Social Engineering It's Not All That Simple
|
|
- Philippa Conley
- 3 years ago
- Views:
Transcription
1 Social Engineering 101 or The Art of How You Got Owned by That Random Stranger Steven Ha/ield Security Systems Senior Advisor Dell 4/25/2015
2 About Me 8 year Army veteran Currently studying for Bachelors of Science in CyberSecurity at UMUC 4 year Security Goon at DEF CON 3 year Social Engineer Village volunteer at DEF CON 1 year Security staff at Derbycon 2
3 LEGAL DISCLAIMER 3
4 Social Engineering 101 DefiniXons History Social Engineering Framework SET Social Engineering Toolkit Categories Examples ProtecXon Resources QuesXons 4
5 DefiniEon Social Engineering (SE) is a blend of science, psychology and art. While it is amazing and complex, it is also very simple. We define it as, Any act that influences a person to take an ac2on that may or may not be in their best interest. We have defined it in very broad and general terms because we feel that social engineering is not always negaxve, but encompasses how we communicate with our parents, therapists, children, spouses and others. hdp:// engineer.org/ 5
6 DefiniEon Social engineering is the art of manipulaxng people so they give up confidenxal informaxon. The types of informaxon these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank informaxon, or access your computer to secretly install malicious sofware that will give them access to your passwords and bank informaxon as well as giving them control over your computer. hdp:// shopping- banking/secure- what- is- social- engineering 6
7 7
8 History The term sociale ingenieurs was introduced in an essay by the Dutch industrialist J.C. Van Marken in The idea was that modern employers needed the assistance of specialists "social engineers" in handling the human problems of the planet, just as they needed technical experxse (ordinary engineers) to deal with the problems of dead mader (materials, machines, processes). 8
9 Social Engineering Framework Social Engineering Defined Why Adackers Might Use Social Categories of Social Engineers Engineering Hackers Typical Goals PenetraXon Testers The Adack Cycle Spies or Espionage Common Adacks IdenXty Thieves Customer Service Disgruntled Employees Delivery Person InformaXon Brokers Phone Scam ArXsts Tech Support ExecuXve Recruiters Real World Examples Sales People Con Men Governments Crime VicXms Everyday People Phishing PoliXcians 9
10 SET Social Engineer Toolkit The Social- Engineer Toolkit (SET) was created and wriden by the founder of TrustedSec. It is an open- source Python- driven tool aimed at penetraxon tesxng around Social- Engineering. SET has been presented at large- scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social- engineering penetraxon tests and supported heavily within the security community. The Social- Engineer Toolkit has over 2 million downloads and is aimed at leveraging advanced technological adacks in a social- engineering type environment. TrustedSec believes that social- engineering is one of the hardest adacks to protect against and now one of the most prevalent. The toolkit has been featured in a number of books including the number one best seller in security books for 12 months since its release, Metasploit: The PenetraXons Tester s Guide wriden by TrustedSec s founder as well as Devon Kearns, Jim O Gorman, and MaX Aharoni. 10
11 11
12 12
13 Examples - Common Customer Service Delivery Person Phone Tech Support Con Men Crime VicEms Phishing PoliEcians 13
14 Examples - Real World The Overconfident CEO In one case study, Hadnagy outlines how he was hired as an SE auditor to gain access to the servers of a prinxng company which had some proprietary processes and vendors that compextors were afer. In a phone meexng with Hadnagy's business partner, the CEO informed him that "hacking him would be next to impossible" because he "guarded his secrets with his life. "He was the guy who was never going to fall for this," said Hadnagy. "He was thinking someone would probably call and ask for his password and he was ready for an approach like that. hdp:// engineering/social- engineering examples- of- human- hacking.html 14
