INDUSTRY OVERVIEW: FINANCIAL

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "INDUSTRY OVERVIEW: FINANCIAL"

Transcription

1 ii IBM MSS INDUSTRY OVERVIEW: FINANCIAL RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: NOVEMBER 5, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER

2 iii TABLE OF CONTENTS EXECUTIVE OVERVIEW... 1 MAJOR FINANCIAL DATA BREACHES... 1 METHODS OF FINANCIAL DATA LOSS... 2 METHODS OF ATTACK... 4 HEARTBLEED... 4 MALWARE... 4 POPULAR BANKING TROJANS... 5 WEB APPLICATION ATTACKS... 5 MALICIOUS WEBSITES & SPEAR PHISHING... 6 DEFAULT PASSWORDS... 6 RECOMMENDATIONS/MITIGATION TECHNIQUES... 6 CONTRIBUTORS... 7 REFERENCES... 7 DISCLAIMER... 7

3 1 EXECUTIVE OVERVIEW Why do bank robbers rob banks? Well, That s where the money is. --Willie Sutton. While the origin of this quote is up for debate, the message is not, especially, in today's connected world. Criminals have been targeting financial institutions since the existence of the first bank. It's simply the quickest route to the money. In more recent years though, the risk to reward ratio for physical bank robbery has become much less appealing as security measures have increased considerably. What's a criminal entrepreneur to do? Not enter the bank, of course. Cyber attacks targeting financial institutions are becoming increasingly more effective. Not only is there a larger target area with all the interconnected systems, but criminals can also attack the customers of the bank. ATMs, online banking, payment systems, and retail Pointof-Sale (POS) systems are all points of potential weakness in the long chain of money transfer. Criminals are targeting you, the customer, and your money. Hence, not only do modern banks have to protect their own infrastructure, they have an obligation to monitor and protect the finances and identities of millions of people globally. This report is going to take a close look at financial data breaches, popular banking Trojans, and other methods of attack gleamed from IBM s MSS world-wide event data. MAJOR FINANCIAL DATA BREACHES According to the Privacy Rights Clearinghouse, nearly 460 million financial records have been leaked, lost, or stolen in the United States. While this may seem like an incredibly high number, the majority of it falls on two major data breaches. Court Ventures tops the charts as one of the largest data leaks to date with a reported 200,000,000 records stolen, which contributed greatly to the spike in the fall of 2013 as observed below in Figure 1. Although this is recorded as "unintended disclosure", it also has an element of insider threat. Through a very tangled web of information/data sharing, the criminal was able to gain access to the records through Court Ventures who also had a partnership with US Info Search. The criminal posed as a private investigator out of Singapore and gained access to all the records needed. The intent was to resell this data to the underground market for the purpose of identity theft. Criminals used the information to open new credit lines, loans and in other ways to put cash in their pockets. This data breach emphasizes the need to focus on the "money trail", which is often hard to monitor due to constant acquisitions that are common in the financial industry. Even the most rigorous auditing can often leave gaps in security practices and compliance.

4 2 Figure 1. Timeline of number of financial records lost in the United States since i The second major financial security breach reported in recent years targeted Heartland Payment Systems. Albert Gonzalez is now serving a 20 year sentence for hacking this company where a reported 1.5 million credit card numbers were stolen. He formerly belonged to "Shadowcrew", an international group of hackers with strong ties to Eastern Europe. Areas such as Odessa, Ukraine are a hot bed for fraudulent credit card activity. SQL Injection was used to gain access to the network of payments systems and install a RAT (Remote Administration Tool) to further penetrate and leak the targeted data. This technique is one of the leading causes of data loss for all top industries. It's an incredibly versatile attack and often goes undetected without proper mechanisms in place such as IDS or SQL monitoring software. IBM MSS Threat Research Group has published papers on the subject that help outline how attacks like this are carried out and how to help protect against them. METHODS OF FINANCIAL DATA LOSS Mining the public records for data loss reveals key insights into how exactly financial institutions are leaking customer data. There are many different ways that data is lost or stolen as indicated in Figure 2 below. In the data breach examples above, the methods used varied yet both were extremely successful attacks.

