The document discusses how hackers exploit human behavior and motivations to carry out cyber attacks. It describes common attack methods like phishing, spear phishing, vishing and smishing that trick users into handing over sensitive information. Spear phishing targets specific organizations using personalized emails. Malvertising hides malicious code in online ads. The document recommends educating staff about security risks and implementing measures like two-factor authentication, strong passwords, and regular social engineering testing to mitigate risks.
Protecting Your Business from Cybercrime - Cybersecurity 101David J Rosenthal
Cybercrime impacts a lot of users every year.
Indirectly (compromised merchant – credit card)
Directly (compromised login credentials)
Cybercrime’s impact can be financial and reputation to your company
Impacts 1 in 5 small businesses every year
Cybercrime is a global business
The Internet allows attackers to be anywhere in the world and attacking victims anywhere in the world
Today more organized and motivated than any time in history
Learn all about the latest security risks posed to your business - including spear phishing, ransomware and pure data breaches. You'll also learn the best preventative measures you can put in place today to safeguard your business for the future.
In the world of cyber security, a single defeat can be extremely costly.Before you create a plan, it’s vital to learn about the anatomy of a data breach – and understand who your attackers are.
In a standard data breach, the type that occurs between 80 to 90 million times per year, there are roughly 6 essential steps, each of which will be outlined below. It’s time for a quick anatomy lesson to strengthen your cyber security program:
Protecting Your Business from Cybercrime - Cybersecurity 101David J Rosenthal
Cybercrime impacts a lot of users every year.
Indirectly (compromised merchant – credit card)
Directly (compromised login credentials)
Cybercrime’s impact can be financial and reputation to your company
Impacts 1 in 5 small businesses every year
Cybercrime is a global business
The Internet allows attackers to be anywhere in the world and attacking victims anywhere in the world
Today more organized and motivated than any time in history
Learn all about the latest security risks posed to your business - including spear phishing, ransomware and pure data breaches. You'll also learn the best preventative measures you can put in place today to safeguard your business for the future.
In the world of cyber security, a single defeat can be extremely costly.Before you create a plan, it’s vital to learn about the anatomy of a data breach – and understand who your attackers are.
In a standard data breach, the type that occurs between 80 to 90 million times per year, there are roughly 6 essential steps, each of which will be outlined below. It’s time for a quick anatomy lesson to strengthen your cyber security program:
Playbooks define the procedures for security event investigation and response. Phishing - Template allows you to perform a series of tasks designed to handle spear phishing emails on your network.
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
A presentation delivered at the 2014 meeting of the Municipal Information Systems Association of California. Includes suggestions for security awareness programs.
Introduction of Cybercrime: Types, The Internet spawns crime, Worms versus viruses, Computers' roles in crimes, Introduction to digital forensics, Introduction to Incident - Incident Response Methodology –Steps - Activities in Initial Response, Phase after detection of an incident
Common Cyberthreats and How to Prevent Them (2019)Evan Clark
The security team at Twinstate Technologies compiled a list of the most prevalent cyberthreats from 2018 that will continue to be a problem in 2019. Included are prevention tips for each threat.
Download the eBook: https://web.twinstate.com/resources/ebooks/common-cyber-threats
What threatens us in cyberspace?
Phishing: typology of threats
Phishing protection
What is anti-phishing protection?
