SlideShare a Scribd company logo

Letter anonymous-II

Paul Dutot IEng MIET MBCS CITP OSCP CSTM
Paul Dutot IEng MIET MBCS CITP OSCP CSTM

An anonymous letter discusses a hypothetical ransomware attack on a professional services company. The letter outlines how attackers could compromise the target's network through a phishing email containing malware. This initial access could allow the attackers to laterally move within the network and exploit other systems to exfiltrate confidential data. The letter warns that paying the ransom demand does not guarantee the stolen data will not be leaked or that the attackers won't target the company again in the future. It concludes by questioning how the target would respond to such an attack and emphasizes that proper security measures are needed to prevent network compromise.

Technology
1 of 24
Download to read offline
A Letter from Anonymous II
Disclaimer [1] Some of the topics discussed / demonstrated are criminal in nature [2] “Don’t try this at home unless you want to go to jail. You have been warned, I am not responsible for your actions.” [3] You will gain more from the lecture if you participate at times. [4] Any likeness to real people or organisations does not imply anything about security [5] Questions at the end please…
Our Topic [1] What if you received a Cyber ransom / extortion threat? [2] What would be your response? [3] How would the attackers evade capture? [4] How might you be attacked / compromised ? [5] This will be focused from a professional services company point of view e.g. Doctors, Lawyers, Accountants and Telco’s where confidentiality is paramount.
“ 90% of all incidents is people. Whether it’s goofing up, getting infected, behaving badly or losing stuff, most incidents fall into the PEBKAC (Problem Exists Between Keyboard and Chair) and ID-10T (idiot) uber patterns.” “Financial Motivation is also alive and well in phishing attacks. The old method of duping people into providing their personnel identification number or bank information is still around but the targets are largely individuals versus organizations. Phishing with the intent of device compromise is certainly present.” Verizon Data Breach Report Source: Verizon Data Breach report Since October 2014, Jersey and Guernsey companies across all sectors have been targeted by the ‘Dridex’ malware through email phishing.
Our Company Network Server LAN Corporate LAN DMZ Fileserver Database Active Directory Email
Day 1 – The Email Dear Friends and Foes, We have been in your network and taken all your data due to your own poor security. For the small sum of 10,000 EUR you can avoid having all your confidential data leaked online. If we don’t receive payment by Friday 13th November at 6.00 p.m CET to the following Bitcoin address below, we will post your confidential data for all to see. 1An8CzdFJQdSaMeEoKMYyUQ6Fz37wK5GyX You may communicate securely using with us at our email address below:- secure_rex@pony-telecom.eu Our manifesto is at http:dpaste.co/GthD53bx87 and proof of compromise is at http://dpaste.co/HJGYTRF5788976 Yours Sincerely Rex Mundi
Hacker Manifesto [1] [2] [3] [4] [5] Unlike other groups out there, we have no interest whatsoever in making any kind of political or social statement. We are only interested in making money, which brings us to the code of conduct we have put in place Communication and/or negotiations between us and our targets is never released, regardless of whether we get paid or not. We never discuss or even acknowledge the fact that some of our past targets might have paid us. We automatically delete all of the stolen data once a full payment has been made. We never target the same company twice and, for obvious reasons, we always stick with the original requested amount. [6] If we posted the data of a company that has paid us, no other future target would ever agree to pay us. Similarly, asking for more money once we have already been paid would be pointless as no target would pay a second time out of fear we might ask for even more money a third time.