5 3 Figure 2. Breakdown of number of financial records lost and method of loss in the United States since ii As shown in Figure 3 below, the majority of the losses are the result or organizations disclosing information unintentionally. However, many states are still struggling to fight the cyber threat aspect of the attacks. Figure 3. Number of records lost by state since 2005 and type of attack. iii

6 4 METHODS OF ATTACK Managed Security Services has a wealth of information from our worldwide sensor network to see how attacks against any organization are being carried out. Let s take a look at the financial industry specifically. Figure 4. The majority of attacks seen against the financial industry via IDS signatures in iv HEARTBLEED Thankfully Heartbleed didn't create enough volume to make our top attacks chart, however it was the most significant attack we witnessed against the financial industry in Banking systems rely on encryption protocols and often use OpenSSL to secure customer data. The stealthy nature of this attack and the abundance of tools to exploit it resulted in a low cost, high return investment to the attacker. Most of the world s vulnerable systems to the attack have been subsequently patched; however it s critical that your entire network is patched. MALWARE Malware, targeted attacks, and advanced adversaries, while not specifically shown in our data, pose an incredible threat to the financial sector. As shown in Figure 3, it is the second largest method of financial records loss in the United States since Custom-made malware designed to target and infiltrate specific organizations are on the

7 5 rise. They are designed to evade all current detection mechanisms and blend in with every day functionality in an organization. This type of malware could be easily brought in by an advanced adversary with the knowledge and funding to complete their objective, penetration into the network. Attackers are not only directly targeting the banking systems - there is an entire economy behind banking Trojans. Much of the malware is bought and sold on the underground markets and have become incredibly simple to use and set up. Below are some of the most common and popular banking Trojans we see targeting customers networks. POPULAR BANKING TROJANS ZEUS: One of the original Trojans specifically targeting online banking. It has gone through many iterations from the original 1.0, expanding its capability in version 2.0. This is a "full service" Trojan and does not only contain the malware itself, but also toolkits that allow for customization and building. These toolkits even include software to control the malware. On top of these "features", Zeus often comes included with tools to host your own malicious website to lure victims into your control. For many years, the source code for Zeus has been leaked and it's become the basis of many more modern variants such as Gameover Zeus. This variant utilizes P2P to diversify its command and control as well as many more new tricks to maintain control of infected machines. CITADEL: Arguably, Citadel uses source code and techniques based on Zeus however, adds even more capability into the mix. It has the ability to use AES encryption not only on its configuration file, but on its Command and Control as well. It also uses a very clever way to hook into web browsers in order to inject instructions specifically designed to mimic your online bank or steal the credentials passed into it. To further the infection, it has a built in keystroke logger as well as an and FTP login credential stealer. It's incredibly versatile and can add on any further modules such as a video capture service that can record video from your screen and send it to the attacker s command and control. Carberp: This Trojan has its roots in more traditional capability. It was designed to remotely steal users sensitive data. One of the more advanced features of this Trojan is its rootkit capability that allows the Trojan to remain deep in the infected machine and evade detection. This malware also comes with a slew of plugins furthering the capability to remove AV and competing infections such as Zeus. With strong encryption capability and bundling with the Blackhole exploit kit, infections of this Trojan rapidly expanded. Its capability allows capturing of banking credentials and ransomware type scams. WEB APPLICATION ATTACKS Web applications are a high target via Command & SQL Injection against public and non-public facing sites. The softest target in any organization will always be their web sites and SQL databases. While much of the banking industry uses rigorous vulnerability scanning and penetration testing, holes can often still remain. Techniques and