Website protection
Company and online fraud protection
Conclusion
Learn more about cyber attacks and find out how to secure yourself - https://hacken.live/2BwYyOo
A Night of Phishing @ IUPUI Cyber Security ClubCurtis Brazzell
I was honored to present to students an the public about phishing techniques we use at Pondurance. By request I also demonstrated my PhishAPI tool @ https://github.com/curtbraz/Phishing-API
2017 Cyber Risk Grades by Industry: Normshield Executive PresentationNormShield, Inc.
We analyzed more than 200 organizations and aggregated their cyber security vulnerabilities into easy-to-understand letter grades. This presentation outlines the biggest threats and the most at-risk industries. For the full analysis visit https://info.normshield.com/risk-brief
2015 cemented the saying “No one is immune to hacking” and the high profile breaches of Ashley Madison, LastPass and others was proof of that. Quick Heal detected close to 1.4 billion malware samples in 2015 and this number simply shows how widespread and lucrative cyber-attacks have now become. In this webinar, we will look back at some of the notable highlights from malware attacks in 2015, and then chart the way forward for 2016 and provide our listeners with a heads up on what kind of malware threats to expect. The webinar will cover the following points:
1. Malware detection statistics and highlights from 2015
2. Platform statistics for Windows and Android vulnerabilities
3. Insight into Ransomware and Exploit Kits in 2015
4. A look ahead at the cyber security predictions for 2016 and how we can help you
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield, Inc.
NormShield is at the forefront of orchestrated cyber security operations and reporting, a transformative new category that Gartner calls SOAR. The NormShield cloud platform automates finding vulnerabilities, prioritizes them and provides actionable intelligence. A key differentiation is the company’s combination of advanced automation and human intelligence for reliability unparalleled in the industry. NormShield CISOs receive letter-grade risk scorecards. Their teams manage risk, not data. The results are measurable: informed decisions and swift action that reduces risk as never before possible and at an affordable price.
Unveiling the dark web. The importance of your cybersecurity postureLourdes Paloma Gimenez
We live in the cyberspace but nobody talked us about cybersecurity. The web , deep web and the dark web. The different vectors of cyberattacks. Recommendations to stay protected.
Playbooks define the procedures for security event investigation and response. Phishing - Template allows you to perform a series of tasks designed to handle spear phishing emails on your network.
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
A presentation delivered at the 2014 meeting of the Municipal Information Systems Association of California. Includes suggestions for security awareness programs.
Introduction of Cybercrime: Types, The Internet spawns crime, Worms versus viruses, Computers' roles in crimes, Introduction to digital forensics, Introduction to Incident - Incident Response Methodology –Steps - Activities in Initial Response, Phase after detection of an incident
Common Cyberthreats and How to Prevent Them (2019)Evan Clark
The security team at Twinstate Technologies compiled a list of the most prevalent cyberthreats from 2018 that will continue to be a problem in 2019. Included are prevention tips for each threat.
Download the eBook: https://web.twinstate.com/resources/ebooks/common-cyber-threats
What threatens us in cyberspace?
Phishing: typology of threats
Phishing protection
What is anti-phishing protection?
Website protection
Company and online fraud protection
Conclusion
Learn more about cyber attacks and find out how to secure yourself - https://hacken.live/2BwYyOo
A Night of Phishing @ IUPUI Cyber Security ClubCurtis Brazzell
I was honored to present to students an the public about phishing techniques we use at Pondurance. By request I also demonstrated my PhishAPI tool @ https://github.com/curtbraz/Phishing-API
2017 Cyber Risk Grades by Industry: Normshield Executive PresentationNormShield, Inc.
We analyzed more than 200 organizations and aggregated their cyber security vulnerabilities into easy-to-understand letter grades. This presentation outlines the biggest threats and the most at-risk industries. For the full analysis visit https://info.normshield.com/risk-brief
2015 cemented the saying “No one is immune to hacking” and the high profile breaches of Ashley Madison, LastPass and others was proof of that. Quick Heal detected close to 1.4 billion malware samples in 2015 and this number simply shows how widespread and lucrative cyber-attacks have now become. In this webinar, we will look back at some of the notable highlights from malware attacks in 2015, and then chart the way forward for 2016 and provide our listeners with a heads up on what kind of malware threats to expect. The webinar will cover the following points:
1. Malware detection statistics and highlights from 2015
2. Platform statistics for Windows and Android vulnerabilities
3. Insight into Ransomware and Exploit Kits in 2015
4. A look ahead at the cyber security predictions for 2016 and how we can help you
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield, Inc.
