SlideShare a Scribd company logo

Why do THEY want your digital devices?

Download as PPTX, PDF
ESET
ESET

Security expert Stephen Cobb looks at the goals and motives of criminal hackers, and how to mitigate the two main avenues of attack using smart scanning and strong authentication.

Technology
1 of 17
Why THEY want your digital devices Stephen Cobb, CISSP Security Evangelist
To own your network?
36 ways to abuse hacked devices • Phishing site • Spam zombie • Malware download site • DDoS extortion zombie • Warez piracy server Web Botnet • Click fraud zombie • Child porn server server activity • Anonymization proxy • Spam site • CAPTCHA solving zombie • Harvest email contacts • eBay/PayPal fake auctions • Harvest associated accounts • Online gaming credentials • Access to corporate email Email Account • Website FTP credentials • Webmail spam attacks credentials • Skype/VoIP credentials • Stranded abroad scams • Encryption certificates • Online gaming characters • Bank account data • Online gaming goods/$$$ Virtual Financial • Credit card data • PC game license keys goods credentials • Stock and 401K accounts • OS license key • Wire transfer data • Facebook • Fake antivirus • Twitter Reputation Hostage • Ransomware • LinkedIn hijacking attacks • Email account ransom • Google+ • Webcam image extortion Based on original work by Brian Krebs: krebsonsecurity.com
MONEY ADVANTAGE IMPACT CREDENTIALS
720 breaches by size of organization (employees) Over 100,000 10,001 to 100,000 1,001 to 10,000 101 to 1,000 11 to 100 1 to 10 SMBs 0 100 200 300 400 500 600 Verizon 2012 Data Breach Investigations Report
The SMB sweet spot for the cyber- criminally inclined Big enterprise Assets SMB “sweet spot” worth looting Consumers Level of protection
How do they get to your devices? 1. Malware involved in 69% of breaches 2. Hacking* used in 81% of breaches Breaches combining malware and hacking: 61% *80% of hacking is passwords: default, missing, guessed, stolen, cracked Verizon 2012 Data Breach Investigations Report
Tools of the trade
Thriving markets for credentials
Hot markets for hacked devices
All driven by proven business strategies
So how do you defend your devices? Two main attacks…. …and defenses Malware Scanning Hacking Authentication
Scanning requires proper implementation Measures in use at a sample of healthcare facilities Require AV on mobile devices Scan devices prior to connection Scan devices while connected 0% 10% 20% 30% 40% Ponemon Institute Third Annual Benchmark Study on Patient Privacy & Data Security
Authentication requires more than passwords Passwords exposed in 2012: 75,000,000 And those are just the ones we know about Need to add a second factor to authentication
The defenses you need Malware SMART Scanning Hacking STRONG Authentication Plus polices and training to implement effectively
Thank you! Stephen Cobb  stephen.cobb@eset.com WeLiveSecurity.com

Recommended

Enjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsEnjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber Criminals
Stephen Cobb
 
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachAny Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
CBIZ Risk & Advisory Services
 
Spiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionSpiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout session
Shane Rice
 
10 Fun Short IT Horror Stories
10 Fun Short IT Horror Stories10 Fun Short IT Horror Stories
10 Fun Short IT Horror Stories
Stu Sjouwerman
 
Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-Updated
Jayaseelan Vejayon
 
Awareness of Sim Swap Attack
Awareness of Sim Swap AttackAwareness of Sim Swap Attack
Awareness of Sim Swap Attack
ijtsrd
 
Sim swapping
Sim swappingSim swapping
Sim swapping
lalakis2001
 
Tips for safe purchasing on the web
Tips for safe purchasing on the webTips for safe purchasing on the web
Tips for safe purchasing on the web
Keynectis
 

Recommended

Enjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsEnjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber Criminals
Stephen Cobb
 
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachAny Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
CBIZ Risk & Advisory Services
 
Spiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionSpiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout session
Shane Rice
 
10 Fun Short IT Horror Stories
10 Fun Short IT Horror Stories10 Fun Short IT Horror Stories
10 Fun Short IT Horror Stories
Stu Sjouwerman
 
Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-Updated
Jayaseelan Vejayon
 
Awareness of Sim Swap Attack
Awareness of Sim Swap AttackAwareness of Sim Swap Attack
Awareness of Sim Swap Attack
ijtsrd
 
Sim swapping
Sim swappingSim swapping
Sim swapping
lalakis2001
 
Tips for safe purchasing on the web
Tips for safe purchasing on the webTips for safe purchasing on the web
Tips for safe purchasing on the web
Keynectis
 
Phishing
PhishingPhishing
Phishing
Naval OPSEC
 
Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER
Sooraj Maurya
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraud
Radiant Minds
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
Quick Heal Technologies Ltd.
 
