SlideShare a Scribd company logo

CyberCrime attacks on Small Businesses

Download as PPTX, PDF
Jose L. Quiñones-Borrero
Jose L. Quiñones-Borrero

This document contains a summary of Jose L. Quinones' background and expertise. It lists his professional roles including IT director, security consultant, and technical instructor. It also provides an overview of his areas of focus such as ransomware, phishing, social engineering, and best practices for password security, backups, and mobile device security. The document aims to educate others on cybersecurity threats and mitigations.

Technology
1 of 26
Jose L. Quinones, BS MCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHSA
UPR, School of Medicine – IT Director Obsidis Consortia, Inc. – President & Founder Security B Sides Puerto Rico – Organizer Init6 Security User Group – Founder & Mentor Self Employed - Technical Instructor  “The Cleaner” PRgov - Information Security Council Member  “Jedi Master”
60% of small businesses that experience a data breach are out of business within 6 months. IBM says there were 1.5 Million attacks alone in 2013, and 81% of them happened to small businesses. Visa reports that 90% of the payment data breaches reported come from small businesses.
Trojans Botnets (Zombie + C&C) Some notorious ones are Citadel – Taken down by Microsoft on 2011 Spy eye – Developers were arrested in 2012 Zeus – In 2014, Spamhaus detected 7,182 distinct IP addresses that hosted a botnet controller
 Is a type of malware which restricts access to the computer system or files that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.  Transactions are made with money cards, wire transfers and most recently , bitcoin.  If you get bit by this bug most likely you will have to pay to recover your files.
 How to recognize Phishing  Legitimate organizations don’t ask for sensitive data over an email.  Is the grammar and lexicon appropriately used? (broken language)  Did you expect a message from that person?  Is the website name spelled correctly (Ex. Amazone.com) How to respond to Phishing  DELETE immediately  Don’t click stuff, enter the link in the browser by hand  Hover over the link to verify the link (still dangerous)  Don't open e-mail attachments …NEVER! If you fell for it …  Change your passwords  Contact any institutions you think its been compromised  Report it to: http://www.ic3.gov
Common Techniques  Impersonation  Pretext  Framing  Elicitation Common attacks  Customer Service  Tech support  Delivery person  Phone  Email/Phishing http://www.social-engineer.org/framework/general-discussion/
 Owners don’t want to mess with their money machines.  The misconception of “that’s just a cash register”  There is new breed of malware specifically for POS. (ie. Back off PoS)  The reality is that most PoS and Kiosks are fully working computers that run some kind software over a common Operating System (ei. Microsoft Windows) connected to the network.
• (3) copies of your data (local, external drive, cloud) • (2) different media (external drive, cloud, DVD) • (1) copy stores offsite (cloud, home, office, storage facility)
Do not use personal information for passwords Do not use dictionary words as passwords Use at least 3 of the following: a-z, A-Z, 0-9, !@#$%^&* At least 16 characters long Use passphrases  Ex. I like cold pizza, 1 Lik3 c0ld Pizz4! Change regularly (every 90 days) Use a password manager (LastPass)
Use only when absolutely necessary Isolate guest network Authenticate & control access Limit the number of services available (http, https, dns) Use WPA2 with a strong password Control output power * Turn off beacon broadcasting * Use MAC filtering * * Not effective against a skilled attacker
1. Use Password protected access control 2. Control application access and permission 3. Keep the OS and firmware current (update) 4. Backup your data 5. Use remote or automatic wipe if stolen or lost 6. Don’t store personal financial data on your device 7. Beware o free apps 8. Try mobile antivirus (Android) 9. Control Wireless connectivity (Wi-Fi, Bluetooth, NFC, RFID) 10. If possible use a Mobile Device Management (MDM) solution
Read carefully the Terms and conditions of service, and the Privacy Policy You only assurance is a good contract & SLA (get a lawyer) Encrypt everything before uploading it to the cloud Not all clouds are the same, understand you needs. Get the service from a reputable provider.
 Cyber criminal use various method to hide their tracks  Tor Onion Router - Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.  Private VPN - individuals can use VPNs to get access to network resources when they're not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they're using an untrusted public network.  Proxy Servers - In a personal computing context, proxy servers are used to enable user privacy and anonymous surfing.  Spoofing - a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
Data Breaches  http://breachlevelindex.com/#sthash.Whzg9ESf.dpbs Zeus Tracker  https://zeustracker.abuse.ch/monitor.php Live Attack Maps  http://map.ipviking.com/  https://www.fireeye.com/cyber-map/threat-map.html  http://www.sicherheitstacho.eu/  https://cybermap.kaspersky.com/  http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=16434&vie w=map  https://labs.opendns.com/global-network/
 Verizon Data Breach Investigations Report  http://www.verizonenterprise.com/DBIR/  Mandiant Reports  https://www.mandiant.com/resources/mandiant-reports/  IBM Cost of Breach  http://www-935.ibm.com/services/us/en/it-services/security-services/cost-of-data-breach/  Symantec Threat Report  http://www.symantec.com/security_response/publications/threatreport.jsp  Kaspersky Security Analysis  https://securelist.com/analysis/kaspersky-security-bulletin/67864/kaspersky-security-bulletin- 2014-predictions-2015/  MacAfee Threat Report  http://www.mcafee.com/us/apps/view-all/publications.aspx?tf=aaae16480
Blog: http://codefidelio.org Email: josequinones@codefidelio.org Twitter: @josequinones G+: https://plus.google.com/u/2/+JoseLQuinonesBorrero