NormShield is at the forefront of orchestrated cyber security operations and reporting, a transformative new category that Gartner calls SOAR. The NormShield cloud platform automates finding vulnerabilities, prioritizes them and provides actionable intelligence. A key differentiation is the company’s combination of advanced automation and human intelligence for reliability unparalleled in the industry. NormShield CISOs receive letter-grade risk scorecards. Their teams manage risk, not data. The results are measurable: informed decisions and swift action that reduces risk as never before possible and at an affordable price.
Unveiling the dark web. The importance of your cybersecurity postureLourdes Paloma Gimenez
We live in the cyberspace but nobody talked us about cybersecurity. The web , deep web and the dark web. The different vectors of cyberattacks. Recommendations to stay protected.
Avoiding the Top Social Media Frauds in 2024 Protective Measures.pptxafiyashaikh25
🔒Protect Yourself from Online Frauds in 2024! 🛡️Don't let cybercriminals compromise your online presence. Safeguard your digital presence with knowledge and proactive measures. Our comprehensive blog sheds light on the top social media frauds of the year and equips you with the tools to defend against them.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
Keeping an Eye On Risk - Current Concerns and Supervisory OversightCBIZ, Inc.
In this presentation, you will
-Gain an understanding of leading edge risk management practices for Credit Unions.
-Gain insight on the Board and Supervisory Committees’ role in the internal control structure.
Recognize areas of potential weakness in the organization.
Gain an understanding of the regulatory environment and impact on risk management.
DefCamp #5, Bucharest, November 29th
Just as a chain is as weak as its weakest link, computer systems are as vulnerable as their weakest component – and that’s rarely the technology itself, it’s more often the people using it. This is precisely why it’s usually easier to exploit people’s natural inclination to trust than it is to discover ways to hack into computer systems. As the art of manipulating people into them giving up confidential information, Social Engineering has been a hot topic for many years. This session will discuss some of the most common Social Engineering techniques and countermeasures.
Keeping Your Information Safe with Centralized Security ServicesTechSoup
In this webinar, Felipe Mondragon from Tech Impact shared the basic understanding of how cyberattacks happen and how to prevent them. Small to medium-sized nonprofit organizations are specifically susceptible due to their lack of cybersecurity policies and staff training. The good news is that there are lots of things you can do to protect your organization, even if you’re not a security expert.
In this video we talk about some tools and techniques that can be used to protect your login credentials and digital identity including good password practices, adding Multi Factor Authentication (MFA), and monitoring to alert when a compromised account is found. Don’t assume your organization won’t be targeted – everyone is a target. As with all our webinars, this presentation is appropriate for an audience of varied IT and security experience.
This wonderful presentation, appropriate for teens and young adults, was created by Symantec's Rayane Hazimeh for the Dubai Techfest, 2013. We thank her for generously sharing her content with the SlideShare community.
How To Keep the Grinch From Ruining Your Cyber MondayMichele Chubirka
Ready to avoid crowded stores and online scammers during the holidays? Join Michele Chubirka as she goes through:
-Tips for safe online shopping and securing your banking information
-Protecting yourself from internet scams, phishing and fraud
Safeguard your personal information against identity theft
-How to use Anti-virus and other security software to keep your digital information safe.
Cyber Attacks aren't going away - including Cyber Security in your risk strategyJames Mulhern
There's a data explosion underway and it's a lucrative market for cyber criminals. Charities with their complex contexts and valuable data are an obvious target and so it's essential Cyber threats are addressed in Charities' risk strategies.
This presentation set outs the current situation, what the potential consequences are and who could be impacted before explaining what can be done about it and how to approach the challenge.
Presentation to representatives from the UK Charities sector at the Charity Finance Group's annual IT, Data, Insights and Cyber Security Conference.
