5. <#>
Baltimore by the Numbers
Initial Ransom Demand:
Remediation Costs:
Remediation and Lost Revenue:
Source: NY Times Aug 2019
$76,000.00
$5,300,000.00
$18,000,000.00
*estimated
7. <#>
Podunk County Elections Board
We believe that elections should be accurate and secure.
We are taking proactive steps to ensure the cyber security and integrity of
Podunk County Elections. To find out more, call: 555-555-5555
10. <#>
RYUK Ransomware
First Appeared: Aug 2018
Russian Controlled* (Wizard
Spider - Grim Spider)
Derived from Hermes
Ransomware source code
Appears to be fairly targeted, based
on ransom demands, Enterprise
focused
Distributed through spam/phish,
possibly through Emotet
(internal)
Indicators of TrickBot (w/Emotet)
on compromised networks
11. <#>
The Curious Case of Emotet
2019 Cisco Threat Report – see last slide
US Cert
Pivoting from a Banking Trojan to a Sophisticated Delivery System
20. <#>
New Cyber Crime Enterprise Model
Improved Efficiencies
• Code Sharing
• Repurposed Malware
• Strategic Sphere Phishing
New Monetization Strategies
• Backend and Transport Support
• Manipulation and Speculation
22. <#>
Choose your battles wisely.
Avoid spending on knee jerk,
point solutions.
What to Do …
Focus on your risk.
Remember, hackers tend to
opportunistic first.
Back to the basics. Security hygiene, risk
assessments, user awareness training.
Get involved with other IT areas and departments.
What is the near term and long term IT strategy
and how can it be secured. Demonstrate value
(metrics, KPIs, show up!)!
24. <#>
Start with a RISK Assessment!!
IT’s All About RISK!!!
Understand your network
Understand your data, and how it is
consumed!
Learn the Business!
26. <#>
Emotet
Malware Research
CyberCrime
Links and Citations
https://blog.talosintelligence.com/2019/01/return-of-emotet.html
https://www.cisco.com/c/dam/en/us/products/se/2019/2/Coll
ateral/cybersecurity-series-threat.pdf
https://www.academia.edu/39011806/RYUK_Ransomware_An
_Analysis_of_a_Dangerous_New_Malware
https://www.isaca.org/info/state-of-cybersecurity-
2019/index.html?cid=pr_1237247&appeal=pr
Editor's Notes
Seems opportunistic – but Facebook is interesting ….
It is imperative that IT and IT Security be fully involved with the Business! IT and by extension IT Security should be establishing the business requirements for which IT fulfills.
Security controls, including EDR solutions, should be commiserate to the relative risk to the organization. If you have a large amount of risk associated with the endpoints, then you should consider an EDR solution. If your data, including user generated data, is housed on servers or cloud infrastructure and the endpoint is little more than an input device, why waste the money?
A good Security Risk Assessment performed by experienced and trained assessors, such as the Strategic Consulting group at Internetwork Engineering, can save you money. Ask us about the ROI on a Security Risk Assessment.