the 10 largest insurance companies in the world • Government agencies • Military • Universities
  34. 34. Rui Miguel FeioSharing knowledge with the world MAINFRAME – THE CROWN JEWELS • The mainframe processes and stores larges volumes of data • It’s considered the most secure platform in the world that cannot be hacked • As such, it does not require big investments in security… • Unfortunately, it’s not quite so. The truth is: • The mainframe is a platform that is highly securable but not secured by default. Investment and resources are required to secure it
  35. 35. Rui Miguel FeioSharing knowledge with the world HACKING THE MAINFRAME
  36. 36. Rui Miguel FeioSharing knowledge with the world INTERNET OF THINGS IoT Manufacturers of the IoT devies are under pressure to release new gadgets with new functionalities to an ever more demanding customer. However, security is not greatly taken in consideration which creates security risks to individuals, organisations and governments. Security Risk There are currently 6.4 billion IoT devices connected to the internet. It’s estimated that by 2020, there will be 20 to 50 billion IoT devices connected to the internet. Internet of Things
  37. 37. Rui Miguel FeioSharing knowledge with the world MOBILITY • Mobile devices are moving targets • Most mobile devices are easy to hack and compromise • Mobile devices may contain private and business data • Hackers ‘love’ mobile devices • If compromised, they can become entry points to your home or business IT network The Downside • Being able to access data and do business wherever you are is a major advantage and a requirement in the modern world. Mobility is Good • Old devices • Operating system not up-to-date • Apps can leak and collect personal data • Connected to ‘dubious’ free WiFi spots • Devices not protected with access credentials Risks and Threats
  38. 38. Rui Miguel FeioSharing knowledge with the world THERE ARE NO PERFECT SYSTEMS
  39. 39. Rui Miguel FeioSharing knowledge with the world WHAT’S THE SOLUTION?
  40. 40. Rui Miguel FeioSharing knowledge with the world CYBERSECURITY MUST BE A PRIORITY AND TAKEN SERIOUSLY
  41. 41. Rui Miguel FeioSharing knowledge with the world SOLUTION • More legislation and regulation is required. For example: General Data Protection Regulation (GDPR). • https://en.wikipedia.org/wiki/General_Data_Protection_Regulation • Investment is a must! • Hire experient and qualified staff • Training and education • Review the IT systems, processes and procedures • Regularly implement: • Penetration tests • Security audits • Vulnerability scanning • Data classification • Recertification
  42. 42. Rui Miguel FeioSharing knowledge with the world BUT WE ALSO NEED • Companies, governments and individuals need to change their mindset and attitude in regards to security risks and threats: • It’s important to keep the systems updated • Question the origin of documents, links, emails, etc • Be aware and mindful of the data they share online • Default userids/passwords • Security must be always in your mind! • Security is not only at work • Think about the IoT devices • Don’t forget security at home • Remember: • Free can be very expensive! • Blind trust can be fatal!
  43. 43. Rui Miguel FeioSharing knowledge with the world ON A BUSINESS TRIP
  44. 44. Rui Miguel FeioSharing knowledge with the world ON A LARGE CLIENT
  45. 45. Rui Miguel FeioSharing knowledge with the world BE PROACTIVEBE AWAREBE MINDFUL THREE Bs TO BE SECUREDThese are the 3 Bs to help you be secured in the cyber world. Be mindful of what you do; always question if you should click on a link, on an option, if you should open a document, the source of the document or email. Be aware of the security risks; keep informed, ask questions. Don’t put yourself and your business at risk. Be proactive. Don’t wait until your systems are compromised. Keep them up-to-date with the latest versions of the operating system, and software. Apply the security fixes. Have a firewall and an anti-virus and keep them updated. Ask for professional, experienced help. In the long run this can save you a lot of money!! WHAT TO DO
  46. 46. Rui Miguel FeioSharing knowledge with the world CONTACTS ruif@rmfconsulting.com +44 (0)7570 911459 +351 96 2211 564 www.RuiFeio.com t f g l EMAIL + CONTACTS SOCIAL MEDIA (for the latest news on Cybersecurity) twitter.com/rfeio facebook.com/RuiMiguelFeio linkedin.com/in/rfeio google.com/+RuiMiguelFeio

×