2. 2015 US Platinum Meeting | New Orleans
pete.pouridis@mcx.com
469-312-2119
3. “Companies spend millions of
dollars on firewalls, encryption,
and secure access devices and
it's money wasted because
none of these measures
address the weakest link in the
security chain: the people who
use, administer, operate and
account for computer systems
that contain protected
information”
Kevin Mitnick
The Human Element of
Information Security
2015 US Platinum Meeting | New Orleans
4. 2015 US Platinum Meeting | New Orleans
• Over 60% were stolen Credentials obtained
through SE attacks
• 28% of Breached resulted from week
passwords
80% of all breached retailers were PCI
Compliant at the time of the breach
5. The Attack Vector Of Choice
• Advancement of Technology Systems
• Majority rely on Static Credentials
o User Name and Password
o Cumbersome, inconvenient, not user friendly
• Exploit Human Behavior
o Trust of the Millennial Generation
o Adoption and understanding of older generation
• Exploit Human Motivators
o Fear
o Greed
o Willingness to Please or Serve
2015 US Platinum Meeting | New Orleans
6. The Attack Cycle
Typical 4 Steps
1. Information Gathering
o Success of an attack depends on this step
o Most important to focus on and affect success
2. Establishing Trust/Rapport
o Instantly
o Over time
3. Exploitation
o Attack focuses on trust/rapport built
o Affirming or Validating themselves to target
4. Execution
2015 US Platinum Meeting | New Orleans
8. Pick Your Poison
2015 US Platinum Meeting | New Orleans
Phishing
• Phishing scams use spoofed emails and
websites as lures to prompt people to
voluntarily hand over sensitive
information.
9. 2015 US Platinum Meeting | New Orleans
Spear Phishing
• Spear phishing is an e-mail spoofing
fraud attempt that targets a specific
organization, seeking unauthorized
access to confidential data
• The spear phisher thrives on familiarity
He knows your name, your email
address and something about you
• Typically not “Random Hackers”
10. Spear Phishing
“Fear Example”
If you hover your mouse over the links
in the email you can see the actual
website the link will take you to on the
bottom bar
13. 2015 US Platinum Meeting | New Orleans
• Telephone version of phishing is
often called Vishing
• Can be used alone or in
conjunction with a Phishing email
Vishing
• Relies on “social engineering”
techniques to trick one into
providing PII or valuable
Information
14. 2015 US Platinum Meeting | New Orleans
• “Smishing” uses cell phone
text messages to lure
consumers in. Often the text
will contain a URL or phone
number
• The phone number often
has an automated voice
response system which asks
for your immediate
attention
Smishing
• In many cases, the
Smishing message
will come from a
"5000" number
instead of displaying
an actual phone
number
• This usually indicates
the SMS message
was sent via email
16. 2015 US Platinum Meeting | New Orleans
Malvertising
• A malicious form of Internet
advertising used to spread
malware
• Hiding malicious code within
relatively safe online
advertisements. These ads can
lead a victim to unreliable
content or directly infect a
victim's computer with malware
• Relies on social network
advertising or user-supplied
content publishing services
18. Mitigating the Risk
• Have a policy in place
• Educate Your Staff And Associates
o Don’t click through Emails or Texts from Unknown
Sources
o Don’t publish/share job-related activities on social
media and forums
2015 US Platinum Meeting | New Orleans
20. Mitigating the Risk
• Have a policy in place
• Educate Your Staff And Associates
o Don’t click through Emails or Texts from Unknown
Sources
o Don’t publish/share job-related activities on social
media and forums
o Regular Social Pen Testing and Training
o 3rd Party Vendors and Partners
o Protecting your personal and company information
o Call Centers and Support Desk
2015 US Platinum Meeting | New Orleans
21. Mitigating the Risk
• Network Access
• Local Administrator Permissions
• Two Factor Authentication as a minimum Standard
• DLP and Data Categorization
• Cloud Based Storage and Collaboration Share Drives
• Password protecting Files
• Adopt Strong User Name and Password Standards
o Regular Changing of Passwords
o Use of Password “E-Vault” Applications
o Use Single Sign On
o Move away from static credentials
2015 US Platinum Meeting | New Orleans
Company attacks to gain financial or corporate secrets
Consumer [personal] – Comes to you as ATO
In many ways in the weakest link
Not effectively addressed, if at all, in a comprehensive security framework
This is a graphical interpretation of the larger breaches over the past 2 years
60% of people use the same username and PW
High Level Associates – Typically give Exec admins/Assistance their credentials and access.