Recommended

[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention
Seqrite
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world
Seqrite
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
Haider Ali Malik
 
Presentation on Software Piracy
Presentation on Software PiracyPresentation on Software Piracy
Presentation on Software Piracy
Pallavi Agarwal
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
Shawn Crimson
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
eiramespi07
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in Banking
Seqrite
 
Computer Security
Computer SecurityComputer Security
Computer SecurityVaibhavi Patel
 

Recommended

[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention
Seqrite
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world
Seqrite
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
Haider Ali Malik
 
Presentation on Software Piracy
Presentation on Software PiracyPresentation on Software Piracy
Presentation on Software Piracy
Pallavi Agarwal
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
Shawn Crimson
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
eiramespi07
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in Banking
Seqrite
 
Computer Security
Computer SecurityComputer Security
Computer SecurityVaibhavi Patel
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
Damian T. Gordon
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksVladimir Jirasek
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industry
Seqrite
 
Insider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataInsider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataLindsey Landolfi
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
Peter Wood
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Software Piracy
Software PiracySoftware Piracy
Software PiracyByerdavi
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
Quick Heal Technologies Ltd.
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Small Business
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
Spire Research and Consulting
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
Mohsin Riaz
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
Dinesh O Bareja
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber Crime
Dr Raghu Khimani
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
Damian T. Gordon
 
Computer Security
Computer SecurityComputer Security
Computer Security
Klynveld Peat Marwick Goerdeler Global Services
 
Top Cyber Security Concerns for Small Businesses
Top Cyber Security Concerns for Small BusinessesTop Cyber Security Concerns for Small Businesses
Top Cyber Security Concerns for Small Businesses
Jairo Batista, MBA
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
JamshidRaqi
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?
RONIKMEHRA
 
Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
Jose L. Quiñones-Borrero
 
Securing Your Business
Securing Your BusinessSecuring Your Business
Securing Your Business
Jose L. Quiñones-Borrero
 

More Related Content

What's hot

Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
Damian T. Gordon
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksVladimir Jirasek
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industry
Seqrite
 
Insider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataInsider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataLindsey Landolfi
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
Peter Wood
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Software Piracy
Software PiracySoftware Piracy
Software PiracyByerdavi
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
Quick Heal Technologies Ltd.
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Small Business
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
Spire Research and Consulting
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
Mohsin Riaz
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
Dinesh O Bareja
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber Crime
Dr Raghu Khimani
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
Damian T. Gordon
 
Computer Security
Computer SecurityComputer Security
Computer Security
Klynveld Peat Marwick Goerdeler Global Services
 
Top Cyber Security Concerns for Small Businesses
Top Cyber Security Concerns for Small BusinessesTop Cyber Security Concerns for Small Businesses
Top Cyber Security Concerns for Small Businesses
Jairo Batista, MBA
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
JamshidRaqi
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?
RONIKMEHRA
 
Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 

What's hot (20)

Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industry
 
Insider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataInsider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary Data
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Software Piracy
Software PiracySoftware Piracy
Software Piracy
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber Crime
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Top Cyber Security Concerns for Small Businesses
Top Cyber Security Concerns for Small BusinessesTop Cyber Security Concerns for Small Businesses
Top Cyber Security Concerns for Small Businesses
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?
 