8 6 tools appear as rapidly as the vulnerabilities they exploit. MALICIOUS WEBSITES & SPEAR PHISHING Malicious websites are utilized by attackers as a method to gain internal access into critical systems. Malicious websites are a concern for all industries, as they allow attackers to penetrate networks and potentially evade the perimeter defenses of an organization. Sophisticated spear phishing is often utilized to target personnel inside the network, specifically in the area they want to obtain data from. These attacks often utilize malicious PDFs with payloads that contain malware or send the victim to a malicious website. RATS are typically the payload, giving the attacker full control of the victim s system including access to the webcam and microphone. Penetration into connected systems would follow along with burying more malware to remain a persistent foothold within the network. DEFAULT PASSWORDS One alarming statistic from our data is that many organizations are using default passwords on systems such as their MySQL databases. It is imperative for organizations to thoroughly audit all of its connected devices and take the steps to configure them properly. Password rotation is absolutely critical to maintain reliable security at the very basic level. Once attackers penetrate a network, they often have a static list pulled at the time of penetration. Rotating these passwords can help stop further infiltration or at the very least, slow the attacker. RECOMMENDATIONS/MITIGATION TECHNIQUES This is an area where security intelligence is a must. It is critical that organizations understand the adversaries they face every day - from what their capability and motivations are, to where they attack from. Having this knowledge can help financial companies keep one step ahead of criminals and bolster internal and external detection and protection mechanisms. The data breach incidents highlighted in this report are just two of hundreds that have affected the financial industry in the last several years. Lessons learned from these incidents are applicable to the entire industry. First, the insider threat is a legitimate concern facing organization s today. It is important to monitor employee activity in order to identify misuse. Limit unauthorized access by disabling default user names and passwords. Require unique ID and passwords and preferably implement two-factor authentication. Critical systems should be contained in their own segment within an organization s network and closely monitored for suspicious activity. The second data breach and our attack data provide another lesson learned SQL injection is one of the largest concerns facing not only the financial industry, but all industries. Vulnerability scanning and penetration testing are key to mitigating this threat. IBM has a very reliable and robust set of rules within its SIEM environment allowing

9 7 nearly a %100 accuracy rate of SQL injection detection. More SQL injection recommendations can be obtained from our report SQL Injection Input Validation located on the MS Threat Research Papers web site (see references). Heartbleed is an example of a threat where timely deployment of routine validated security patches goes a long way to limiting the pervasiveness of particular threats. Malware including Trojans specifically targeting banks also continue to pose a significant threat to the financial industry. Use anti-virus and other host based protections as suitable. Disable unneeded services and ports. Unintended disclosure is the largest method of data loss for the financial industry in the United States. It is important for organizations to update cyber incident response policies and facility crisis management plans to incorporate cyber security scenarios. Providing training on these policies is also a critical step towards educating employees on how to prevent the disclosure of financial data. CONTRIBUTORS Michelle Alvarez - Researcher/Editor, Threat Research Group Nick Bradley Practice Lead, Threat Research Group REFERENCES https://portal.sec.ibm.com/mss/html/en_us/support_resources/threat_papers.html DISCLAIMER This document is intended to inform clients of IBM Security Services of a threat or discovery by IBM Managed Security Services and measures undertaken or suggested by IBM Security Service Teams to remediate the threat. The data contained herein describing tactics, techniques and procedures is classified Confidential for the benefit of IBM MSS clients only. This information is provided AS IS, and without warranty of any kind. i Chronology of Data Breaches Security Breaches 2005-Present, Privacy Rights Clearinghouse. ii Chronology of Data Breaches Security Breaches 2005-Present, Privacy Rights Clearinghouse. iii Chronology of Data Breaches Security Breaches 2005-Present, Privacy Rights Clearinghouse. iv 2014 IDS Data, IBM Managed Security Services.

INDUSTRY OVERVIEW: HEALTHCARE

INDUSTRY OVERVIEW: HEALTHCARE ii IBM MSS INDUSTRY OVERVIEW: HEALTHCARE RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS...

More information

INDUSTRY OVERVIEW: RETAIL

INDUSTRY OVERVIEW: RETAIL ii IBM MSS INDUSTRY OVERVIEW: RETAIL RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: JANUARY 5, 215 BY: DAVID MCMILLEN, SENIOR THREAT RESEARCHER Copyright IBM Corporation 214. All rights reserved. IBM and

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. 2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. Entry Name HFA Submission Contact Phone Email Qualified Entries must be received by

More information

Common Cyber Threats. Common cyber threats include:

Common Cyber Threats. Common cyber threats include: Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...

More information

THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS

THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What

More information

2012 Data Breach Investigations Report

2012 Data Breach Investigations Report 2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting & Information

More information

Anti-exploit tools: The next wave of enterprise security

Anti-exploit tools: The next wave of enterprise security Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of

More information

IBM Security Strategy

IBM Security Strategy IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration

More information

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008 Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities

More information

A Case for Managed Security

A Case for Managed Security A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction

More information

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security The IT Security Office (ITSO) What We Do? Risk Assessment Network and System Security Monitoring Vulnerability Scanning

More information

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference

More information

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more

More information

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

Protect Your Business and Customers from Online Fraud

Protect Your Business and Customers from Online Fraud DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently

More information

Beyond the Hype: Advanced Persistent Threats

Beyond the Hype: Advanced Persistent Threats Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

Perspectives on Cybersecurity in Healthcare June 2015

Perspectives on Cybersecurity in Healthcare June 2015 SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright

More information

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark Villinski @markvillinski

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark Villinski @markvillinski TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY Mark Villinski @markvillinski Why do we have to educate employees about cybersecurity? 2014 Corporate Threats Survey 94% of business s suffered one

More information

IBM Security re-defines enterprise endpoint protection against advanced malware

IBM Security re-defines enterprise endpoint protection against advanced malware IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex

More information

Franchise Data Compromise Trends and Cardholder. December, 2010

Franchise Data Compromise Trends and Cardholder. December, 2010 Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee

More information

Cyber liability threats, trends and pointers for the future

Cyber liability threats, trends and pointers for the future Cyber liability threats, trends and pointers for the future Tim Smith Partner, BLM t: 020 7865 3313 e: tim.smith@blm-law.com February 2013 Cyber liability threats, trends and pointers for the future The

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

Presented by Evan Sylvester, CISSP

Presented by Evan Sylvester, CISSP Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information

More information

Impact of Data Breaches

Impact of Data Breaches Research Note Impact of Data Breaches By: Divya Yadav Copyright 2014, ASA Institute for Risk & Innovation Applicable Sectors: IT, Retail Keywords: Hacking, Cyber security, Data breach, Malware Abstract:

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

Trust the Innovator to Simplify Cloud Security

Trust the Innovator to Simplify Cloud Security Trust the Innovator to Simplify Cloud Security Contents MailGuard Pty Ltd Page 1 of 7 2 Let s get real for a moment. Your antivirus software isn t stopping fastbreak phishing and other spam attacks like

More information

The Top Web Application Attacks: Are you vulnerable?

The Top Web Application Attacks: Are you vulnerable? QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

Malware Analysis Summary: Dyre. F5 Security Operations Center November 2014

Malware Analysis Summary: Dyre. F5 Security Operations Center November 2014 Malware Analysis Summary: Dyre F5 Security Operations Center November 2014 WHY MALWARE MATTERS Long gone are the days when fraud was perpetrated primarily by forging checks or IDs to assume a stolen identity.

More information

1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches.

1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches. Part 1: Internal & External Data Breach Vulnerabilities Presented on: Thursday, February 12, 2 3 ET Co presented by: Ann Davidson VP of Risk Consulting at Allied Solutions Joe Majka CSO at Verifone 1 Breakdown

More information

Why The Security You Bought Yesterday, Won t Save You Today

Why The Security You Bought Yesterday, Won t Save You Today 9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About

More information

Data Breach Lessons Learned. June 11, 2015

Data Breach Lessons Learned. June 11, 2015 Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin

More information

Symantec Advanced Threat Protection: Network

Symantec Advanced Threat Protection: Network Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How

More information

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA

More information

I ve been breached! Now what?

I ve been breached! Now what? I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have

More information

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper Safeguarding data through increased awareness November 2015 1 Contents Executive Summary 3 Introduction 4 Martime Security 5 Perimeters Breached

More information

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon

More information

ENABLING FAST RESPONSES THREAT MONITORING

ENABLING FAST RESPONSES THREAT MONITORING ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,

More information

The Key to Secure Online Financial Transactions

The Key to Secure Online Financial Transactions Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on

More information

MITIGATING LARGE MERCHANT DATA BREACHES

MITIGATING LARGE MERCHANT DATA BREACHES MITIGATING LARGE MERCHANT DATA BREACHES Tia D. Ilori Ed Verdurmen January 2014 1 DISCLAIMER The information or recommendations contained herein are provided "AS IS" and intended for informational purposes

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

IBM Security Services 2014 Cyber Security Intelligence Index

IBM Security Services 2014 Cyber Security Intelligence Index IBM Global Technology Services Managed Security Services Research Report IBM Security Services 2014 Cyber Security Intelligence Index Analysis of cyber attack and incident data from IBM s worldwide security

More information

Under the Hood of the IBM Threat Protection System

Under the Hood of the IBM Threat Protection System Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE balazs.csendes@cz.ibm.com 1 You are an... IT Security Manager at a retailer