15 Examples - Real World The theme- park scandal The target in this next case study was a theme park client that was concerned about potenxal compromise of its XckeXng system. The computers used to check- in patrons also contained links to servers, client informaxon and financial records. The client was concerned that if a check- in computer was compromised, a serious data breach might occur. Hadnagy started his test by calling the park, posing as a sofware salesperson. He was offering a new type of PDF- reading sofware, which he wanted the park to try through a trial offer. He asked what version they were currently using, got the informaxon easily, and was ready for step two. hdp:// engineering/social- engineering examples- of- human- hacking.html 15
16 Examples - Real World The hacker is hacked Hadnagy gives a third example showing how social engineering was used for defensive purposes. He profiles 'John,' a penetraxon tester hired to conduct a standard network pen test for a client. He ran scan using Metasploit, which revealed an open VNC (virtual network compuxng) server, a server that allows control of other machines on the network. He was documenxng the find with the VNC session open when, suddenly, in the background, a mouse began to move across the screen. John new it was a red flag because at the Xme of day this was happening, no user would be connected to the network for a legixmate reason. He suspected an intruder was on the network. hdp:// engineering/social- engineering examples- of- human- hacking.html 16
17 Examples - Real World Price- Matching Scam 17
18 Examples - Real World Evil Maid aqacks 18
19 Examples - Real World Stuxnet Stuxnet delivered via USB sxcks lef around the Iranian site in a classic "social engineering" adack used unpatched Windows vulnerabilixes to get inside the SCADA at Iran's Natanz enrichment plant. It then injected code to make a PLC speed up and slow down centrifuge motors wrecking more than 400 machines. Siemens made both the SCADA (WinCC) and the PLC (S7-300) adacked by Stuxnet. hdp:// stuxnet- analysis- finds- more- holes- in- crixcal- sofware.html 19
20 Examples - Real World Sing- o- gram - Michelle from SE crew Next, Chris and I packed our dark glasses and super- spy cameras and headed to the client s locaxons. Four buildings, three days, two states, no sleep. This parxcular client faces some big challenges when it comes to physical plant security, not the least of which is sharing buildings with other companies and retailers open to the general public. Despite having a great physical security team and RFID badging, we were able to gain access to most of their secured locaxons pretexxng as inspectors and yes, a singing telegram (I ll let you guess who got to do that one). We didn t really need to do a lot of sneaky stuff; we took advantage of high traffic Xmes and locaxons, acted like we belonged there, and exploited people s general helpfulness. Using these principles, we accessed areas such their corporate mailroom, NOC, and execuxve offices and roamed freely without ever being stopped. hdp:// engineer.org/newsleder/social- engineer- newsleder- vol- 05- issue- 57/ 20
21 Examples - Real World News Reporter - Bob I've goden myself into a building by claiming to be interviewing them for a blog and then spending all day taking pictures and plugging flashdrives in to print stuff 21
22 ProtecEon Obviously, never give out confidenxal informaxon. Safeguard even inconsequenxal informaxon about yourself. Lie to security quesxons, and remember your lies. View every password reset with skepxcism. Watch your accounts and account acxvity. Diversify passwords, crixcal services, and security quesxons. 22
23 Resources hdp:// engineer.org/ hdps:// engineer.com/ hdps:// engineer- toolkit/ hdp:// Hadnagy/ hdp:// engineer.org/category/podcast/ DEFCON 23 CTF hdp:// hdp://defcon.org/ hdp:// Navarro/ 23
24 24
25 The Collin College Engineering Department Collin College Student Chapter of the North Texas ISSA North Texas ISSA (InformaXon Systems Security AssociaXon) Thank you 25
Penetration Testing Using The Kill Chain Methodology
Penetration Testing Using The Kill Chain Methodology Presented by: Rupert Edwards This course is intended for a technically astute audience.this course is 98% hands on.the attendee should have some basic
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationIt may look like this all has to do with your password, but that s not the only factor to worry about.
Account Security One of the easiest ways to lose control of private information is to use poor safeguards on internet accounts like web-based email, online banking and social media (Facebook, Twitter).
More informationWhat is Penetration Testing?