Exec Admin/Assistant typically has elevated access and, to Confidential Information
Very High Conversion Rates 2/3 % v. 25/30 %
4 STEPS of An ATTACK CYBCLE
Establish Trust/Rapport
Big Smile or Friendly approach as you grab an opening door
Building an Online profile with the target
Exploitation
Holding Door Open and allowing access to building
Giving up user names and passwords
Use Information gathered to validate themselves to the target
Execution
The goal of the attack is accomplished
Erasing digital footprints
It isn’t surprising, then, that the term “phishing” is commonly used to describe these ploys.
There is also a good reason for the use of “ph” in place of the “f” in the spelling of the term.
Some of the earliest hackers were known as phreaks.
Phreaking refers to the exploration, experimenting and study of telecommunication systems.
Phreaks and hackers have always been closely linked.
The “ph” spelling was used to link phishing scams with these underground communities.
BUT - more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.
Configure your mail/messaging Platform by pre-pending inbound email of the subject line with “External”
People can also use this information to pretend to be you and open new lines of credit.
Common forms of Vishing is calling from Help Desk or IT Support
Continue to build on information they obtain (i.e. Operation System and version) which validates them with the next level of person
Do not respond to Smishing messages– a reply of “STOP” is often used to validate an active number.
Because newer form people are more susceptible to getting hooked
EXAMPLE OF Bad and Legit Text SMS
Malvertising reaches record levels in JuneMalvertising campaigns have reached more users than ever before, reported security firm Invincea yesterday, with many brand-name websites affected. The criminals actually bid for the prime advertising slots, though they probably pay for them with stolen credit card numbers. Then they use zero-day Adobe exploits to install clickfraud, botnet, ransomware, and banking Trojan malware. And the attackers don't stop with just one type of infection, he added. "We have seen instances where the initial infection delivers clickfraud malware and then, say, two days later, it will encrypt the hard disk," he said. The websites themselves were not hacked and, for the most part, the publishers were unaware of the malicious activity, according to Belcher, as the criminals got in through the advertising networks. Another tactic that is becoming more common with attackers is that of "sleeper" malware, which lies dormant after download for 14 hours or longer, in order to evade network sandboxes looking for suspicious activity.
Continues to be one of the most popular attacks
Have a Policy – So that associates know what to do and Who to Call
One of the Biggest Targets - Call Centers being trained on account maintenance protocols, etc.
SOCIAL MEDIA PUBLISHING
Open Source Intelligence – “OSINT”
PROTECTING PERSONAL COMPANY INFO
Again - 60% of people use the same PW for everything
Clear Screen
Have a Policy – So that associates know what to do and Who to Call
One of the Biggest Targets - Call Centers being trained on account maintenance protocols, etc.
SOCIAL MEDIA PUBLISHING
Open Source Intelligence – “OSINT”
SOCIAL PEN TESTING
PHISHING, SPEAR and VISHING
Physical ACCESS
DROP a BLACK BOX on Open Network Jack
DROP THUMB DRIVE
SEND POS KEYBOARD
PROTECTING PERSONAL COMPANY INFO
Again - 60% of people use the same PW for everything
Clear Screen
Move away from static credentials
2 Factor; Dynamic Authentication; BioMetrics