1 / 40

THREATS AND THE DARK WEB

THREATS AND THE DARK WEB. Threats against your computer. PASSWORD ATTACKS HIJACKING MAN-IN-THE-MIDDLE RANSOMWARE. Threats against YOU. Social engineering Phishing Whaling Smishing. Classic Threat Actors. Hackers/Hacktivist Terrorist Nation State APT Insiders/Spies/Thieves.

lherb
Download Presentation

THREATS AND THE DARK WEB

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. THREATS AND THE DARK WEB

  2. Threats against your computer • PASSWORD ATTACKS • HIJACKING • MAN-IN-THE-MIDDLE • RANSOMWARE

  3. Threats against YOU Social engineering Phishing Whaling Smishing

  4. Classic Threat Actors • Hackers/Hacktivist • Terrorist • Nation State APT • Insiders/Spies/Thieves

  5. THREATS OF A DIFFERENT COLOR LEADERSHIP Lackofgovernance lackofleadership Blametechnology Blame anything “sophisticatedattack”=stagnation

  6. THREATS OF A DIFFERENT COLOR • EMPLOYEES Source.LisaWhite-LinkedIn

  7. THREATS OF A DIFFERENT COLOR • EMPLOYEES BusinessProgramsDoNotTeach IT andCybersecurity CybersecurityProgramsDoNotTeachBusiness

  8. PURESTEMAPPROACHESWILLBEDEFICIENT

  9. InsiderThreatBytheNumbers TheGrowingThreat PrevalenceinIndustry 90% 59% 25% Fraud 41% Of ITemployees, surveyedsaid they may takesensitive companydataif laid off. 35% takesensitivebusiness with them when leaving or fired. Of employees(over700 cases)usede-mail to exfiltratedata Data Leakage 49% IP Theft 16% of organizationshave hadaninsider threat incident DataBreach 36% Financial ImpactofIPandR&DTheft ImportanceofPotential RiskIndicators(PRI)* 97% 92% 51% Average (inMs) $13.5M $- $2.5 $5.0 $7.5 $10.0 $12.5 $15.0 Of employeesinvolvedin aninsider threat incident hadahistoryof violating ITsecurity Of insider threat cases precededbya negativework-related event insider threat involvedemployees flaggedbysupervisorsas suspicious $200-$250B In annualestimatedlosses toU.S. Companiesdue to IPtheft frominternalandexternal sourcesaccording to the FBI.8

  10. FBI-TheInsiderThreatProfile “Acompanycanoftendetectorcontrolwhenanoutsider(non-employee) tries toaccesscompanydata, eitherphysically orelectronically, andcanmitigate the threat of anoutsider stealingcompanyproperty.However, the thief whoisharder to detect andwhocouldcause themost damageis theinsider- theemployeewithlegitimateaccess. That insidermay stealsolely forpersonalgain, or that insidermaybea“spy”-someonewhois stealingcompany informationorproductsinorder tobenefit anotherorganization, self orcountry” National InsiderThreat TaskForce(NITTF)Behavioral MotivationsIdentified Greedor Financial Need: abelief that moneycan fixanything. Excessivedebt oroverwhelmingexpenses. Anger/Revenge: disgruntlement to thepoint of wanting toretaliateagainst theorganization. Problems atwork: alackof recognition, disagreementswithco-workersormanagers, dissatisfactionwith thejob, apendinglayoff. Ideology/Identification: adesire tohelp the“underdog”oraparticularcause. DividedLoyalty: allegiance toanotherpersonorcompany, or toacountrybesides theUnited States. Adventure/Thrill: Want toaddexcitement to theirlife, intriguedby theclandestineactivity, “JamesBondWannabe.” Vulnerability toblackmail: extra-maritalaffairs, gambling, fraud. Ego/Self-image: an“above therules”attitude, ordesire torepairwounds to theirself-esteem. Oftencoupledwithanger/revengeoradventure/thrill. Ingratiation:Adesire topleaseorwin theapprovalof someonewhocouldbenefit frominsiderinformationwith theexpectationof returned favors. Compulsive anddestructivebehavior: drugoralcoholabuse.

