80 likes | 216 Views
Cyber Heists & Prevention in 2011. www.smartronix.com. www.missionassured.com. Happy Cyber Awareness Month 2011. http://www.whitehouse.gov/the-press-office/2011/10/03/presidential-proclamation-national-cybersecurity-awareness-month. Cyber Crime Still A Growing Industry.
E N D
Cyber Heists & Prevention in 2011 www.smartronix.com www.missionassured.com
Happy Cyber Awareness Month 2011 http://www.whitehouse.gov/the-press-office/2011/10/03/presidential-proclamation-national-cybersecurity-awareness-month
Cyber Crime Still A Growing Industry • Online bank robberies outpace the “in person” alternatives • Totals in cyber thefts have been more than twice traditional bank crimes since 2009 2000 2011
Will My Organization Be A Target? • It already is • Do you have: • Any patents (intellectual property)? • A bank account? • A lot of bandwidth? • A customer contact list or sensitive personal info? • Do you ever receive: • Phishing email (“You’ve won!!!”)? • Unsolicited Resumes? • Requests to follow links (via Tweet, FB, email…)?
Cases Studies in 2011 • Conclusion to Patco Construction’s Ordeal? • 2 years worth of legal struggle after $580,000 theft • What are reasonable security measures? • Experi-Metal vs. Comerica • Comerica not found to be acting in good faith for a customer • What impact does that have for everyone else?
How Exactly Did Those Cases Start? • The best guess is a single email From: “applicant@yahoo.com" <applicant@yahoo> To: <hr@smartronix.com> Subject: application for employment To Whom It May Concern, Please find attached my resume for employment with your company. Thank you. From: "info@smartronix.com" <info@smartronix.com> To: <contact@smartronix.com> Subject: setting for your mailbox are changed SMTP and POP3 servers for contact@infectionvectors.com mailbox are changed. Please carefully read the attached instructions before updating settings. Subject: You have won - Congratulations From: "MICROSOFT EMAIL PROMOTION" <info.winners@microsoft.com> To: undisclosed-recipients You have won - Congratulations You are a winner of £450,000 Pounds Sterling courtesy of Microsoft Corporation, United Kingdom in our monthly lottery held on 15th December 2010. Your secret pin code 092075ML and your reference number REF NO:MICRO-L/2009-END10. Subject: Email Upgrade From: "Webmail Support Team" <account.team@webmaster.com> Reply-To: account.team@mail.com Dear Webmail Subscriber, This is to notify you that we are presently working on our webmail User Accounts Owner for safety. We are having congestions due to the anonymous registration of accounts so we are shutting down some accounts that are no more active and your account might be deleted or suspended within 24 hours for security reasons if you do not respond to this mail. We are sending this email to you so that you can verify and let us know if you still want to use this account….
The Ounce of Prevention • Dedicated machines for banking - possibly virtual machines fit this bill if you are technically inclined • Select banks that allow tokens), and ask for the token for online banking ($2), or out-of-band verification • Review the transaction reports • Training & testing employees • Ask about security
Thank You • Contact Information: Eric Walters ewalters@smartronix.com 571-481-8708 Jason Gordon jgordon@smartronix.com