White Paper What is Penetration Testing? An Introduction for IT Managers What Is Penetration Testing? Penetration testing is the process of identifying security gaps in your IT infrastructure by mimicking
More informationOPC & Security Agenda
OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information
More informationSMALL BUSINESS IT SECURITY PRACTICAL GUIDE
SMALL BUSINESS IT SECURITY PRACTICAL GUIDE How to make sure your business has comprehensive IT security protection #protectmybiz Small businesses come in all shapes and sizes. But in today s world, no
More informationCRYPTOGEDDON: HEALTH CARE COMPROMISE. Todd Dow, CISA, PMP Founder, cryptogeddon.com @toddhdow, toddhdow@gmail.com
CRYPTOGEDDON: HEALTH CARE COMPROMISE Todd Dow, CISA, PMP Founder, cryptogeddon.com @toddhdow, toddhdow@gmail.com WHAT IS CRYPTOGEDDON? An online scavenger hunt using hacker tools Use infosec tools to solve
More informationSCADA Security @ City of Raleigh. Martin Petherbridge, CPA, CIA Internal Audit Manager Shirley McFadden, CPA, CIA Senior Internal Auditor
SCADA Security @ City of Raleigh Martin Petherbridge, CPA, CIA Internal Audit Manager Shirley McFadden, CPA, CIA Senior Internal Auditor Agenda 1. PLCs, SCADA and Stuxnet 2. Selecting Audit Standards 3.
More informationIntroduction to Email Security by Brandon, deliverability engineer
Introduction to Email Security by Brandon, deliverability engineer We re a paranoid bunch at MailChimp. We proudly wear tinfoil hats, we have secret hideout rooms with steel walls, and we have fireman
More information1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.
Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is
More informationIdentity Theft: An Introduction to the Scope of the Crime, and Its Prevention, Detection and Remediation
Identity Theft: An Introduction to the Scope of the Crime, and Its Prevention, Detection and Remediation June 2009 Cairo, Egypt Joanna P. Crane Identity Theft Program Manager Senior Attorney The views
More informationOnline Security Tips
Online Security Tips Is your computer set to automatically check for software and security updates? Do you type your name in search engines to see what personal information is online? Have you customized
More informationAn Introduction on How to Better Protect Your Computer and Sensitive Data
An Introduction on How to Better Protect Your Computer and Sensitive Data Common Security Problems Computer users who fail to use strong passwords Constant attacks by viruses, worms, key loggers and bots
More informationAchieving Information Security
Achieving Information Security Beyond penetration testing and frameworks ISACA Athens Conference 25 November, 2014. All good information security presentations start with a Bruce Schneier quote - Not Bruce
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationSMALL BUSINESS IT SECURITY PRACTICAL GUIDE
SMALL BUSINESS IT SECURITY PRACTICAL GUIDE How to make sure your business has comprehensive IT security protection #protectmybiz Small businesses come in all shapes and sizes. But in today s world, no
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationCyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015
Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationSecurity Testing in Critical Systems
Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base
More informationUnderstanding Home Network Security
Whitepaper Understanding Home Network Security Creating and Maintaining a Secure Home Network Executive Summary There are countless dangers lurking on the Internet, and routers are equipped to prevent
More informationVulnerability and Threat Management and Prevention
A1 Vulnerability and Threat Management and Prevention Weston Hecker Security Expert With KLJ Systems Network Analyst/Penetration Tester/President Of Computer Security Association Of North Dakota Slide
More informationResearch Note The Art of Social Engineering
Research Note The Art of Social Engineering By: Devin Luco Copyright 2013, ASA Institute for Risk & Innovation Keywords: Cyber Attacks, Cyber Criminals, Cyber Risks, Cybersecurity, Cyber Threats, Information
More informationDefcon 20 Owning One To Rule Them All. Dave DeSimone (@d2theave) Manager, Information Security Fortune 1000
Defcon 20 Owning One To Rule Them All Dave DeSimone (@d2theave) Manager, Information Security Fortune 1000 Dave Kennedy (@dave_rel1k) Founder, Principal Security Consultant @TrustedSec About the Speaker
More informationThe following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.
The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required
More informationTMCEC CYBER SECURITY TRAINING
1 TMCEC CYBER SECURITY TRAINING Agenda What is cyber-security? Why is cyber-security important? The essential role you play. Overview cyber security threats. Best practices in dealing with those threats.
More informationFrom Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense
1 of 5 11/17/2014 4:14 PM 800.268.2440 From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense Share This Every other week it seems like there is another secure data breach
More informationBuilding the Next Generation of Computer Security Professionals. Chris Simpson
Building the Next Generation of Computer Security Professionals Chris Simpson Overview Why teach computer security to high school students Deciding what to teach What I taught Community Support Lessons
More informationHow Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER
WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and
More information+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains
Information Security Advisor December 2015 Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains +GAMES Spot the insider & Human firewall Filtering EXerCISE Good
More informationSCADA/ICS Security in an. RobertMichael.Lee@Gmail.com Twitter: @RobertMLee
SCADA/ICS Security in an Insecure Domain RobertMichael.Lee@Gmail.com Twitter: @RobertMLee Introduction CYA The opinions held and expressed by Robert M. Lee do not constitute or represent an opinion or
More information2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.
2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. Entry Name HFA Submission Contact Phone Email Qualified Entries must be received by
More informationAdvanced Analytics For Real-Time Incident Response A REVIEW OF THREE KNOWN CASES AND THE IMPACT OF INVESTIGATIVE ANALYTICS
Advanced Analytics For Real-Time Incident Response A REVIEW OF THREE KNOWN CASES AND THE IMPACT OF INVESTIGATIVE ANALYTICS Introduction Every year, cyber criminals become stronger and more sophisticated
More informationDISCLAIMER AND NOTICES
DISCLAIMER AND NOTICES The opinions expressed in this presentation are those of the author and presenter alone. They do not represent the views of any other entity. Nothing in this presentation should
More informationCSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007
CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007 Written by Dennis Rand rand@csis.dk http://www.csis.dk Table of
More informationHow to Justify Your Security Assessment Budget
2BWhite Paper How to Justify Your Security Assessment Budget Building a Business Case For Penetration Testing WHITE PAPER Introduction Penetration testing has been established as a standard security practice
More informationTAKING SECURITY TESTING TO THE NEXT LEVEL 5 MAY 2014 STAN HEGT
+ = TAKING SECURITY TESTING TO THE NEXT LEVEL 5 MAY 2014 STAN HEGT HAVE YOU EVER ENCOUNTERED AN ADVERSARY THAT RAN NESSUS FROM A MEETING ROOM? PENETRATION TESTING vs RED TEAMING Penetration Testing Red
More informationToday s Rundown 1. What is Red Teaming? 2. So it s just an awesome pen test? 3. Nuts & Bolts of Red Teaming 4. Why should we care? 5.
2 3 About Your Trainer Dakota State University faculty member Bank pen testers in a former life Instructor at Secure Banking Solution s Institute (www.protectmybank.com) I m lucky; I don t have a real
More informationcase study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:
The Computerworld Honors Program Summary developed the first comprehensive penetration testing product for accurately identifying and exploiting specific network vulnerabilities. Until recently, organizations
More informationCombating the Next Generation of Advanced Malware
Peter McNaull Director of Technical Marketing WatchGuard Combating the Next Generation of Advanced Malware Surviving APT Attacks Current State of AV Solutions Nearly 88% of malware morphs to evade signature-based
More informationTeam Members: Jared Romano, Rachael Dinger, Chris Jones, Miles Kelly Supervising Professor: Dr. George Collins Industry Advisor: Dr.
Cyber Security 2014 Team Members: Jared Romano, Rachael Dinger, Chris Jones, Miles Kelly Supervising Professor: Dr. George Collins Industry Advisor: Dr. Joel Dubow Hacking Incidents Reported to the Cyber
More informationIT Security DO s and DON Ts
For more advice contact: IT Service Centre T: (01332) 59 1234 E: ITServiceCentre@derby.ac.uk Online: http://itservicecentre.derby.ac.uk Version: February 2014 www.derby.ac.uk/its IT Security DO s and DON
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationGlobalSign Malware Monitoring
GLOBALSIGN WHITE PAPER GlobalSign Malware Monitoring Protecting your website from distributing hidden malware GLOBALSIGN WHITE PAPER www.globalsign.com CONTENTS Introduction... 2 Malware Monitoring...