Dear Breach Diary……. Day 1 • Confirm Breach • Contact Police? • Collate Logs • Bring in network forensic experts
Hacker Tradecraft - OPSEC [1] Never reveal operational details [2] Never reveal your plans [3] Never reveal trust anyone [4] Never confuse recreation / hacking [5] Never operate from your house [6] Be proactively paranoid [7] Keep personnel life / hacking separate [8] Keep your personnel environment contraband free [9] Never talk to Police [10] Don’t Give anyone power over you
Funding Attacks
Attack Implementation Purchase Services Fake Name Generator 10 Minute Mail Persona Death
Hacker Tactic – Passive Recon The target has no indication that reconnaissance is taking place against them!!!!
Do you know the most dangerous 71 character cyber attack?
The Phish DMZ Attacker registers <name>- <company_name>.com and clones company website. Adds login form Attacker sends email to company with pretext enticing login to fake website Attacker harvest login and tries to login via VPN. Cost of Setup • Time: 2 hours • Financial < £25 Result • Access to Corporate LAN via VPN • Fails if 2FA is used.
Dear Breach Diary……. 1 • Confirm Breach • Contact Police? • Collate Logs • Bring in network forensic experts • Phishing Attempts discovered • Investigation Corporate LAN2
Passwords / User Reporting Problem Passwords Harvested Bodmin1649 Jersey06 Nemesis87 Whistler07 Whistler02 Australia2000 Jersey59 Monday241 Source: Verizon Data Breach report This is simply that not all attacks will be reported by users to the security for a variety of reasons Solution: Foster a culture to enable users to report issues without fear
Network Partially Compromised Server LAN Corporate LAN DMZ Fileserver Database Active Directory Email User Pc Compromised
Initial Compromise Demo Bypassing a fully patched system with up to date AV signatures
Dear Breach Diary……. 1 • Confirm Breach. • Contact Police? • Collate Logs. • Bring in network forensic experts. • Phishing Attempts discovered. • Investigation Corporate LAN ongoing. 2 • Compromised confirmed on Corporate LAN workstation. • Potential Webserver attacks discovered. 3
Attack 2 – Web Application DMZ Attacker targets website after reconnaissance SQLi SQL Injection used to dump database behind website. Attacker may get shell and be able to use it to attack network and or install malware. Cost of Setup • Time: 2 hours • Financial < £0 Result • Web Server Defacement – Loss of Public trust • Data exfiltration from databases
Lateral Movement – Pass The Hash Server LAN Corporate LAN Fileserver Database Active Directory Email User Pc Compromised Attacker dumps password hashes for all users. Finds new user ‘Bob’ Attacker replays captured credentials against all systems. ‘Bob’ is in the admin group on the fileserver. Attacker uses powershell and AD queries to map network Attacker gets more hashes and compromises the database and AD serversNetwork is now compromised and data exfiltration begins
Dear Breach Diary……. 1 • Confirm Breach. • Contact Police? • Collate Logs. • Bring in network forensic experts. • Phishing Attempts discovered. • Investigation Corporate LAN ongoing. • Inform Police. 2 • Compromised confirmed on Corporate LAN workstation. • Potential Webserver attacks discovered. 3 • Pass The Hash discovered on file server and account created. • Account creation discovered on AD and Database servers • Compromise confirmed. 4 • Confirm state of Police investigation. • Initiate Negative Publicity campaign. • Inform Regulators • Pay / Not Pay? • Go Public before attackers ? 5
Rex Mundi • Labio.fr – exposed patients blood test results • AFC Kredieten – exposed loan applications • Temporis – French employment agency • Dominos Pizza – • Drake International – Canadian employment firm • Americash – American payday lender
Final Thoughts - Questions EU Data Protection Regulations – 2.5 % fine of worldwide turnover for falling to report a breach. [2] Attackers can stay anonymous. Short time frames make it unlikely that a Police investigation will succeed. [1] [3] Once compromised, the game is over. [4] Test the strength of your counter measures..

Recommended

Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Securityprimeteacher32
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
Hacking (cs192 report )
Hacking (cs192 report )Hacking (cs192 report )
Hacking (cs192 report )Elipeta Sotabento
 
All about Hacking
All about HackingAll about Hacking
All about HackingMadhusudhan G
 
Explaining Cybercrime in Nevada
Explaining Cybercrime in NevadaExplaining Cybercrime in Nevada
Explaining Cybercrime in NevadaGoodman Criminal Defense Attorney
 
Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp. Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp. mariotoronto
 
The Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlineThe Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlinePhishLabs
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRohit Trimukhe
 

Recommended

Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Securityprimeteacher32
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
Hacking (cs192 report )
Hacking (cs192 report )Hacking (cs192 report )
Hacking (cs192 report )Elipeta Sotabento
 
All about Hacking
All about HackingAll about Hacking
All about HackingMadhusudhan G
 
Explaining Cybercrime in Nevada
Explaining Cybercrime in NevadaExplaining Cybercrime in Nevada
Explaining Cybercrime in NevadaGoodman Criminal Defense Attorney
 
Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp. Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp. mariotoronto
 
The Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlineThe Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlinePhishLabs
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRohit Trimukhe
 
Security issue in e commerce
Security issue in e commerceSecurity issue in e commerce
Security issue in e commerceBosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
Data Breach Detection: Are you ready for GDPR?
Data Breach Detection: Are you ready for GDPR?Data Breach Detection: Are you ready for GDPR?
Data Breach Detection: Are you ready for GDPR?Digital Transformation EXPO Event Series
 
Hacking & Attack vector
Hacking & Attack vectorHacking & Attack vector
Hacking & Attack vectorSmit Shah
 
Ict H A C K I N G
Ict H A C K I N GIct H A C K I N G
Ict H A C K I N GHafizra Mas
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service DeskNorthCoastHDI
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDumindu Pahalawatta
 
Cyber attack
Cyber attackCyber attack
Cyber attackAvinash Navin
 
Infosec 4 The Home
Infosec 4 The HomeInfosec 4 The Home
Infosec 4 The Homejaysonstreet
 
Cybercrime: A Primer
Cybercrime: A PrimerCybercrime: A Primer
Cybercrime: A Primerfwscholl
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingManish Mudhliyar
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerceakhand Akhandenator
 
Hacker
HackerHacker
Hackerabbasgujjar2525
 
Ict lec#9
Ict lec#9Ict lec#9
Ict lec#9amberkhan59
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentationSreejith Nair
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrimepronab Kurmi
 
Presentation1
Presentation1Presentation1
Presentation1NoRa SyaloVe
 
Trabajo de nayeli (1)
Trabajo de nayeli (1)Trabajo de nayeli (1)
Trabajo de nayeli (1)Liz Oscoy Ü
 
Respuesta a FEUSAM
Respuesta a FEUSAMRespuesta a FEUSAM
Respuesta a FEUSAMLeonelo Iturriaga
 
Jennifer Dionne on Nanotechnology at Stanford
Jennifer Dionne on Nanotechnology at StanfordJennifer Dionne on Nanotechnology at Stanford
Jennifer Dionne on Nanotechnology at Stanfordpiero scaruffi
 
Planning du 1er au 5 février 2016
Planning du 1er au 5 février 2016Planning du 1er au 5 février 2016
Planning du 1er au 5 février 2016esidocvigan
 
WI-FI Security in Jersey 2011
WI-FI Security in Jersey 2011WI-FI Security in Jersey 2011
WI-FI Security in Jersey 2011Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
IMPORTANCE OF CURING IN BUILDING CONSTRUCTION
IMPORTANCE OF CURING IN BUILDING CONSTRUCTIONIMPORTANCE OF CURING IN BUILDING CONSTRUCTION
IMPORTANCE OF CURING IN BUILDING CONSTRUCTIONBangalore Prj
 

More Related Content

What's hot

Hacking & Attack vector
Hacking & Attack vectorHacking & Attack vector
Hacking & Attack vectorSmit Shah
 
Ict H A C K I N G
Ict H A C K I N GIct H A C K I N G
Ict H A C K I N GHafizra Mas
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service DeskNorthCoastHDI
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDumindu Pahalawatta
 
Infosec 4 The Home
Infosec 4 The HomeInfosec 4 The Home
Infosec 4 The Homejaysonstreet
 
Cybercrime: A Primer
Cybercrime: A PrimerCybercrime: A Primer
Cybercrime: A Primerfwscholl
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentationSreejith Nair
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrimepronab Kurmi
 

What's hot (16)

Security issue in e commerce
Security issue in e commerceSecurity issue in e commerce
Security issue in e commerce
 
Data Breach Detection: Are you ready for GDPR?
Data Breach Detection: Are you ready for GDPR?Data Breach Detection: Are you ready for GDPR?
Data Breach Detection: Are you ready for GDPR?
 
Hacking & Attack vector
Hacking & Attack vectorHacking & Attack vector
Hacking & Attack vector
 
Ict H A C K I N G
Ict H A C K I N GIct H A C K I N G
Ict H A C K I N G
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service Desk
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Infosec 4 The Home
Infosec 4 The HomeInfosec 4 The Home
Infosec 4 The Home
 
Cybercrime: A Primer
Cybercrime: A PrimerCybercrime: A Primer
Cybercrime: A Primer
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerce
 
Hacker
HackerHacker
Hacker
 
Ict lec#9
Ict lec#9Ict lec#9
Ict lec#9
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentation
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrime
 
Presentation1
Presentation1Presentation1
Presentation1
 

Viewers also liked

Trabajo de nayeli (1)
Trabajo de nayeli (1)Trabajo de nayeli (1)
Trabajo de nayeli (1)Liz Oscoy Ü
 
Jennifer Dionne on Nanotechnology at Stanford
Jennifer Dionne on Nanotechnology at StanfordJennifer Dionne on Nanotechnology at Stanford
Jennifer Dionne on Nanotechnology at Stanfordpiero scaruffi
 
Planning du 1er au 5 février 2016
Planning du 1er au 5 février 2016Planning du 1er au 5 février 2016
Planning du 1er au 5 février 2016esidocvigan
 
IMPORTANCE OF CURING IN BUILDING CONSTRUCTION
IMPORTANCE OF CURING IN BUILDING CONSTRUCTIONIMPORTANCE OF CURING IN BUILDING CONSTRUCTION
IMPORTANCE OF CURING IN BUILDING CONSTRUCTIONBangalore Prj
 
Bringing the Science of the Laboratory to the Crime Scence Poster
Bringing the Science of the Laboratory to the Crime Scence PosterBringing the Science of the Laboratory to the Crime Scence Poster
Bringing the Science of the Laboratory to the Crime Scence Posterjwylde
 
#HalosFun - Anatomy of a Tweet Chat
#HalosFun - Anatomy of a Tweet Chat#HalosFun - Anatomy of a Tweet Chat
#HalosFun - Anatomy of a Tweet ChatEric Burgess
 
1st Detect Corp - TEDW 2013 - rev 1
1st Detect Corp - TEDW 2013 - rev 11st Detect Corp - TEDW 2013 - rev 1
1st Detect Corp - TEDW 2013 - rev 1jwylde
 
01 propeller tutorial
01 propeller tutorial01 propeller tutorial
01 propeller tutorial7abidin
 
Section 3.2 linear models building linear functions from data
Section 3.2 linear models building linear functions from dataSection 3.2 linear models building linear functions from data
Section 3.2 linear models building linear functions from dataWong Hsiung
 
Top attractions in Doha
Top attractions in DohaTop attractions in Doha
Top attractions in DohaCaleb Falcon
 
Quy trình cắt lẻ nhựa pom tấm bài viết mới
Quy trình cắt lẻ nhựa pom tấm bài viết mớiQuy trình cắt lẻ nhựa pom tấm bài viết mới
Quy trình cắt lẻ nhựa pom tấm bài viết mớiEC Việt Nam
 

Viewers also liked (16)

Trabajo de nayeli (1)
Trabajo de nayeli (1)Trabajo de nayeli (1)
Trabajo de nayeli (1)
 
Respuesta a FEUSAM
Respuesta a FEUSAMRespuesta a FEUSAM
Respuesta a FEUSAM
 
Jennifer Dionne on Nanotechnology at Stanford
Jennifer Dionne on Nanotechnology at StanfordJennifer Dionne on Nanotechnology at Stanford
Jennifer Dionne on Nanotechnology at Stanford
 