Cyber fraud a threat to E commerce
Cyber fraud a threat to E commerceCyber fraud a threat to E commerce
Cyber fraud a threat to E commerce
Sudeshna07
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Durban Chamber of Commerce and Industry
 
Chapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce JenChapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce Jen
VidaB
 
Securing Internet Payment Systems
Securing Internet Payment SystemsSecuring Internet Payment Systems
Securing Internet Payment Systems
Domenico Catalano
 
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki... Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
ArielMcCurdy
 
Mr SIM Swap Gone Phishing
Mr SIM Swap Gone PhishingMr SIM Swap Gone Phishing
Mr SIM Swap Gone Phishing
Jacqueline Fick
 
E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B Ahmed
VidaB
 
Identity theft pp presentation
Identity theft pp presentationIdentity theft pp presentation
Identity theft pp presentation
Yusuf Qadir
 
Identity Theft: Evolving with Technology
Identity Theft: Evolving with TechnologyIdentity Theft: Evolving with Technology
Identity Theft: Evolving with Technology
- Mark - Fullbright
 
Cyber safe girl e book
Cyber safe girl e bookCyber safe girl e book
Cyber safe girl e book
Mukarram Dhorajiwala
 
ELECTRONIC FRAUD TACTICS
ELECTRONIC FRAUD TACTICS ELECTRONIC FRAUD TACTICS
ELECTRONIC FRAUD TACTICS
ICFAI Business School
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
Network Intelligence India
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual Report
Labris Networks
 
Safer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and ResponseSafer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and Response
Stephen Cobb
 
Data security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigationData security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigation
Nick Chandi
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Seccuris Inc.
 
Telesign impermium webinar deck-121312
Telesign impermium webinar deck-121312Telesign impermium webinar deck-121312
Telesign impermium webinar deck-121312
Dean Nicolls
 
Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2
Management Insights LLC
 

More Related Content

What's hot

Phishing
PhishingPhishing
Phishing
Naval OPSEC
 
Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER
Sooraj Maurya
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraud
Radiant Minds
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
Quick Heal Technologies Ltd.
 
Cyber fraud a threat to E commerce
Cyber fraud a threat to E commerceCyber fraud a threat to E commerce
Cyber fraud a threat to E commerce
Sudeshna07
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Durban Chamber of Commerce and Industry
 
Chapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce JenChapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce Jen
VidaB
 
Securing Internet Payment Systems
Securing Internet Payment SystemsSecuring Internet Payment Systems
Securing Internet Payment Systems
Domenico Catalano
 
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki... Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
ArielMcCurdy
 
Mr SIM Swap Gone Phishing
Mr SIM Swap Gone PhishingMr SIM Swap Gone Phishing
Mr SIM Swap Gone Phishing
Jacqueline Fick
 
E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B Ahmed
VidaB
 
Identity theft pp presentation
Identity theft pp presentationIdentity theft pp presentation
Identity theft pp presentation
Yusuf Qadir
 
Identity Theft: Evolving with Technology
Identity Theft: Evolving with TechnologyIdentity Theft: Evolving with Technology
Identity Theft: Evolving with Technology
- Mark - Fullbright
 
Cyber safe girl e book
Cyber safe girl e bookCyber safe girl e book
Cyber safe girl e book
Mukarram Dhorajiwala
 
ELECTRONIC FRAUD TACTICS
ELECTRONIC FRAUD TACTICS ELECTRONIC FRAUD TACTICS
ELECTRONIC FRAUD TACTICS
ICFAI Business School
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
Network Intelligence India
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual Report
Labris Networks
 

What's hot (17)

Phishing
PhishingPhishing
Phishing
 
Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraud
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
 
Cyber fraud a threat to E commerce
Cyber fraud a threat to E commerceCyber fraud a threat to E commerce
Cyber fraud a threat to E commerce
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Chapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce JenChapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce Jen
 
Securing Internet Payment Systems
Securing Internet Payment SystemsSecuring Internet Payment Systems
Securing Internet Payment Systems
 
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki... Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
 
Mr SIM Swap Gone Phishing
Mr SIM Swap Gone PhishingMr SIM Swap Gone Phishing
Mr SIM Swap Gone Phishing
 
E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B Ahmed
 
Identity theft pp presentation
Identity theft pp presentationIdentity theft pp presentation
Identity theft pp presentation
 
Identity Theft: Evolving with Technology
Identity Theft: Evolving with TechnologyIdentity Theft: Evolving with Technology
Identity Theft: Evolving with Technology
 
Cyber safe girl e book
Cyber safe girl e bookCyber safe girl e book
Cyber safe girl e book
 
ELECTRONIC FRAUD TACTICS
ELECTRONIC FRAUD TACTICS ELECTRONIC FRAUD TACTICS
ELECTRONIC FRAUD TACTICS
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual Report
 

Similar to Why do THEY want your digital devices?