More informationOCIE Technology Controls Program
OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview
More information82-10-43 Social Engineering and Reverse Social Engineering Ira S. Winkler Payoff
82-10-43 Social Engineering and Reverse Social Engineering Ira S. Winkler Payoff Social engineering is the term that hackers use to describe attempts to obtain information about computer systems through
More informationTechnical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments
DATA SHEET Technical Testing Application, Network and Red Team Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance
More informationPenetration Testing Walkthrough
Penetration Testing Walkthrough Table of Contents Penetration Testing Walkthrough... 3 Practical Walkthrough of Phases 2-5... 4 Chose Tool BackTrack (Armitage)... 5 Choose Target... 6 Phase 2 - Basic Scan...
More informationInformation Security. CS526 Topic 1
Information Security CS 526 Topic 1 Overview of the Course 1 Today s Security News Today: 220 million records stolen, 16 arrested in massive South Korean data breach A number of online gaming & movie ticket
More informationENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats WWW.COMODO.COM
WHITE PAPER Endpoint Security and Advanced Persistent Threats The Invisible Threat They re out there waiting. Sitting at their computers hoping for you to make a mistake. And you will. Because no one is
More informationProtecting Yourself from Identity Theft. Charlene L. Esaw Chief, Outreach and Student Programs Central Intelligence Agency (CIA) May 2009
Protecting Yourself from Identity Theft Charlene L. Esaw Chief, Outreach and Student Programs Central Intelligence Agency (CIA) May 2009 How Many of You...? use an ATM machine use your credit card online
More informationCOVER FEATURE PANDORA'S NET. Pandora s Net
COVER FEATURE PANDORA'S NET F28 Pandora s Net HACKERS HAVE FOUND VULNERABILITIES IN THE WAY THE ELECTRICAL GRID IS TIED TO THE INTERNET BY BRITTANY LOGAN Google we know about. It s a search engine for
More informationTahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.
Tahoe Tech Group LLC Cyber Security Briefing Truckee Donner Chamber of Commerce March 6, 2015 Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.
More information1 Billion Individual records that were hacked in 2014 3.
783 Major data breaches in 204 up 27% from 203 2. Billion Individual records that were hacked in 204 3. 3 Fraud has changed The way we live and manage our finances today has changed radically from just
More informationAdvanced Persistent Threats
Advanced Persistent Threats Craig Harwood Channel Manager SADC and Indian Ocean Islands 1 Agenda Introduction Today s Threat landscape What is an Advance persistent Threat How are these crimes perpetrated
More informationRLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses
RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright
More informationCybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015
Cybersecurity: A Growing Concern for All Businesses RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 RLI Design Professionals is a Registered Provider with The American
More informationINTRODUCTION DEVELOPMENT AND PHENOMENA
INTRODUCTION DEVELOPMENT AND PHENOMENA ITU, ICB4PAC 02.03.2011, Vanuatu Prof. Dr. Marco Gercke, Director Cybercrime Research Institute Cybercrime Page: 1 GENERAL INTRODUCTION Cybercrime Seite: 2 CYBERCRIME
More informationSocial Engineering & How to Counteract Advanced Attacks. Ralph Massaro, VP of Sales Wombat Security Technologies, Inc.
Social Engineering & How to Counteract Advanced Attacks Ralph Massaro, VP of Sales Wombat Security Technologies, Inc. Agenda Social Engineering DEFCON Competition Source of Problem Countermeasures Social
More informationWEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationCSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/05-2007
CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/05-2007 Written by Dennis Rand rand@csis.dk http://www.csis.dk Table of contents Table of contents...
More information90% of health insurers surveyed have had a data breach 3. 72% increase in cyberattacks against healthcare companies occurred between 2013 and 2014 4
Health Savings Account (HSA) Data security and employee benefits providers by Elon Ginzburg, Information Security Officer, Wells Fargo Wholesale Banking Information security is a critical corporate responsibility.