Planning du 1er au 5 février 2016
Planning du 1er au 5 février 2016Planning du 1er au 5 février 2016
Planning du 1er au 5 février 2016
 
WI-FI Security in Jersey 2011
WI-FI Security in Jersey 2011WI-FI Security in Jersey 2011
WI-FI Security in Jersey 2011
 
IMPORTANCE OF CURING IN BUILDING CONSTRUCTION
IMPORTANCE OF CURING IN BUILDING CONSTRUCTIONIMPORTANCE OF CURING IN BUILDING CONSTRUCTION
IMPORTANCE OF CURING IN BUILDING CONSTRUCTION
 
Bringing the Science of the Laboratory to the Crime Scence Poster
Bringing the Science of the Laboratory to the Crime Scence PosterBringing the Science of the Laboratory to the Crime Scence Poster
Bringing the Science of the Laboratory to the Crime Scence Poster
 
#HalosFun - Anatomy of a Tweet Chat
#HalosFun - Anatomy of a Tweet Chat#HalosFun - Anatomy of a Tweet Chat
#HalosFun - Anatomy of a Tweet Chat
 
Puja Navarathna
Puja NavarathnaPuja Navarathna
Puja Navarathna
 
NEG Trellis Detail
NEG Trellis DetailNEG Trellis Detail
NEG Trellis Detail
 
1st Detect Corp - TEDW 2013 - rev 1
1st Detect Corp - TEDW 2013 - rev 11st Detect Corp - TEDW 2013 - rev 1
1st Detect Corp - TEDW 2013 - rev 1
 
01 propeller tutorial
01 propeller tutorial01 propeller tutorial
01 propeller tutorial
 
Balok lentur
Balok lenturBalok lentur
Balok lentur
 
Section 3.2 linear models building linear functions from data
Section 3.2 linear models building linear functions from dataSection 3.2 linear models building linear functions from data
Section 3.2 linear models building linear functions from data
 
Top attractions in Doha
Top attractions in DohaTop attractions in Doha
Top attractions in Doha
 
Quy trình cắt lẻ nhựa pom tấm bài viết mới
Quy trình cắt lẻ nhựa pom tấm bài viết mớiQuy trình cắt lẻ nhựa pom tấm bài viết mới
Quy trình cắt lẻ nhựa pom tấm bài viết mới
 

Similar to Letter anonymous-II

Recover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by TictacRecover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by TictacTicTac Data Recovery
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Shawon Raffi
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
 
You think you are safe online. Are You?
You think you are safe online. Are You?You think you are safe online. Are You?
You think you are safe online. Are You?TechGenie
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxprtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessImran Khan
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessMaherHamza9
 
Breakfast Briefings - February 2018
Breakfast Briefings - February 2018Breakfast Briefings - February 2018
Breakfast Briefings - February 2018PKF Francis Clark
 
Computer hacking
Computer hackingComputer hacking
Computer hackingArjun Tomar
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptxRajuSingh730938
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxBilmyRikas
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxssuser59e4b8
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxsumita02
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKaushal Solanki
 

Similar to Letter anonymous-II (20)

Computer hacking
Computer hackingComputer hacking
Computer hacking
 
Recover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by TictacRecover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by Tictac
 
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to doNEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
 
You think you are safe online. Are You?
You think you are safe online. Are You?You think you are safe online. Are You?
You think you are safe online. Are You?
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 
Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
 
Breakfast Briefings - February 2018
Breakfast Briefings - February 2018Breakfast Briefings - February 2018
Breakfast Briefings - February 2018
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Computer hacking
Computer hackingComputer hacking
Computer hacking
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 

More from Paul Dutot IEng MIET MBCS CITP OSCP CSTM

More from Paul Dutot IEng MIET MBCS CITP OSCP CSTM (9)

Welcome to the #WannaCry Wine Club
Welcome to the #WannaCry Wine ClubWelcome to the #WannaCry Wine Club
Welcome to the #WannaCry Wine Club
 
