1 / 28

Global Threats to Local Business: Email Compromise & Ransomware A public service by :

Global Threats to Local Business: Email Compromise & Ransomware A public service by : San Mateo County District Attorney’s Office Vishal Jangla, Deputy District Attorney (material courtesy of the FBI & USSS). Global Threats.

singhd
Download Presentation

Global Threats to Local Business: Email Compromise & Ransomware A public service by :

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Global Threats to Local Business: Email Compromise & Ransomware A public service by: San Mateo County District Attorney’s Office Vishal Jangla, Deputy District Attorney (material courtesy of the FBI & USSS)

  2. Global Threats More than 4,000 ransomware attacks have occurred daily since January 1, 2016. They took in $1 bn in 2016.

  3. Global Threats As many as 1 in 3 of all small and medium businesses were hit. 1 in 5 businesses that were hit had to completely shut down operations.

  4. Global Threats Cost to small and medium companies? At least $75 bn in expenses and lost productivity each year.

  5. Global Threats Overview • What is Business Email Compromise (BEC)? • What is Ransomware? • How do I protect my business?

  6. Business Email Compromise BEC is a sophisticated scam targeting businesses that regularly perform wire transfer payments.

  7. How it happens Step 1: Stolen credentials, malware, or email from spoofed or similar domain

  8. How it happens Step 2: Compromised systems monitored and/or files scanned for invoices/accounts payable

  9. How it happens Step 3: Surveillance or snooping on executives and their staff

  10. How it happens Step 4: Impersonation of executives by way of email, voice and fax.

  11. How money is moved When funds are wired internationally Money leaves the U.S. within hours, heading for the perpetrator’s accounts.

  12. How money is moved When funds are wired domestically Money is first sent to a mule in the U.S., who forwards the funds to the scammer.

  13. How money is moved Mules They are unaware of their criminal involvement. Recruited online through social engineering and fake “work at home” job postings.

  14. How money is moved

  15. What can I do? Revisit policies & procedures • Verify changes to existing bank deposit information • Contact requestors by phone • Require two parties to sign off on payments

  16. What can I do? Prevent email compromise • Use unique passwords for your accounts • Manage passwords using an app • Two-step authentication

  17. What can I do? If you are a victim • Immediately contact your bank and initiate a recall • Contact your local FBI or Secret Service Field Office

  18. Ransomware Ransomware is a type of malicious software cyber actors use to deny access to systems or data for purposes of extortion.

  19. Ransomware Once infected, the computer system will display an alert, along with a demand for payment.

  20. Ransomware What happens if I don’t pay? Your data stays encrypted

  21. Ransomware What happens if I pay? • You could be given a decrypt key • You are asked for more money • You are attacked again • Nothing

  22. Ransomware Should I pay? • U.S. government discourages payment • Individual decision

  23. Ransomware Common variants • Xorist • CryptorBit • CryptoLocker • Locky • Samas • WannaCry

  24. Ransomware Who is behind it? • Individuals • Criminal organizations • Nation-states

  25. How it happens Ransomware introduced through: • Phishing emails with code attached • Drive-by downloading • Instant messaging applications • Vulnerable web servers exploited

  26. Protect yourself • Data backup and recovery plan for your “crown jewels” • Isolate backups from network access • Application whitelisting – prevents malicious software and unapproved programs from running • Keep all software updated and patched

  27. Protect yourself • Maintain updated anti-virus software • Restrict users from installing software • Avoid enabling macros from email attachments • Do not follow unknown web links in emails • Annual penetration testing and vulnerability assessment • Awareness & training program

  28. Protect yourself Download this presentation https://da.smcgov.org/protectyourself

More Related