Win the Internet Security War. Keep Internet Criminals Out of Your Network and Protect Your Business

Transcription

1 Win the Internet Security War Keep Internet Criminals Out of Your Network and Protect Your Business

2 Takeaways Cyber-criminals are using s & social engineering to infiltrate your network Your team may be helping the bad guys gain access to your network Implement defenses that will raise the security level of your network Remember the 3 second rule

3 Cyber Criminals are Targeting Small/Medium Size Businesses Why?????? Because they are easiest to breach and the employees are assisting Many businesses do not realize the nature of attacks Many businesses think it can t happen to them Many businesses have not implemented proper security

4 Hartford Insurance Data Businesses with 50 or less employees, ONLY 48 percent lock and secure sensitive customer, patient or employee data 53 percent shred and securely dispose of customer, patient or employee data 48 percent use password protection and data encryption 44 percent had a privacy policy 47 percent update systems and software on a regular basis 48 percent use firewalls to control access and lock out hackers 41 percent ensure secure remote access to their network The Hartford study found 85 percent of small business owners believe a security and/or data breach is unlikely Osterman Research

5 Think It Can t Happen to You...Think Again Yet 75% have reported a security incident/leak Osterman Research

6 Think It Can t Happen to You...Think Again Anti-Phishing Work Group Over 60 Members Including.. Scanned over 22 million computers in 4qtr % were found to be infected with virus & malware The owners were unaware of the infections

7 Social Engineering Social engineering is the art of tricking you into installing viruses or malware on your computer by opening attached files, clicking on imbedded links and/or revealing sensitive information. Social engineering is a common tactic used by cyber criminals to spread viruses and malware. The Twitter worm uses direct messages to entice users into visiting a pseudo-twitter login page that harvests login credentials. Fake Facebook Update arrives via , and contains links to malicious web sites. Rogue antivirus software is all about social engineering: make users think their computers are infected with viruses that can only be removed by purchasing the fake software.

8 Then and Now and Beyond Delivery Motive Organization Volume Embedded Malicious, Fun Individuals 59 Billion/Day (2005) Linked Information & Money Organized Criminals 513 Billion/Day (2013) Data source McAfee Security, Radiacti Group

9 Spam as % of Total Month % of Global Volume 2012 May 84.9% 2012 Apr 84.8% 2012 Mar 84.8% 2012 Feb 85.0% 2012 Jan 84.7% 2011 Dec 84.7% 2011 Nov 84.7% 2011 Oct 84.8% 2011 Sept 84.8% 2011 Aug 84.7% 2011 Jul 84.7% 2011 Jun 84.7% Avg ~ 85% Data source Radiacti Group

10 Spam Company w/20 Addresses

11 Spam Company w/20 Addresses And 13 virus s per day

12 Scam s DHL, FedEx, UPS Delivery Current Event Both look like legitimate s Following the links will infect your computer Data from Panda Security Annual Report

13 False Program Updates Notice the Stop Receiving Mail statement. Do not update programs via alerts Go the company s website and see if updates are available Update directly from the company s website

14 Phishing From: VISA To: Sent: Monday, February 08, :43 AM Subject: [FRAUD] possible fraudulent transaction with your 4XXX-XXXX-XXXX-XXXX VISA Dear VISA card holder, A recent review of your transaction history determined that your card was used at an ATM located in Malta, but for security reasons the requested transaction was refused. You need to complete the VISA Card Holder Form. You can do this by clicking the link below: & VISA Cards Support Ref: ORDIX10NBI5FOSTK0HJ77T This phishing attempts to capture your Visa user, password and account information in order to steal money from your account

15 Your AT&T Bill is Ready Clicking on the Log In icon loads a virus on your computer. The virus allows the criminal access to your computer without your knowledge. Over 200,000 of these s were sent to AT&T customers

16 Phishing Data Harvesting Executing the instructions sends all your stored user names and passwords associated with your accounts to the cyber criminal

17 Spear Phishing

18 Groupon with a link to a Groupon Coupon attached loads a Banker Trojan on your computer and then steals your bank information

19 Phishing Graphic from the bank s actual website has been copied in order to make this look official Resting, but not clicking the mouse pointer on the link reveals the real Web address. The string of numbers is the real address and not the company s real web address

20 Phishing Phishing Bank s Real Website

21 Scareware/Rougeware Fake Anti-Virus Pretends to scan your computer Finds non-existent threats Often hides your data Most will lock up your computer Look very official and use legitimate sounding names Antivirus2009 VirusRemover2008 Xpantivirus2008 XPAntiSpyware2009 SystemGuard2009 SpywareRemover2009 Antivirus360 RealAntivirus RogueAntimalware2008 SystemSecurity SpywareGuard2008 AntivirusPro2009 AntivirusXP2008 MSAntiSpyware2009 RogueAntimalware2009 AntivirusXPPro ProAntispyware2009 SecurityCenter AntiMalwareSuite Antispy2008

22 Scareware/Rougeware Fake Anti-Virus

23 Scareware/Rougeware Fake Anti-Virus

24 Scareware/Rougeware Fake Anti-Virus

25 Greendot MoneyPak

26 Chase Bank Redirect Customer has a legitimate Chase account Enter your Chase password Virus redirects you to this phishing site

27 Are Your Employees Using Social Media With over 800 million Facebook users and 180 million Twitter users, the answer is YES. Your employees are using social media, with or without your knowledge and/or your consent If you allow unrestricted access to social media and the internet, you risk Productivity issues Confidentiality issues HR/Legal issues Compliance Issues And most important, SECURITY issues You need to manage access to the internet and to social media with written policies AND web management software.