More information

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and

More information

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

More information

V ISA SECURITY ALERT 13 November 2015

V ISA SECURITY ALERT 13 November 2015 V ISA SECURITY ALERT 13 November 2015 U P DATE - CYBERCRIMINALS TARGE TING POINT OF SALE INTEGRATORS Distribution: Value-Added POS Resellers, Merchant Service Providers, Point of Sale Providers, Acquirers,

More information

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer

More information

KEY STEPS FOLLOWING A DATA BREACH

KEY STEPS FOLLOWING A DATA BREACH KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,

More information

SPEAR PHISHING AN ENTRY POINT FOR APTS

SPEAR PHISHING AN ENTRY POINT FOR APTS SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing

More information

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent

More information

UNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)

UNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC) Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC) Cyber in the News 1 Tactics, Techniques and Procedures These observed tactics, techniques

More information

Global Partner Management Notice

Global Partner Management Notice Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with

More information

Breach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security

Breach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security Breach Findings for Large Merchants 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security Disclaimer The information or recommendations contained herein are

More information

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey

More information

How We're Getting Creamed

How We're Getting Creamed ed Attacks How We're Getting Creamed By Ed Skoudis June 9, 2011 ed Attacks - 2011 Ed Skoudis 1 $ cut -f5 -d: /etc/passwd grep -i skoudis Ed Skoudis Started infosec career at Bellcore in 1996 working for

More information

The Five Most Common Cyber-Attack Myths Debunked

The Five Most Common Cyber-Attack Myths Debunked cybereason The Five Most Common Cyber-Attack Myths Debunked 2016 Cybereason. All rights reserved. 1 Cyber attacks show no sign of decreasing any time soon. If anything, hackers have expanded the type of

More information

Protecting Data From the Cyber Theft Pandemic. A FireEye Whitepaper - April, 2009

Protecting Data From the Cyber Theft Pandemic. A FireEye Whitepaper - April, 2009 Protecting Data From the Cyber Theft Pandemic A FireEye Whitepaper - April, 2009 Table of Contents Executive Summary Page 3 Today s Insider Threat Is Stealth Malware Page 3 Stealth Malware Attacks Are

More information

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security 2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.

More information

FERPA: Data & Transport Security Best Practices

FERPA: Data & Transport Security Best Practices FERPA: Data & Transport Security Best Practices April 2013 Mike Tassey Privacy Technical Assistance Center FERPA and Data Security Unlike HIPAA and other similar federal regulations, FERPA does not require

More information

SPEAR-PHISHING ATTACKS

SPEAR-PHISHING ATTACKS SPEAR-PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM WHITE PAPER RECENTLY, THERE HAS BEEN A RAPID AND DRAMATIC SHIFT FROM BROAD SPAM ATTACKS TO TARGETED EMAIL-BASED-PHISHING CAMPAIGNS THAT

More information

Getting Ahead of Malware

Getting Ahead of Malware IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,

More information

Advanced Threat Protection

Advanced Threat Protection Advanced Threat Protection DR151026D December 2015 Miercom www.miercom.com Contents Executive Summary... 3 Overview... 4 Methodology... 5 Results Summary... 9 Fair Test Notification... 13 About Miercom...

More information

Defending Against Cyber Attacks with SessionLevel Network Security

Defending Against Cyber Attacks with SessionLevel Network Security Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015 Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

When less is more (Spear-Phishing and Other Methods to Steal Data) Alexander Raczyński

When less is more (Spear-Phishing and Other Methods to Steal Data) Alexander Raczyński When less is more (Spear-Phishing and Other Methods to Steal Data) Alexander Raczyński 1 Agenda Spear-Fishing the new CEO Fear How to Fight Spear-Fishing It s All About the Data Evolution of the bad guys

More information

Weekly Briefing. June 24 th 2016 NOT PROTECTIVELY MARKED

Weekly Briefing. June 24 th 2016 NOT PROTECTIVELY MARKED Weekly Briefing June 24 th 2016 Investigation Update Network Intrusion and Website Defacement Advice Ransomware attack Advice Current Threats Angler Exploit drop off Advice Critical Cisco Security Advisory

More information

Property of Secure Network Technologies-Do Not Distribute or Post Without Written Permission-Copyrights and Trademark Apply

