IT Security Community

Size: px

Start display at page:

Download "IT Security Community"

Dale Jacobs
8 years ago
Views:

1 IT Security Community Who are we? The CompTIA IT Security is a group focused on the changing security issues of today. Who should join? Anyone looking to stay current with the ever- changing security landscape. Join at Security Take ac8on Try the IT Security Assessment Wizard Copyright (c) 2014 CompTIA Proper8es, LLC. All Rights Reserved. CompTIA.org 1

Who should join? Anyone looking to stay current with the ever- changing security landscape.

2 Evolution of Cyber Crime From Scareware and Ransomware to Destructionware

3 Introduction Ian Trump, CD, CPM, BA is Security Lead at MAXfocus working across all lines of business to define, create and execute security solutions and promote a safe, secure Internet for Small & Medium Business world wide to 1992 Canadian Forces (CF), Military Intelligence Branch to 2013, CF Military Police (Reserves), retired as a Public Affairs Officer in to 2010, Royal Canadian Mounted Police, Criminal Intelligence Analyst Founding Partner and CTO Octopi Managed Services Inc. (OMS). Cyber security work for national, international organizations and Government of Canada.

2002 to 2013, CF Military Police (Reserves), retired as a Public Affairs Officer in 2013.

4 Hey Mom, Look at Me! The nice thing about being detained in Canada is it's like being in a Days Inn; it's very clean and very nice. Bill Ayers

5 I Would Like to Thank the Academy Theft Not just the business intellectual property, but any account information that can lead a cybercriminal to greater riches. Fraud Using impersonation and man-in-the-middle techniques, cybercriminals seek to conduct banking, point-of-sale, payroll and online ordering fraud.

6 I Would Like to Thank the Academy Extortion Holding important data ransom, a great example is CryptoLocker malware or threating the business online services with DDOS attacks unless payment is made. Vandalism Perhaps the cybercriminals have been paid by a rival, or need to try out new advanced malware? Maybe a hactivist community is angered by your companies polices or actions?

7 But Wait, There s More CEM Child Exploitation Material, produced, facilitated and distributed using digital means. Counterfeiting From documents to fake goods a great deal of this type of crime has moved into the digital realm.

8 But Wait, There s More Recruiting For criminal, terrorists and human-trafficking activities, victims are contacted predominantly via social media. Crime as a Service The brokering and facilitating of various criminal services from exploits to the recruitment of money mules is facilitated by administrators of large underground criminal marketplaces.

Crime as a Service The brokering and facilitating of various criminal services from

9 My Other Computer is Your Computer

10 Our Nominees for Best Cyber Criminals Are: Awards for Best Criminal, Best Foreign Nation State, Best Criminal Outsource Provider and Best Terrorist. Does any of this really matter?

11 The Breaches

12 Our Nominees for Best Cyber Criminals Are: Who did it? Who cares who did it? How was it done? Who cares how it was done?

13 #Speculation /12/a-breakdown-and- analysis-of-the-december sony-hack/ sony_aka_sownage.html The Beginning (November 24) Second Round of Leaks (December 3) The Analysis Game (December 4) The Next Chapter (December 5) The Analysis Continues (December 7) 15 Days Under Siege (December 8)

14 #Speculation /12/a-breakdown-and- analysis-of-the-december sony-hack/ sony_aka_sownage.html Ex-Sony Employees, Russia, NK, Anonymous, and Sanctions (January 5th) Insurance Claims, Money and Pranks (January 6th) Attribution, Someone Is Wrong, and Lulz! (January 12th) Catching Up and Closing Out! (February 22nd)

15 #Solastyear Krebs on Security: The apparent credit and debit card breach uncovered at Home Depot was aided in part by a new variant of the malicious software program that stole card account data from cash registers at Target last December. Analysis revealed at least some of Home Depot s store registers had been infected with a new variant of BlackPOS (a.k.a. Kaptoxa ), a malware strain designed to siphon data from cards when they are swiped at infected point-of-sale systems running Microsoft Windows (XP).

Analysis revealed at least some of Home Depot s store registers had been infected with a new variant of BlackPOS (a.k.a.

16 It s Raining Cyber!

17 The Sploits

18 Absolute Sownage Patch comes out, see what it fixes. Reverse engineer patch to break what it fixes. Build exploit package. Sell to cybercrime botnet underground. Botnet spear-phishes, phishes or conducts automated attacks.

19 But, That s Like a Lot of Work Analysis of the Carbanak Report ($300M to $1Bn Loss targeting the Banking Industry) indicates a Basic Security Bundle of our products could have prevented this cyber attack. "All observed cases used spear phishing s with Microsoft Word (.doc) files attached or CPL files. The doc files exploit both Microsoft Office (CVE and CVE ) and Microsoft Word (CVE ). Patched and updated machines would have not been affected by this spear phishing attack.

"All observed cases used spear phishing emails with Microsoft Word 97 2003 (.doc) files attached or CPL files.

20 But, That s Like a Lot of Work The age of the Trojan malware used it is very likely that Antivirus would have intercepted the malware. "There is evidence indicating that in most cases the network was compromised for between two to four months. This indicates that worst case scenario is the banks in question had six months to deploy the appropriate patches but failed to do so.

"There is evidence indicating that in most cases the network was compromised for between two

21 The Challenge

22 Clean Out Your App Closet Less Applications = Less Vulnerability Patch & Update Your OS Patch & Update Your Third-Party Apps Remove Administrator Privileges Application Whitelists Figure Out Your Software and Hardware Firewalls

23 Clean Out Your App Closet Security Awareness Training SANS 20 NIST Australian DSD 35 Buy More of Everything!

24 205 Days Ago You Were Really Mean to Me. FireEye's Mandiant Division M-Trends 2015 In 2014, 205 days to discover breach, down from 229 days in 2013 and 243 days in In 2014, only 31% of breaches were selfdetected by enterprises, down from 33% in 2013.

25 Firewall All The Things!

26 LOL, Cats

27 Thank You In 2001, armed with a Palm Pilot, I agended Defcon 9. I lost my Palm Pilot. Defcon combined curiosity, informajon security and a paranoid understanding of how vulnerable, fragile and uljmately challenging this new connected environment was going to become. Ian Trump, 2014

Cybersecurity Awareness. Part 1

Cybersecurity Awareness. Part 1 Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat