1 / 14

Cyber Crime Trends

Cyber Crime Trends. The New Landscape. Deperimeterisation Social Media: Miracle or Menace? Where is my data? The Rise of the Targeted attack. www.criticalid.net. Types of Cyber Attacks. www.criticalid.net. 2013 Data Breach Investigations Report.

graham-knight
Download Presentation

Cyber Crime Trends

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Crime Trends

  2. The New Landscape Deperimeterisation Social Media: Miracle or Menace? Where is my data? The Rise of the Targeted attack www.criticalid.net

  3. Types of Cyber Attacks www.criticalid.net

  4. 2013 Data Breach Investigations Report http://www.verizonenterprise.com/DBIR/2013/ www.criticalid.net

  5. 2013 Data Breach Investigations Report http://www.verizonenterprise.com/DBIR/2013/ www.criticalid.net

  6. Who wants my data? 19th February 2013: APT1: Exposing One of China's Cyber Espionage Units Mandianttracked Comment Crew for 6yrs identifying 141 attacks called APT 1 3000 indicators (domain, IP, MD5) to identify attack source all led to Pudongdistrict of Shanghai, outside HQ of unit 61398 Comment Crew launched RSA attack the volume and sophistication of the attacks so intense that they threaten the fundamental relationship between Washington and Beijing. Unit 61398 of the People’s Liberation Army, tasked with ”computer network operations”. http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf www.criticalid.net

  7. Who else wants my data? Utah Data Center • Every cell phone call in Bahamas “archived” • Call records of almost everyone inside the United States “collected” • Gmail “backdoor access”, Microsoft encryption weakened, denies data center access • RSA received $10 million to weaken encryption • Truecrypt mysteriously goes offline www.criticalid.net

  8. Next Generation attacks • Google's security team reported Heartbleed on April 1 • Affects OpenSSL • 17% of the Internet's secure web servers were vulnerable, • at time of disclosure on 7th April • Bug deemed as catastrophic, and incidents included: • Canada Revenue Agency, Community Health Systems (US), • Massive password changes required including Akamai, • ArsTechnica, Bitbucket, BrandVerity, Freenode, GitHub, Mojang, Mumsnet, Pinterest, Reddit, SourceForge, Tumblr, etc... • Shellshock: 'bigger than Heartbleed' 25 September 2014! April 2014 www.criticalid.net

  9. What about South Africa? Bank card details leaked - PASA “There are indications at this stage that only a limited number of card details have been accessed by outside organisations, and as a result limited fraud has been perpetrated" – Payment Association of South Africa, CEO Walter Volke “The card data emanating from these online transactions seems to have been stored in a manner which does not meet the stringent security standards expected by PASA” There was no need for “undue concern” November 9 2012 www.iol.co.za/news/south-africa/bank-card-details-leaked-pasa-1.1420656 www.criticalid.net

  10. What about South Africa? Dexter infects Point of Sale terminals PASA, card schemes and SA’s major banks have taken immediate steps to prevent a further leakage of card details because of a security lapse at a company processing transactions. “All the fast-food retailers have been cleaned out as far as possible, and certainly no one will be out of pocket [as the banks will honour losses].” Unique variant used in SA, original emerged in December 2012. How did the data get out? & who is liable? October 15 2013 http://www.techcentral.co.za/sa-banks-in-massive-data-breach/44338/ www.criticalid.net

  11. Designed to elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision. Should review, the adequacy of their disclosure relating to cybersecurity risks and cyber incidents, if the costs or consequences with one or more known incidents or the risk of potential incidents represent a material event (i.e. may reasonably be expected to affect the company's stock price) Estimate the impact of cyber incidents and the consequences of failing to implement adequate security.Go beyond privacy, to key operational issues http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm www.criticalid.net

  12. Where is the Risk? • Market risk: • Dealstream collapse in 2008 • VOX telecom exposure of R30 million • Single Stock Futures gives ABSA R1.4 billion liability • Credit Risk: • Standard Bank vehicle finance: R504m impairment loss in FY to June 2014 • African Bank: R6.4 billion • What about cyber crime losses and risk exposure? • SABRIC estimates R480 million card fraud losses in 2013 http://www.iol.co.za/dailynews/news/sa-lost-r480m-to-card-fraud-1.1610443 www.criticalid.net

  13. Conclusion • Payment systems are top target of attacks • New threat environment: • Next generation systemic vulnerabilities • Shellshock: 'bigger than Heartbleed' 25 September 2014! • Encryption is no longer safe? • Changing legal framework • New legal implications for data breaches Are you ready for a Security Breach? www.criticalid.net

  14. THANK YOU 079 015 1905

More Related