Property of Secure Network Technologies-Do Not Distribute or Post Without Written Permission-Copyrights and Trademark Apply Malware - Mules & Money Mobile Edition v2.0 By Steve Stasiukonis What We Do Security Assessments & Penetration Tests Incident Response Digital Investigation & Forensic Services Technical Surveillance Countermeasure

More information

Advanced Persistent Threats

Advanced Persistent Threats White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

Advanced Analytics For Real-Time Incident Response A REVIEW OF THREE KNOWN CASES AND THE IMPACT OF INVESTIGATIVE ANALYTICS

Advanced Analytics For Real-Time Incident Response A REVIEW OF THREE KNOWN CASES AND THE IMPACT OF INVESTIGATIVE ANALYTICS Advanced Analytics For Real-Time Incident Response A REVIEW OF THREE KNOWN CASES AND THE IMPACT OF INVESTIGATIVE ANALYTICS Introduction Every year, cyber criminals become stronger and more sophisticated

More information

Cybersecurity Awareness. Part 1

Cybersecurity Awareness. Part 1 Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat

More information

Applying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.

Applying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security. Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan Agenda Current Threat Landscape The 80/20 Approach Achieving

More information

Understanding SCADA System Security Vulnerabilities

Understanding SCADA System Security Vulnerabilities Understanding SCADA System Security Vulnerabilities Talking Points Executive Summary Common Misconceptions about SCADA System Security Common Vulnerabilities Affecting SCADA Networks Tactics to Strengthen

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Advanced Persistent Threats

Advanced Persistent Threats Emilio Tonelli Senior Sales Engineer South Europe WatchGuard Technologies, Inc. Advanced Persistent Threats the new security challenge Are you protected? Current Threat Landscape 2 Global Threat Landscape:

More information

DeltaV Cyber Security Solutions

DeltaV Cyber Security Solutions TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital

More information

FSOEP Web Banking & Fraud: Corporate Treasury Attacks

FSOEP Web Banking & Fraud: Corporate Treasury Attacks FSOEP Web Banking & Fraud: Corporate Treasury Attacks Your Presenters Who Are We? Tim Wainwright Managing Director Chris Salerno Senior Consultant Led 200+ penetration tests Mobile security specialist

More information

IT Security Risks & Trends

IT Security Risks & Trends IT Security Risks & Trends Key Threats to All Businesses 1 1 What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical contractor Health

More information

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding

More information

Security Challenges and Solutions for Higher Education. May 2011

Security Challenges and Solutions for Higher Education. May 2011 Security Challenges and Solutions for Higher Education May 2011 Discussion Topics Security Threats and Challenges Education Risks and Trends ACH and Wire Fraud Malware and Phishing Techniques Prevention

More information

Penetration Testing Report Client: Business Solutions June 15 th 2015

Penetration Testing Report Client: Business Solutions June 15 th 2015 Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com

More information

Comprehensive Advanced Threat Defense

Comprehensive Advanced Threat Defense 1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information

Security strategies to stay off the Børsen front page

Security strategies to stay off the Børsen front page Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the

More information

New PCI Standards Enhance Security of Cardholder Data

New PCI Standards Enhance Security of Cardholder Data December 2013 New PCI Standards Enhance Security of Cardholder Data By Angela K. Hipsher, CISA, QSA, Jeff A. Palgon, CPA, CISSP, QSA, and Craig D. Sullivan, CPA, CISA, QSA Payment cards a favorite target

More information

Session 30. IT Security: Threats, Vulnerabilities and Countermeasures. Phillip Loranger, DoED CISO Robert Ingwalson, FSA CISO

Session 30. IT Security: Threats, Vulnerabilities and Countermeasures. Phillip Loranger, DoED CISO Robert Ingwalson, FSA CISO Session 30 IT Security: Threats, Vulnerabilities and Countermeasures Phillip Loranger, DoED CISO Robert Ingwalson, FSA CISO New Cyber Security World New threats New tools and services to protect New organization

More information

Advanced Persistent Threats

Advanced Persistent Threats Advanced Persistent Threats Craig Harwood Channel Manager SADC and Indian Ocean Islands 1 Agenda Introduction Today s Threat landscape What is an Advance persistent Threat How are these crimes perpetrated

More information

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

Database Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com

Database Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com Database Auditing: Best Practices Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com Verizon 2009 Data Breach Investigations Report: 285 million records were compromised

More information

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have

More information