IT Security Community Who are we? The CompTIA IT Security is a group focused on the changing security issues of today. Who should join? Anyone looking to stay current with the ever- changing security landscape. Join at www.comp8a.org>communi8es>it Security Take ac8on Try the IT Security Assessment Wizard Copyright (c) 2014 CompTIA Proper8es, LLC. All Rights Reserved. CompTIA.org 1
Evolution of Cyber Crime From Scareware and Ransomware to Destructionware
Introduction Ian Trump, CD, CPM, BA is Security Lead at MAXfocus working across all lines of business to define, create and execute security solutions and promote a safe, secure Internet for Small & Medium Business world wide. 1989 to 1992 Canadian Forces (CF), Military Intelligence Branch. 2002 to 2013, CF Military Police (Reserves), retired as a Public Affairs Officer in 2013. 2009 to 2010, Royal Canadian Mounted Police, Criminal Intelligence Analyst. 2010 Founding Partner and CTO Octopi Managed Services Inc. (OMS). Cyber security work for national, international organizations and Government of Canada.
Hey Mom, Look at Me! The nice thing about being detained in Canada is it's like being in a Days Inn; it's very clean and very nice. Bill Ayers
I Would Like to Thank the Academy Theft Not just the business intellectual property, but any account information that can lead a cybercriminal to greater riches. Fraud Using impersonation and man-in-the-middle techniques, cybercriminals seek to conduct banking, point-of-sale, payroll and online ordering fraud.
I Would Like to Thank the Academy Extortion Holding important data ransom, a great example is CryptoLocker malware or threating the business online services with DDOS attacks unless payment is made. Vandalism Perhaps the cybercriminals have been paid by a rival, or need to try out new advanced malware? Maybe a hactivist community is angered by your companies polices or actions?
But Wait, There s More CEM Child Exploitation Material, produced, facilitated and distributed using digital means. Counterfeiting From documents to fake goods a great deal of this type of crime has moved into the digital realm.
But Wait, There s More Recruiting For criminal, terrorists and human-trafficking activities, victims are contacted predominantly via social media. Crime as a Service The brokering and facilitating of various criminal services from exploits to the recruitment of money mules is facilitated by administrators of large underground criminal marketplaces.
My Other Computer is Your Computer
Our Nominees for Best Cyber Criminals Are: Awards for Best Criminal, Best Foreign Nation State, Best Criminal Outsource Provider and Best Terrorist. Does any of this really matter?
The Breaches
Our Nominees for Best Cyber Criminals Are: Who did it? Who cares who did it? How was it done? Who cares how it was done?
#Speculation https:// www.riskbasedsecurity.com/ 2014/12/a-breakdown-and- analysis-of-the-december-2014- sony-hack/ http://attrition.org/security/rant/ sony_aka_sownage.html The Beginning (November 24) Second Round of Leaks (December 3) The Analysis Game (December 4) The Next Chapter (December 5) The Analysis Continues (December 7) 15 Days Under Siege (December 8)
#Speculation https:// www.riskbasedsecurity.com/ 2014/12/a-breakdown-and- analysis-of-the-december-2014- sony-hack/ http://attrition.org/security/rant/ sony_aka_sownage.html Ex-Sony Employees, Russia, NK, Anonymous, and Sanctions (January 5th) Insurance Claims, Money and Pranks (January 6th) Attribution, Someone Is Wrong, and Lulz! (January 12th) Catching Up and Closing Out! (February 22nd)
#Solastyear Krebs on Security: The apparent credit and debit card breach uncovered at Home Depot was aided in part by a new variant of the malicious software program that stole card account data from cash registers at Target last December. Analysis revealed at least some of Home Depot s store registers had been infected with a new variant of BlackPOS (a.k.a. Kaptoxa ), a malware strain designed to siphon data from cards when they are swiped at infected point-of-sale systems running Microsoft Windows (XP).
It s Raining Cyber!
The Sploits
Absolute Sownage Patch comes out, see what it fixes. Reverse engineer patch to break what it fixes. Build exploit package. Sell to cybercrime botnet underground. Botnet spear-phishes, phishes or conducts automated attacks.
But, That s Like a Lot of Work Analysis of the Carbanak Report ($300M to $1Bn Loss targeting the Banking Industry) indicates a Basic Security Bundle of our products could have prevented this cyber attack. "All observed cases used spear phishing emails with Microsoft Word 97 2003 (.doc) files attached or CPL files. The doc files exploit both Microsoft Office (CVE- 2012-0158 and CVE-2013-3906) and Microsoft Word (CVE- 2014-1761). Patched and updated machines would have not been affected by this spear phishing attack.
But, That s Like a Lot of Work The age of the Trojan malware used it is very likely that Antivirus would have intercepted the malware. "There is evidence indicating that in most cases the network was compromised for between two to four months. This indicates that worst case scenario is the banks in question had six months to deploy the appropriate patches but failed to do so.
The Challenge
Clean Out Your App Closet Less Applications = Less Vulnerability Patch & Update Your OS Patch & Update Your Third-Party Apps Remove Administrator Privileges Application Whitelists Figure Out Your Software and Hardware Firewalls
Clean Out Your App Closet Security Awareness Training SANS 20 NIST Australian DSD 35 Buy More of Everything!
205 Days Ago You Were Really Mean to Me. FireEye's Mandiant Division M-Trends 2015 In 2014, 205 days to discover breach, down from 229 days in 2013 and 243 days in 2012. In 2014, only 31% of breaches were selfdetected by enterprises, down from 33% in 2013.
Firewall All The Things!
LOL, Cats
Thank You In 2001, armed with a Palm Pilot, I agended Defcon 9. I lost my Palm Pilot. Defcon combined curiosity, informajon security and a paranoid understanding of how vulnerable, fragile and uljmately challenging this new connected environment was going to become. Ian Trump, 2014