Security threats
Security threatsSecurity threats
Security threats
 

Viewers also liked

Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
Jose L. Quiñones-Borrero
 
Securing Your Business
Securing Your BusinessSecuring Your Business
Securing Your Business
Jose L. Quiñones-Borrero
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your Drone
Jose L. Quiñones-Borrero
 
Power Point Hacker
Power Point HackerPower Point Hacker
Power Point Hackeryanizaki
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Suryansh Srivastava
 

Viewers also liked (6)

Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Securing Your Business
Securing Your BusinessSecuring Your Business
Securing Your Business
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your Drone
 
Power Point Hacker
Power Point HackerPower Point Hacker
Power Point Hacker
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 

Similar to CyberCrime attacks on Small Businesses

Information security
Information securityInformation security
Information security
Appin Faridabad
 
Crimes in digital marketing..pptx
Crimes in digital marketing..pptxCrimes in digital marketing..pptx
Crimes in digital marketing..pptx
RajviNikeetaRathore
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
NetWatcher
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Cengage Learning
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
Business.com
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Soo Chin Hock
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
JoselitoJMebolos
 
8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch
iYogi
 
First Union Bank Report
First Union Bank ReportFirst Union Bank Report
First Union Bank ReportYogesh Kumar
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptx
Tapan Khilar
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdf
LucaMartins7
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
MuhammadRehan856177
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
21CT Inc.
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
MuhammadRehan856177
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
Symptai Consulting Limited
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
Anne ndolo
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security Risks
Michael Davis
 

Similar to CyberCrime attacks on Small Businesses (20)

Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paper
 
Information security
Information securityInformation security
Information security
 
Crimes in digital marketing..pptx
Crimes in digital marketing..pptxCrimes in digital marketing..pptx
Crimes in digital marketing..pptx
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch
 
First Union Bank Report
First Union Bank ReportFirst Union Bank Report
First Union Bank Report
 
C3
C3C3
C3
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptx
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdf
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security Risks
 

More from Jose L. Quiñones-Borrero

Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchain
Jose L. Quiñones-Borrero
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
Jose L. Quiñones-Borrero
 
Cryto Party at CCU
Cryto Party at CCUCryto Party at CCU
Cryto Party at CCU
Jose L. Quiñones-Borrero
 
Weaponization of IoT
Weaponization of IoTWeaponization of IoT
Weaponization of IoT
Jose L. Quiñones-Borrero
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and Countermeasures
Jose L. Quiñones-Borrero
 
InfoSec Gamification
InfoSec GamificationInfoSec Gamification
InfoSec Gamification
Jose L. Quiñones-Borrero
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
Jose L. Quiñones-Borrero
 
Pivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG PresentationPivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG Presentation
Jose L. Quiñones-Borrero
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Jose L. Quiñones-Borrero
 
Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013
Jose L. Quiñones-Borrero
 
InfoSec professional advice to university students
InfoSec professional advice to university students InfoSec professional advice to university students
InfoSec professional advice to university students
Jose L. Quiñones-Borrero
 
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meetingBYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
Jose L. Quiñones-Borrero
 

More from Jose L. Quiñones-Borrero (12)

Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchain
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
 
Cryto Party at CCU
Cryto Party at CCUCryto Party at CCU
Cryto Party at CCU
 
Weaponization of IoT
Weaponization of IoTWeaponization of IoT
Weaponization of IoT
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and Countermeasures
 
InfoSec Gamification
InfoSec GamificationInfoSec Gamification
InfoSec Gamification
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
 
Pivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG PresentationPivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG Presentation
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
 
Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013
 
InfoSec professional advice to university students
InfoSec professional advice to university students InfoSec professional advice to university students
InfoSec professional advice to university students
 
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meetingBYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
 

Recently uploaded

Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 

Recently uploaded (20)

Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 

CyberCrime attacks on Small Businesses

  • 1. Jose L. Quinones, BS MCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHSA
  • 2. UPR, School of Medicine – IT Director Obsidis Consortia, Inc. – President & Founder Security B Sides Puerto Rico – Organizer Init6 Security User Group – Founder & Mentor Self Employed - Technical Instructor  “The Cleaner” PRgov - Information Security Council Member  “Jedi Master”
  • 3.
  • 4.
  • 5. 60% of small businesses that experience a data breach are out of business within 6 months. IBM says there were 1.5 Million attacks alone in 2013, and 81% of them happened to small businesses. Visa reports that 90% of the payment data breaches reported come from small businesses.
  • 6.
  • 7. Trojans Botnets (Zombie + C&C) Some notorious ones are Citadel – Taken down by Microsoft on 2011 Spy eye – Developers were arrested in 2012 Zeus – In 2014, Spamhaus detected 7,182 distinct IP addresses that hosted a botnet controller
  • 8.  Is a type of malware which restricts access to the computer system or files that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.  Transactions are made with money cards, wire transfers and most recently , bitcoin.  If you get bit by this bug most likely you will have to pay to recover your files.
  • 9.
  • 10.  How to recognize Phishing  Legitimate organizations don’t ask for sensitive data over an email.  Is the grammar and lexicon appropriately used? (broken language)  Did you expect a message from that person?  Is the website name spelled correctly (Ex. Amazone.com) How to respond to Phishing  DELETE immediately  Don’t click stuff, enter the link in the browser by hand  Hover over the link to verify the link (still dangerous)  Don't open e-mail attachments …NEVER! If you fell for it …  Change your passwords  Contact any institutions you think its been compromised  Report it to: http://www.ic3.gov
  • 11. Common Techniques  Impersonation  Pretext  Framing  Elicitation Common attacks  Customer Service  Tech support  Delivery person  Phone  Email/Phishing http://www.social-engineer.org/framework/general-discussion/
  • 12.  Owners don’t want to mess with their money machines.  The misconception of “that’s just a cash register”  There is new breed of malware specifically for POS. (ie. Back off PoS)  The reality is that most PoS and Kiosks are fully working computers that run some kind software over a common Operating System (ei. Microsoft Windows) connected to the network.
  • 13.
  • 14.
  • 15. • (3) copies of your data (local, external drive, cloud) • (2) different media (external drive, cloud, DVD) • (1) copy stores offsite (cloud, home, office, storage facility)
  • 16. Do not use personal information for passwords Do not use dictionary words as passwords Use at least 3 of the following: a-z, A-Z, 0-9, !@#$%^&* At least 16 characters long Use passphrases  Ex. I like cold pizza, 1 Lik3 c0ld Pizz4! Change regularly (every 90 days) Use a password manager (LastPass)
  • 17.
  • 18. Use only when absolutely necessary Isolate guest network Authenticate & control access Limit the number of services available (http, https, dns) Use WPA2 with a strong password Control output power * Turn off beacon broadcasting * Use MAC filtering * * Not effective against a skilled attacker
  • 19. 1. Use Password protected access control 2. Control application access and permission 3. Keep the OS and firmware current (update) 4. Backup your data 5. Use remote or automatic wipe if stolen or lost 6. Don’t store personal financial data on your device 7. Beware o free apps 8. Try mobile antivirus (Android) 9. Control Wireless connectivity (Wi-Fi, Bluetooth, NFC, RFID) 10. If possible use a Mobile Device Management (MDM) solution
  • 20. Read carefully the Terms and conditions of service, and the Privacy Policy You only assurance is a good contract & SLA (get a lawyer) Encrypt everything before uploading it to the cloud Not all clouds are the same, understand you needs. Get the service from a reputable provider.
  • 21.
  • 22.
  • 23.  Cyber criminal use various method to hide their tracks  Tor Onion Router - Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.  Private VPN - individuals can use VPNs to get access to network resources when they're not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they're using an untrusted public network.  Proxy Servers - In a personal computing context, proxy servers are used to enable user privacy and anonymous surfing.  Spoofing - a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
  • 24. Data Breaches  http://breachlevelindex.com/#sthash.Whzg9ESf.dpbs Zeus Tracker  https://zeustracker.abuse.ch/monitor.php Live Attack Maps  http://map.ipviking.com/  https://www.fireeye.com/cyber-map/threat-map.html  http://www.sicherheitstacho.eu/  https://cybermap.kaspersky.com/  http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=16434&vie w=map  https://labs.opendns.com/global-network/
  • 25.  Verizon Data Breach Investigations Report  http://www.verizonenterprise.com/DBIR/  Mandiant Reports  https://www.mandiant.com/resources/mandiant-reports/  IBM Cost of Breach  http://www-935.ibm.com/services/us/en/it-services/security-services/cost-of-data-breach/  Symantec Threat Report  http://www.symantec.com/security_response/publications/threatreport.jsp  Kaspersky Security Analysis  https://securelist.com/analysis/kaspersky-security-bulletin/67864/kaspersky-security-bulletin- 2014-predictions-2015/  MacAfee Threat Report  http://www.mcafee.com/us/apps/view-all/publications.aspx?tf=aaae16480
  • 26. Blog: http://codefidelio.org Email: josequinones@codefidelio.org Twitter: @josequinones G+: https://plus.google.com/u/2/+JoseLQuinonesBorrero