28 Twitter You have unopened messages on Twitter Download anti-virus

29 Linkedin - Attacked on Sept 27, 2010 Spam sent to Linked-in users directs users to a link to a compromised website A banker Trojan is then loaded onto the users computer Trojan is designed to steal account information Estimated over 1 billion spam s sent on the first day of the attack Targets were business users

30 Linked-In Hacked in 2 nd Qtr instructing you to change your password Sends the user to a fake Linked In site

31 Linked-In Hacked in 2 nd Qtr 2012

32 Linked-In Hacked in 2 nd Qtr 2012

33 Facebook Spoofed/fake Facebook Site Real Facebook Site Phishing attacks aimed at Facebook accounts have been particularly noticeable, with fake Facebook sites designed to steal users account details. Data from Panda Security Report

34 Facebook

35 Facebook

36 Facebook

37 Facebook Download the Facebook Dislike Button (August 2010) Download the Facebook Dislike Button (May 2011) Data from Panda Security Report Data from ZD Net

38 Facebook - Data Harvesting

39 Facebook Data from Panda Security Report Password change - Facebook

40 Ramnit Virus - Facebook Secure web based application program Company Network Stealing info at the user s pc during the session Sends info to criminals Attached to pictures, documents etc inside Facebook Loads itself when employee opens pictures, documents located in Facebook Captures data (passwords, account info, business info etc) during secure web sessions and sends to the cyber criminal Has stolen over 45,000 user passwords

41 Facebook s Twenty Questions Survey associated with malware moving throughout Facebook by Facebook users

42 Facebook s Troublesome Accounts

43 Black Hat SEO Example - Search on IBM Headline Actual Destination Criminals develop a fake website Use SEO to have their site rate high User sees the Headline but does not notice the url destination The url is the dangerous site that will infect your computer

44 What About Apple PC s and Mac s When Apple market share exceeds 5%, monetized malware will target Apple April % market share Add in tablets and Apple specific malware is now in the marketplace Flashback malware aimed exclusively at Mac s

45 What About Apple PC s and Mac s Mac OS attacked twice in 2011 and twice again in 2012 Lion OS is a result of those attacks

46 Smartphones & Tablets iphone 4S hacked by Certified Secure, a Dutch security company Hacked the address book, photo s, video s and browsing history of a fully patched iphone 4S Also hacked the new ios6, same operating system on the ipad, ipod and the new iphone 5 Over 100,000 Android Smartphones in Asia have been infected with a virus that intercepts banking transactions

47 But My (fill in the blank) Is Secure! Secure Connection Web Based Application/ Hosted Provider Are Your Computers and Your Network Secure?????

48 How Do I Protect My Business Multiple Layers of Defense Using Products and Policies

49 How Do I Protect My Business Multiple Layers of Defense Secure Server or Hosted Provider Spam Filtering Managed Firewall Secure VPN Router Managed Security Web Access Management Network Policies Products Anti-virus Password policy Portable device policy Document mgt Cell phone policy Unattended policy Wireless Patch policy Usage policy Software policy Data purge policy purge policy 3 rd party password policy Internet policy

50 How Do I Protect My Business UTM - Unified Threat Management Network Traffic UTM Appliance Network Policies Anti Virus Password policy Portable device policy Document mgt Cell phone policy Unattended policy Wireless Patch policy Usage policy Software policy Data purge policy purge policy 3 rd party password policy Internet policy

51 How Do I Protect My Business Policies Never respond to a Call to Action Do not Reply to the Do not click the Unsubscribe or Take me off Your List etc. Do not post your business address on Social Media sites Do not click on any links within an if you think it suspicious Inform your internet provider, bank, credit card company etc. These companies NEVER ask for personal or account information by way of . Implement good spam filtering Install good anti-virus and malware protection and KEEP IT CURRENT.

52 How Do I Protect My Business & Internet Policies Never, ever provide the following User name Password Date of Birth Social Security number Home Address Account Numbers Phone numbers addresses Driver s license number or any other personal or account information

53 Why Have Policies - Bypassing Security Example Access AOL and Bypass Network Security Company or Hosted Exchange Server and Spam Filtering Company Network All Incoming & Outgoing for Your Domain Traffic AOL Server AOL AOL, Gmail, Yahoo, Hotmail etc domains may bypass the secure exchange server and the spam filter

54 How Do I Protect My Business Network Policies Anti Virus Password policy Portable device policy Document mgt Cell phone policy Unattended policy Wireless Patch policy Usage policy Software policy Data purge policy purge/archive policy 3 rd party password policy Internet policy

55 Anti-Virus, Free Is Not Always Best

56 Anti-Virus, Free Is Not Always Best

57 How Do I Protect My Business Educate Your Employees!!!! Ancient IT Proverb The Source of Many IT Problems Resides 18 Inches in Front of the Screen

58 A Word About Compliance PCI-DSS (credit cards) HIPAA SOX GLB Federal Trade Commission Red Flag Rules All of the above compliance regulations require some or all of the security measures discussed today

59

60 Thank You for Attending For More Information Contact TeamLogic IT 815 Crocker Road Suite 4 Cleveland, Ohio sgiordano@teamlogicit.com