Scanning Channel Islands Cyberspace
Scanning Channel Islands Cyberspace Scanning Channel Islands Cyberspace
Scanning Channel Islands Cyberspace
 
Incident Response in the wake of Dear CEO
Incident Response in the wake of Dear CEOIncident Response in the wake of Dear CEO
Incident Response in the wake of Dear CEO
 
Logicalis Security Conference
Logicalis Security ConferenceLogicalis Security Conference
Logicalis Security Conference
 
Exploiting buffer overflows
Exploiting buffer overflowsExploiting buffer overflows
Exploiting buffer overflows
 
Practical Cyber Defense
Practical Cyber DefensePractical Cyber Defense
Practical Cyber Defense
 
A Letter from Anonymous to the Jersey Finance Industry
A Letter from Anonymous to the Jersey Finance IndustryA Letter from Anonymous to the Jersey Finance Industry
A Letter from Anonymous to the Jersey Finance Industry
 
Infosec lecture-final
Infosec lecture-finalInfosec lecture-final
Infosec lecture-final
 
Path to Surfdroid
Path to SurfdroidPath to Surfdroid
Path to Surfdroid
 

Recently uploaded

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Letter anonymous-II

  • 1. A Letter from Anonymous II
  • 2. Disclaimer [1] Some of the topics discussed / demonstrated are criminal in nature [2] “Don’t try this at home unless you want to go to jail. You have been warned, I am not responsible for your actions.” [3] You will gain more from the lecture if you participate at times. [4] Any likeness to real people or organisations does not imply anything about security [5] Questions at the end please…
  • 3. Our Topic [1] What if you received a Cyber ransom / extortion threat? [2] What would be your response? [3] How would the attackers evade capture? [4] How might you be attacked / compromised ? [5] This will be focused from a professional services company point of view e.g. Doctors, Lawyers, Accountants and Telco’s where confidentiality is paramount.
  • 4. “ 90% of all incidents is people. Whether it’s goofing up, getting infected, behaving badly or losing stuff, most incidents fall into the PEBKAC (Problem Exists Between Keyboard and Chair) and ID-10T (idiot) uber patterns.” “Financial Motivation is also alive and well in phishing attacks. The old method of duping people into providing their personnel identification number or bank information is still around but the targets are largely individuals versus organizations. Phishing with the intent of device compromise is certainly present.” Verizon Data Breach Report Source: Verizon Data Breach report Since October 2014, Jersey and Guernsey companies across all sectors have been targeted by the ‘Dridex’ malware through email phishing.
  • 5. Our Company Network Server LAN Corporate LAN DMZ Fileserver Database Active Directory Email
  • 6. Day 1 – The Email Dear Friends and Foes, We have been in your network and taken all your data due to your own poor security. For the small sum of 10,000 EUR you can avoid having all your confidential data leaked online. If we don’t receive payment by Friday 13th November at 6.00 p.m CET to the following Bitcoin address below, we will post your confidential data for all to see. 1An8CzdFJQdSaMeEoKMYyUQ6Fz37wK5GyX You may communicate securely using with us at our email address below:- secure_rex@pony-telecom.eu Our manifesto is at http:dpaste.co/GthD53bx87 and proof of compromise is at http://dpaste.co/HJGYTRF5788976 Yours Sincerely Rex Mundi
  • 7. Hacker Manifesto [1] [2] [3] [4] [5] Unlike other groups out there, we have no interest whatsoever in making any kind of political or social statement. We are only interested in making money, which brings us to the code of conduct we have put in place Communication and/or negotiations between us and our targets is never released, regardless of whether we get paid or not. We never discuss or even acknowledge the fact that some of our past targets might have paid us. We automatically delete all of the stolen data once a full payment has been made. We never target the same company twice and, for obvious reasons, we always stick with the original requested amount. [6] If we posted the data of a company that has paid us, no other future target would ever agree to pay us. Similarly, asking for more money once we have already been paid would be pointless as no target would pay a second time out of fear we might ask for even more money a third time.
  • 8. Dear Breach Diary……. Day 1 • Confirm Breach • Contact Police? • Collate Logs • Bring in network forensic experts
  • 9. Hacker Tradecraft - OPSEC [1] Never reveal operational details [2] Never reveal your plans [3] Never reveal trust anyone [4] Never confuse recreation / hacking [5] Never operate from your house [6] Be proactively paranoid [7] Keep personnel life / hacking separate [8] Keep your personnel environment contraband free [9] Never talk to Police [10] Don’t Give anyone power over you
  • 12. Hacker Tactic – Passive Recon The target has no indication that reconnaissance is taking place against them!!!!
  • 13. Do you know the most dangerous 71 character cyber attack?
  • 14. The Phish DMZ Attacker registers <name>- <company_name>.com and clones company website. Adds login form Attacker sends email to company with pretext enticing login to fake website Attacker harvest login and tries to login via VPN. Cost of Setup • Time: 2 hours • Financial < £25 Result • Access to Corporate LAN via VPN • Fails if 2FA is used.
  • 15. Dear Breach Diary……. 1 • Confirm Breach • Contact Police? • Collate Logs • Bring in network forensic experts • Phishing Attempts discovered • Investigation Corporate LAN2
  • 16. Passwords / User Reporting Problem Passwords Harvested Bodmin1649 Jersey06 Nemesis87 Whistler07 Whistler02 Australia2000 Jersey59 Monday241 Source: Verizon Data Breach report This is simply that not all attacks will be reported by users to the security for a variety of reasons Solution: Foster a culture to enable users to report issues without fear
  • 17. Network Partially Compromised Server LAN Corporate LAN DMZ Fileserver Database Active Directory Email User Pc Compromised
  • 18. Initial Compromise Demo Bypassing a fully patched system with up to date AV signatures
  • 19. Dear Breach Diary……. 1 • Confirm Breach. • Contact Police? • Collate Logs. • Bring in network forensic experts. • Phishing Attempts discovered. • Investigation Corporate LAN ongoing. 2 • Compromised confirmed on Corporate LAN workstation. • Potential Webserver attacks discovered. 3
  • 20. Attack 2 – Web Application DMZ Attacker targets website after reconnaissance SQLi SQL Injection used to dump database behind website. Attacker may get shell and be able to use it to attack network and or install malware. Cost of Setup • Time: 2 hours • Financial < £0 Result • Web Server Defacement – Loss of Public trust • Data exfiltration from databases
  • 21. Lateral Movement – Pass The Hash Server LAN Corporate LAN Fileserver Database Active Directory Email User Pc Compromised Attacker dumps password hashes for all users. Finds new user ‘Bob’ Attacker replays captured credentials against all systems. ‘Bob’ is in the admin group on the fileserver. Attacker uses powershell and AD queries to map network Attacker gets more hashes and compromises the database and AD serversNetwork is now compromised and data exfiltration begins
  • 22. Dear Breach Diary……. 1 • Confirm Breach. • Contact Police? • Collate Logs. • Bring in network forensic experts. • Phishing Attempts discovered. • Investigation Corporate LAN ongoing. • Inform Police. 2 • Compromised confirmed on Corporate LAN workstation. • Potential Webserver attacks discovered. 3 • Pass The Hash discovered on file server and account created. • Account creation discovered on AD and Database servers • Compromise confirmed. 4 • Confirm state of Police investigation. • Initiate Negative Publicity campaign. • Inform Regulators • Pay / Not Pay? • Go Public before attackers ? 5
  • 23. Rex Mundi • Labio.fr – exposed patients blood test results • AFC Kredieten – exposed loan applications • Temporis – French employment agency • Dominos Pizza – • Drake International – Canadian employment firm • Americash – American payday lender
  • 24. Final Thoughts - Questions EU Data Protection Regulations – 2.5 % fine of worldwide turnover for falling to report a breach. [2] Attackers can stay anonymous. Short time frames make it unlikely that a Police investigation will succeed. [1] [3] Once compromised, the game is over. [4] Test the strength of your counter measures..