More informationCyber Security. Securing Your Mobile and Online Banking Transactions
Cyber Security Securing Your Mobile and Online Banking Transactions For additional copies or to download this document, please visit: http://msisac.cisecurity.org/resources/guides 2014 Center for Internet
More informationAdvanced Persistent Threats
Emilio Tonelli Senior Sales Engineer South Europe WatchGuard Technologies, Inc. Advanced Persistent Threats the new security challenge Are you protected? Current Threat Landscape 2 Global Threat Landscape:
More informationADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper
ADVANCED THREATS IN THE ENTERPRISE Finding an Evil in the Haystack with RSA ECAT White Paper With thousands of workstations and servers under management, most enterprises have no way to effectively make
More informationSecuritySecuritySecurity!
SecuritySecuritySecurity! It was the best of times and the worst of times... I suspect Dickens would be quite surprised to learn how prophetic his words would be over 150 years after he penned them. THE
More informationStatistical Analysis of Internet Security Threats. Daniel G. James
Statistical Analysis of Internet Security Threats Daniel G. James ABSTRACT The purpose of this paper is to analyze the statistics surrounding the most common security threats faced by Internet users. There
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationVulnerability Assessment & Compliance
www.pwc.com Vulnerability Assessment & Compliance August 3 rd, 2011 Building trust through Information security* Citizen-Centric egovernment state Consultantion workshop Agenda VAPT What and Why Threats
More informationExploitnig DNS Server Vulnerabilites Using Linux Operating System
Exploitnig DNS Server Vulnerabilites Using Linux Operating System ABSTRACT Aysar A. Abdulrahman, Alaa K. Jumaa University of Sulaimani, Computer Science, Kurdistan Region of Iraq aysser.abdulrahman@univsul.edu.iq
More informationInternet security: Shutting the doors to keep hackers off your network
Internet security: Shutting the doors to keep hackers off your network A Paralogic Networks Guide www.scholarisintl.com Introduction Like all revolutionary steps in technological development the Internet
More informationPentesting for fun... and profit! David M. N. Bryan and Rob Havelt
Pentesting for fun... and profit! David M. N. Bryan and Rob Havelt Agenda Who are David & Rob? Why are we experts? Why do penetration tests? What is a penetration test? What is the goal? Some says it s
More informationCyber Security 2014 SECURE BANKING SOLUTIONS, LLC
Cyber Security CHAD KNUTSON SECURE BANKING SOLUTIONS 2014 SECURE BANKING SOLUTIONS, LLC Presenter Chad Knutson Senior Information Security Consultant Masters in Information Assurance CISSP (Certified Information
More informationGuide to Preventing Social Engineering Fraud
Guide to Preventing Social Engineering Fraud GUIDE TO PREVENTING SOCIAL ENGINEERING FRAUD CONTENTS Social Engineering Fraud Fundamentals and Fraud Strategies... 4 The Psychology of Social Engineering (And
More informationMoney and shopping 8.1 Online banking. Beginner s guide to. Wider interests
Wider interests Use this document with the glossary Beginner s guide to Money and shopping 8.1 Online banking This activity will help you register to bank online and get you started with your online banking
More informationFive PCI Security Deficiencies of Retail Merchants and Restaurants
Whitepaper January 2010 Five PCI Security Deficiencies of Retail Merchants and Restaurants The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations by Brad Cyprus, SSCP - Senior Security Architect,
More informationDeter, Detect, Defend
Deter, Detect, Defend Deter Never provide personal information, including social security number, account numbers or passwords over the phone or Internet if you did not initiate the contact Never click
More informationThreat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue
Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationDigital Pathways. Penetration Testing
Penetration Testing inftouch@digitalpathwyas.co.uk Penetration testing, vulnerability tests, assurance projects, ethical hacking it all means broadly the same thing; testing a corporate network to determine
More informationFive PCI Security Deficiencies of Restaurants
Whitepaper The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations By Bradley K. Cyprus- Senior Security Architect, Vendor Safe 2011 7324 Southwest Freeway, Suite 1700, Houston, TX 77074
More informationDefending Computer Networks Lecture 9: Worms/Firewalls. Stuart Staniford Adjunct Professor of Computer Science
Defending Computer Networks Lecture 9: Worms/Firewalls Stuart Staniford Adjunct Professor of Computer Science Quiz Twenty Minutes (10:10-10:30am) No notes/laptops/tablets/phones/etc Write name/net- id
More informationProtecting Yourself from Identity Theft
Protecting Yourself from Identity Theft Guide 4 Because you don t have to be the next victim Desert Schools Money Matters Series Guiding you toward financial success Table of Contents How ID theft happens.............................
More informationAre you Smarter than a Scam Artist? 2015 AASC National Conference Nashville, Tennessee
Are you Smarter than a Scam Artist? 2015 AASC National Conference Nashville, Tennessee Government Grants The government gives grants to special people like you! Stimulus money is still available through
More informationORF ISSUE BRIEF. Virtual Alarm: Social Engineering Attacks Imperil Cyber Security
OBSERVER RESEARCH FOUNDATION ORF ISSUE BRIEF SEPTEMBER 2011 ISSUE BRIEF # 32 Virtual Alarm: Social Engineering Attacks Imperil Cyber Security Rahul Prakash yber security threats have amplified significantly
More informationNational Cybersecurity Awareness Campaign
National Cybersecurity Awareness Campaign About Stop.Think.Connect. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department of Homeland Security with creating an ongoing
More informationEVILSEED: A Guided Approach to Finding Malicious Web Pages
+ EVILSEED: A Guided Approach to Finding Malicious Web Pages Presented by: Alaa Hassan Supervised by: Dr. Tom Chothia + Outline Introduction Introducing EVILSEED. EVILSEED Architecture. Effectiveness of
More informationTHINGS YOU SHOULD KNOW ABOUT IDENTITY THEFT
THINGS YOU SHOULD KNOW ABOUT IDENTITY THEFT Compliments of: Fripp Island Security and FIPOA Security Committee November 2013 1 INTRODUCTION Identity theft is a serious crime. It occurs when your personal
More informationStable and Secure Network Infrastructure Benchmarks
Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationIdentity Theft is a Crime in the State of New Jersey.
NEW JERSEY STATE POLICE Identity Theft: A Victim s Reference Identity Theft occurs when someone uses your personally identifying information like your name, Social Security number, or credit card number
More informationThe Christian Science Monitor
1 The Christian Science Monitor Stuxnet spyware targets industrial facilities, via USB memory stick Beware the USB memory stick. Infected sticks are the means by which a mystery spyware, dubbed Stuxnet,
More informationInfocomm Sec rity is incomplete without U Be aware,
Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN
More informationCYBERSECURITY POLICY
* CYBERSECURITY POLICY THE CYBERSECURITY POLICY DEFINES THE DUTIES EMPLOYEES AND CONTRACTORS OF CU*ANSWERS MUST FULFILL IN SECURING SENSITIVE INFORMATION. THE CYBERSECURITY POLICY IS PART OF AND INCORPORATED
More informationthings you haven t done to protect your business from cybercrime
5 things you haven t done to protect your business from cybercrime 5 things you can do to protect your business from cybercrime 27,000,000,000 27billion is a big number and is what the UK government estimates
More informationHackers: Detection and Prevention
Computer Networks & Computer Security SE 4C03 Project Report Hackers: Detection and Prevention Due Date: March 29 th, 2005 Modified: March 28 th, 2005 Student Name: Arnold Sebastian Professor: Dr. Kartik
More information67% 61% STATE OF CLOUD SECURITY BULLETIN. Information Security in the Energy Sector. Summer 2013 FROM APR SEP 2012
STATE OF CLOUD SECURITY BULLETIN Information Security in the Energy Sector Summer 2013 FROM APR SEP 2012 67% of Alert Logic customers in the energy industry experienced BRUTE FORCE ATTACKS 61% of Alert
More information