  11. Careful who you call Friends! Robert Hanssen FBI KGB Aldrich Ames CIA KGB Not all ENEMIES are Foreign Jeffrey Sterling CIA IRAN

  12. RANSOMWARE SCAM A scare tactic that takes control of your device or files; designed to scare you into sending money to get your access back. WARNING Your personal files are encrypted. In order to obtain the private key to restore access, you need to pay $300. Private Key will be destroyed. Time Left 01: 05: 02 NEXT

  13. RANSOM WARE

  14. OUR ADVERSARIES ARE GOING DARK FBI Director James Comey 2014

  15. DeepWeb

  16. What isThis?

  17. SURFACE THEINTERNET: DEEP DARK

  18. The DEEPweb • are parts of the Internet whose • contents are not indexed by • standard search engines • & NO encryption is required

  19. The DARKweb- NON-INDEXED PROTECTED AREAS OF THEINTERNET A collection of >10K websites that use anonymity toolslike Tor You can find DRUGS and CHILD PORN Market places, The DARK WEB also allows Whistleblowers, Political Dissidents, Privacy Forums, and many other LEGAL activities, to be conducted privately.

  20. Now we know thedifference Who’s Surfing the DARKWEB?

  21. Who's out there on the DARKWEB? Over 3 Million a day Aug-Nov 2017

  22. Dark Web Map https://www.hyperiongray.com/dark-web-map/

  23. DIVING EVEN DEEPER INTO THEDARK WEB THE ONION ROUTER THE ENCRYPTED NETWORK TO THE DARKWEB

  24. encrypts traffic 3 times relay 1 www.anywhere www.anywhere relay 3 www.anywhere www.anywhere IP address relay 2 Client TOR Browser WEBSITE • List of all public keys • For every relay in the • TOR network & • IP address www.anywhere • approximately 8,000 “relays,” which are servers (owned by individuals, universities, and organizations)

  25. Money Cryptocurrency Digital cash, such as bitcoin provide a convenient system for users to spend moneyonline while keeping their real-world identitieshidden. 43

  26. WHY CRYPTO CURRENCY(BITCOIN) ANONOMOUS: Encrypted networks and sites provide confidentiality & anonymity. JUDGEMENT FREE: SYSTEMDOESN’TCARE!WHO YOU ARE, WHERE YOU ARE, OR WHATYOUBUY AND SELL NO BORDERS: Stateless PEER TO PEER PAYMENT = NO MIDDLE MAN. NO COUNTRY NOGOVERNMENT Global, and universal. Banking the Bankless & protecting privacy THE ‘INTEGRITY’OF THE NETWORK IS PARAMOUNT FOR THE INFRASTRUCTURE.

  27. GRAMS 57 moonrocks

  28. Crunchy Dutch Moonrocks(molly) 58

  29. PROFESSIONAL!

  30. The GoodGuys Aug 2017 FBI unmasks Tor-usingsuspected child sextortionist on child exploitation site PLAYPEN Charging only 137 of the over 200,000 members! 63

  31. Not all DARK Web contentis • bad orillegal • Researchers claimthat • 50% of theDARK web contents arelegal (not necessarilymoral)

  32. PRIVACY ANDIDENTITY can it getworse?

  33. PRIVACY ANDIDENTITY You are a target. You can no longer comfort yourself hiding in themasses. You now standout in the crowds of hundreds ofmillions. General Michael Hayden, the former head of theNSA and CIA, stated “Americais more secure—America is more safe—with unbreakable end-to-end encryption,” Director of National Intelligence Dan Coats “The weaponization of cyber tools and the relative lack of global guardrails in a cyber domain significantly increases the risk that a discrete act will have enormous strategic implications. I remain deeply concerned about threats from several countries to upcoming U.S. elections

  34. SUGGESTIONS Set PINs and passwords Wipe data on your old phone before you donate, resell, or recycle it. Install security apps that enable remote location and wiping Backup and secure your data

  35. WRAPUP • Adversariesare using encryptednetworks • Deep Web and Dark Web not the same Crypto currency is anonymous andStateless • Encrypted capabilities are a tool can be used for positiveor • negative • Encrypted applications are strong but not bulletproof

  36. What are yourquestions?

More Related