470 likes | 493 Views
Cyber Threats. Computer Scientist James M.T. Morrison FBI – Houston Division. Introduction. CS James M.T. Morrison (aka Uglymother ) 18+ Years of Experience with the FBI, 4+ years as a Computer Scientist in the Houston Office 27+ Years in the IT field
E N D
Cyber Threats Computer Scientist James M.T. Morrison FBI – Houston Division
Introduction CS James M.T. Morrison (aka Uglymother) • 18+ Years of Experience with the FBI, 4+ years as a Computer Scientistin the Houston Office • 27+ Years in the IT field • BS in Computer Engineering, MBA Technical Management, MA US History • GSEC, GREM, GCIA, GCIH, GCFE, GPEN, GWAPT, GMOB, A+, Net+ UNCLASSIFIED
“We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology.” Carl Sagan
The Actors International Criminal Enterprise State Sponsored Domestic Internal Criminal Enterprise Insider Threat Others(Hacktivists,Joyriders, etc)
Threats • Website Defacing • DDOS • Phishing • Ransomware • Exploit Kits
Website Defacement www.bbyinhang.com soneribankonline.com Iowa State Bank
DDOS Impact • 63% of companies have experienced at least one Denial of Service attack in the past 12 months • 11% of those reported more than six attacks in the same period • 67% said a website downtime of any kind would affect their customers • 51% reported a loss of revenue
Phishing • Also known as • Spear-phishing • Whaling • Vishing • SMShing
Spear-Phishing • Spear-phishing is frequently the first step in an attack. • Once such an attack has gained a foot-hold, it is both difficult to detect and difficult to remediate. • More than 90% of successful attacks start via spear-phishing. • Avoiding phishing may be the best defenses against malware attacks.
Domain Twisting Use 'spoofed' domain names designed to fool recipients. www.receiver.com becomes www.receiiver.com Or www.colonel.com becomes www.co1onel.com
Ransomware • Usually begins with a Phishing e-mail or other Social Engineering Attack • Triggered by clicking on the link or opening the attachment • All files on your machine will be encrypted (including on the cloud if you are connected) • You will be instructed to call or e-mail the attackers who may unlock you after you pay a ransom – anywhere between $300 - $1000
Ransomware Defenses • Regularly back up data and verify the integrity of those backups • Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. • Scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails.
Ransomware Response • Date of Infection • Ransomware Variant (identified on the ransom page or by the encrypted file extension) • Victim Company Information (industry type, business size, etc.) • How the Infection Occurred (e-mail, browsing websites, etc.) • Requested Ransom Amount
Phishing Avoidance • Be suspicious of any email with urgent requests • Don't use the links in an email, type them in • Always ensure that you're using a secure website • Consider installing a Web browser tool bar • Consider alternate browser • Ensure Browser Used is Up-to-Date • Turn off HTML graphics for Email
Third Party Vendors • Watch those trust relationships • What access does the vendor need? • Data flows to third parties also need to be monitored • When writing a contract with a third party, data breach incident handling should be included. • If you carry cyber insurance, how is the third party handled?
Computer Truths • Your personal computer and your work computer are not impervious to an attack • There is no “magical” appliance or software that can 100% guarantee protection against an attack • Many networks and computers are misconfigured which allow hackers to attack a weak link and then they can move easily within your system • Every person and every company has something that somebody else wants • If an attacker truly wants access to your network, sooner or later, he/she will gain access
Recommendations to Avoid Breaches • Use Strong Passwords • Default passwords for simplicity on initial setup • Business owners should change passwords to their POS systems on a regular basis, using unique account names and complex passwords • Update POS Software Applications • Ensure that all software is using the latest updated software • POS systems, in the same way as computers, are vulnerable to malware attacks when required updates are not downloaded and installed on a timely basis. • A Firewall should be utilized to protect POS systems
Recommendations (Cont) • Use Antivirus • Antivirus work to recognize software that fits current definitions of being malicious and attempts to restrict that malware’s access to the systems • Restrict Access to Internet • POS systems should only be utilized online to conduct POS related activities and not for general Internet use. • Disallow Remote Access • Remote access on POS systems can be exploited to gain access to these networks
Passwords • Use complicated passwords on EVERYTHING • Do not use the same password for all websites
Social Media • Over the last decade, the growth and popularity of social media has increased. Social media has revolutionized the way people interact with others and has become an integral part of life for people of all ages. Criminals have exploited social media by phishing for unwary users to fall victim to their scams. The IC3 complaint data shows 12% of the complaints submitted in 2014 contained a social media aspect.