Safer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and ResponseSafer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and Response
Stephen Cobb
 
Data security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigationData security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigation
Nick Chandi
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Seccuris Inc.
 
Telesign impermium webinar deck-121312
Telesign impermium webinar deck-121312Telesign impermium webinar deck-121312
Telesign impermium webinar deck-121312
Dean Nicolls
 
Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2
Management Insights LLC
 
Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012
Creus Moreira Carlos
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
Carahsoft
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
Keshab Nath
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
Ramesh Nagappan
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
jikbal
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-final
Marco Morana
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Amazon Web Services
 
Stu w25 a
Stu w25 aStu w25 a
Stu w25 a
SelectedPresentations
 
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyDriving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your Enemy
First Atlantic Commerce
 
Taveau cartes2012 speaker
Taveau cartes2012 speakerTaveau cartes2012 speaker
Taveau cartes2012 speaker
Sebastien Taveau ஃ
 
Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...
Keynectis
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
Avishek Datta
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflame
Venafi
 
Identity Theft
Identity TheftIdentity Theft
Identity Theft
Simpletel
 
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to doNEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
New England Direct Marketing Association, Inc.
 

Similar to Why do THEY want your digital devices? (20)

Safer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and ResponseSafer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and Response
 
Data security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigationData security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigation
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
 
Telesign impermium webinar deck-121312
Telesign impermium webinar deck-121312Telesign impermium webinar deck-121312
Telesign impermium webinar deck-121312
 
Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2
 
Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-final
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
 
Stu w25 a
Stu w25 aStu w25 a
Stu w25 a
 
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyDriving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your Enemy
 
Taveau cartes2012 speaker
Taveau cartes2012 speakerTaveau cartes2012 speaker
Taveau cartes2012 speaker
 
Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflame
 
Identity Theft
Identity TheftIdentity Theft
Identity Theft
 
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to doNEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
 

More from ESET

ESET Cybersecurity students
ESET Cybersecurity studentsESET Cybersecurity students
ESET Cybersecurity students
ESET
 
ESET Cybersecurity training
ESET Cybersecurity trainingESET Cybersecurity training
ESET Cybersecurity training
ESET
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?
ESET
 
#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...
#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...
#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...
ESET
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear Den
ESET
 
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...
ESET
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection Regulation
ESET
 
Bootkits: Past, Present & Future - Virus Bulletin
Bootkits: Past, Present & Future - Virus BulletinBootkits: Past, Present & Future - Virus Bulletin
Bootkits: Past, Present & Future - Virus Bulletin
ESET
 
Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015
ESET
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
ESET
 
Shopping Online
Shopping OnlineShopping Online
Shopping Online
ESET
 
Banking Online
Banking OnlineBanking Online
Banking Online
ESET
 
Is Anti-Virus Dead?
Is Anti-Virus Dead?Is Anti-Virus Dead?
Is Anti-Virus Dead?
ESET
 
Is Linux/Moose endangered or extinct?
Is Linux/Moose endangered or extinct? Is Linux/Moose endangered or extinct?
Is Linux/Moose endangered or extinct?
ESET
 
Unpack your troubles*: .NET packer tricks and countermeasures
Unpack your troubles*: .NET packer tricks and countermeasuresUnpack your troubles*: .NET packer tricks and countermeasures
Unpack your troubles*: .NET packer tricks and countermeasures
ESET
 
ESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business ProductsESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business Products
ESET
 
ESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to Enterprises
ESET
 
ESET: Delivering Benefits to Medium and Large Businesses
ESET: Delivering Benefits to Medium and Large BusinessesESET: Delivering Benefits to Medium and Large Businesses
ESET: Delivering Benefits to Medium and Large Businesses
ESET
 
#DoMore with ESET
#DoMore with ESET#DoMore with ESET
#DoMore with ESET
ESET
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat Review
ESET
 

More from ESET (20)

ESET Cybersecurity students
ESET Cybersecurity studentsESET Cybersecurity students
ESET Cybersecurity students
 
ESET Cybersecurity training
ESET Cybersecurity trainingESET Cybersecurity training
ESET Cybersecurity training
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?
 
#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...
#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...
#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear Den
 
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection Regulation
 
Bootkits: Past, Present & Future - Virus Bulletin
Bootkits: Past, Present & Future - Virus BulletinBootkits: Past, Present & Future - Virus Bulletin
Bootkits: Past, Present & Future - Virus Bulletin
 
Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Shopping Online
Shopping OnlineShopping Online
Shopping Online
 
Banking Online
Banking OnlineBanking Online
Banking Online
 
Is Anti-Virus Dead?
Is Anti-Virus Dead?Is Anti-Virus Dead?
Is Anti-Virus Dead?
 
Is Linux/Moose endangered or extinct?
Is Linux/Moose endangered or extinct? Is Linux/Moose endangered or extinct?
Is Linux/Moose endangered or extinct?
 
Unpack your troubles*: .NET packer tricks and countermeasures
Unpack your troubles*: .NET packer tricks and countermeasuresUnpack your troubles*: .NET packer tricks and countermeasures
Unpack your troubles*: .NET packer tricks and countermeasures
 
ESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business ProductsESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business Products
 
ESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to Enterprises
 
ESET: Delivering Benefits to Medium and Large Businesses
ESET: Delivering Benefits to Medium and Large BusinessesESET: Delivering Benefits to Medium and Large Businesses
ESET: Delivering Benefits to Medium and Large Businesses
 
#DoMore with ESET
#DoMore with ESET#DoMore with ESET
#DoMore with ESET
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat Review
 

Recently uploaded

How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
flufftailshop
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Jeffrey Haguewood
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 

Recently uploaded (20)

How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 

Why do THEY want your digital devices?

  • 1. Why THEY want your digital devices Stephen Cobb, CISSP Security Evangelist
  • 3. 36 ways to abuse hacked devices • Phishing site • Spam zombie • Malware download site • DDoS extortion zombie • Warez piracy server Web Botnet • Click fraud zombie • Child porn server server activity • Anonymization proxy • Spam site • CAPTCHA solving zombie • Harvest email contacts • eBay/PayPal fake auctions • Harvest associated accounts • Online gaming credentials • Access to corporate email Email Account • Website FTP credentials • Webmail spam attacks credentials • Skype/VoIP credentials • Stranded abroad scams • Encryption certificates • Online gaming characters • Bank account data • Online gaming goods/$$$ Virtual Financial • Credit card data • PC game license keys goods credentials • Stock and 401K accounts • OS license key • Wire transfer data • Facebook • Fake antivirus • Twitter Reputation Hostage • Ransomware • LinkedIn hijacking attacks • Email account ransom • Google+ • Webcam image extortion Based on original work by Brian Krebs: krebsonsecurity.com
  • 4. MONEY ADVANTAGE IMPACT CREDENTIALS
  • 5. 720 breaches by size of organization (employees) Over 100,000 10,001 to 100,000 1,001 to 10,000 101 to 1,000 11 to 100 1 to 10 SMBs 0 100 200 300 400 500 600 Verizon 2012 Data Breach Investigations Report
  • 6. The SMB sweet spot for the cyber- criminally inclined Big enterprise Assets SMB “sweet spot” worth looting Consumers Level of protection
  • 7. How do they get to your devices? 1. Malware involved in 69% of breaches 2. Hacking* used in 81% of breaches Breaches combining malware and hacking: 61% *80% of hacking is passwords: default, missing, guessed, stolen, cracked Verizon 2012 Data Breach Investigations Report
  • 8. Tools of the trade
  • 9.
  • 10. Thriving markets for credentials
  • 11. Hot markets for hacked devices
  • 12. All driven by proven business strategies
  • 13. So how do you defend your devices? Two main attacks…. …and defenses Malware Scanning Hacking Authentication
  • 14. Scanning requires proper implementation Measures in use at a sample of healthcare facilities Require AV on mobile devices Scan devices prior to connection Scan devices while connected 0% 10% 20% 30% 40% Ponemon Institute Third Annual Benchmark Study on Patient Privacy & Data Security
  • 15. Authentication requires more than passwords Passwords exposed in 2012: 75,000,000 And those are just the ones we know about Need to add a second factor to authentication
  • 16. The defenses you need Malware SMART Scanning Hacking STRONG Authentication Plus polices and training to implement effectively
  • 17. Thank you! Stephen Cobb  stephen.cobb@eset.com WeLiveSecurity.com

Editor's Notes

  1. Money + Access + Kicks = Credentials