Social Media: Suggested Settings • Only establish and maintain connections with people you know and trust. • Review your connections often. • Assume that anyone can see any information about your activities, personal life, or professional life that you post and share. • Use secure browser settings.
Wi-Fi Safety: Public (Cont) • Do Not Access Personal or Corporate Financial Networks • Understand ANY traffic you put on a Public Wi-fi can be read (including Text Messages from a phone) • Turn Off The Wireless Card on your device when not needed. • Consider using a personal hotspotif you find yourself accessingpublic wifi networks a lot
Wi-Fi Safety: Private • Password protect your wireless network with WPA2 encryption and do not label your wireless network with a personally identifiable naming convention • Do not broadcast your SSID (Wireless Name) • Change the name and password when you install it • Check your network for unwanted users • Turn Off the Network When it wont be used (i.e. Vacation, etc) • Change the network administrator passwords regularly • Keep the hardware updated
Smart Phone Safety: Threats Physical Theft Malicious Applications Application Vulnerabilities Phishing (Vishing and Smishing) Ransomware Juice Jacking Bluetooth Attacks
Smart Phone Safety: Suggestions Treat it like a computer Secure your device (use Auto-Lock) Don't share your device with others Back up and protect your data regularly Delete any text messages or emails that contain sensitive information Download secure applications Be aware that malware and fraudulent applications exist. Don't "jailbreak" or "root" your device. - Taken from Intuit website
Avoiding Becoming the next “Target” • Listen to your IT Staff • Get them involved in Infragard or other external “support groups” • Track incidents • Handle Incidents “correctly” • Don’t be afraid to get help • Has your network been “Pen-tested?”
Breach Notification Laws • No Federal Breach Notification Law • Most States have Breach Notification Laws but they are all different. • When do you engage the Federal Government? • Certain losses of information require it (HIPAA, etc) • Most of the time this is internal policy • Attorneys are almost always contacted before an external entity (such as the FBI)
Incident Handling(Seven Deadly Sins) (courtesy of sans.org) • Failure to report or ask for help • Incomplete/non-existent notes • Mishandling/Destroying Evidence • Failure to create working images • Failure to contain or eradicate • Failure to prevent follow-on compromise months later • Failure to apply lessons learned
Infragard InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Designed to help protect the 16 Critical Infrastructures One of which is Healthcare and Public Health Sector
Infragard Membership • Individual • FREE • Requirements: • 18 years or Older • U.S. Citizen • Pass Periodic Criminal Background Checks • Agree to Adhere to the IG Code of Ethics • Apply Online at https://www.infragard.org
Houston Chapter Events • Chapter Meetings • New Member Orientation Meetings • SIG Meetings • Conference Sessions & Booths • VIP Tours • Workshops • Joint-Organization Meetings • FBI InfraGard Appreciation Events • Holiday Social/Year-end Wrap-up UNCLASSIFIED
Special Interest Groups (SIGs) • Retail • Maritime • Bryan/College Station • Phishing Task Force • Others Pending • Oil & Gas • Technology • Financial Services • Public Safety • Healthcare • Legal • Power & Utilities UNCLASSIFIED
Questions?? FBI HoustonComputer Scientist James Morrison GSEC, GFCE, GPEN, GWAPT, GCIA, GCIH, GREM, GMOBMBA, MA 1 Justice Park Drive Houston, Texas 713-693-5000