Copyright (c) 2014 CompTIA Proper8es, LLC. All Rights Reserved. | CompTIA.org
IT Security Community
§ Who are we?
– The CompTIA IT Security is a group
focused on the changing security issues of today.
§ Who should join?
– Anyone looking to stay current with
the ever-‐changing security landscape. Join at
www.comp8a.org>communi8es>IT Security
§ Take ac8on
– Try the IT Security Assessment Wizard
Evolution of
Cyber Crime
From Scareware and
Introduction
Ian Trump, CD, CPM, BA is Security Lead at MAXfocus working
across all lines of business to define, create and execute security solutions and promote a safe, secure Internet for Small & Medium Business world wide.
§ 1989 to 1992 Canadian Forces (CF), Military Intelligence Branch.
§ 2002 to 2013, CF Military Police (Reserves), retired as a Public Affairs
Officer in 2013.
§ 2009 to 2010, Royal Canadian Mounted Police, Criminal Intelligence Analyst.
§ 2010 Founding Partner and CTO Octopi Managed Services Inc. (OMS).
§ Cyber security work for national, international organizations and Government
Hey Mom, Look at Me!
“The nice thing about being
detained in Canada is it's like being in a Days Inn; it's very clean and very nice.” – Bill Ayers
I Would Like to Thank the Academy
Theft
§ Not just the business intellectual property, but any account information that
can lead a cybercriminal to greater riches.
Fraud
§ Using impersonation and man-in-the-middle techniques, cybercriminals seek
I Would Like to Thank the Academy
Extortion
§ Holding important data ransom, a great example is CryptoLocker malware or
threating the business online services with DDOS attacks unless payment is made.
Vandalism
§ Perhaps the cybercriminals have been paid by a rival, or need to try out new
advanced malware? Maybe a hactivist community is angered by your companies polices or actions?
But Wait, There’s More
CEM
§ Child Exploitation Material, produced, facilitated and distributed using digital
means.
Counterfeiting
§ From documents to fake goods a great deal of this type of crime has moved
But Wait, There’s More
Recruiting
§ For criminal, terrorists and human-trafficking activities, victims are contacted
predominantly via social media.
Crime as a Service
§ The brokering and facilitating of various criminal services from exploits to the
recruitment of money mules is facilitated by administrators of large underground criminal marketplaces.
Our Nominees for Best Cyber Criminals Are:
Awards for Best Criminal, Best Foreign
Nation State, Best Criminal Outsource Provider and Best Terrorist.
Our Nominees for Best Cyber Criminals Are:
Who did it?
Who cares who did it?
How was it done?
#Speculation
https:// www.riskbasedsecurity.com/ 2014/12/a-breakdown-and- analysis-of-the-december-2014-sony-hack/ http://attrition.org/security/rant/ sony_aka_sownage.htmlThe Beginning (November 24)
Second Round of Leaks (December 3)
The Analysis Game (December 4)
The Next Chapter (December 5)
The Analysis Continues (December 7)
#Speculation
https:// www.riskbasedsecurity.com/ 2014/12/a-breakdown-and- analysis-of-the-december-2014-sony-hack/ http://attrition.org/security/rant/ sony_aka_sownage.htmlEx-Sony Employees, Russia,
NK, Anonymous, and Sanctions (January 5th)
Insurance Claims, Money and
Pranks (January 6th)
Attribution, Someone Is Wrong,
and Lulz! (January 12th)
Catching Up and Closing Out!
#Solastyear
Krebs on Security:
§ The apparent credit and debit card breach uncovered at Home Depot was
aided in part by a new variant of the malicious software program that stole card account data from cash registers at Target last December.
§ Analysis revealed at least some of Home Depot’s store registers had been
infected with a new variant of “BlackPOS” (a.k.a. “Kaptoxa”), a malware strain designed to siphon data from cards when they are swiped at infected point-of-sale systems running Microsoft Windows (XP).
Absolute Sownage
Patch comes out, see what it fixes.
Reverse engineer patch to break what it fixes.
Build exploit package.
Sell to cybercrime botnet underground.
But, That’s Like a Lot of Work
Analysis of the Carbanak Report ($300M to $1Bn Loss targeting the
Banking Industry) indicates a Basic Security Bundle of our products could have prevented this cyber attack.
"All observed cases used spear phishing emails with Microsoft Word 97
– 2003 (.doc) files attached or CPL files. The doc files exploit both
Microsoft Office (CVE- 2012-0158 and CVE-2013-3906) and Microsoft Word (CVE- 2014-1761).”
Patched and updated machines would have not been affected by this
But, That’s Like a Lot of Work
The age of the Trojan malware used it is very likely that Antivirus would
have intercepted the malware.
"There is evidence indicating that in most cases the network was
compromised for between two to four months.”
This indicates that worst case scenario is the banks in question had six
Clean Out Your App Closet
Less Applications = Less Vulnerability
Patch & Update Your OS
Patch & Update Your Third-Party Apps
Remove Administrator Privileges
Application Whitelists
Clean Out Your App Closet
Security Awareness Training
SANS 20
NIST
Australian DSD 35
205 Days Ago You Were Really Mean to Me.
FireEye's Mandiant Division M-Trends 2015
§ In 2014, 205 days to discover breach, down from
229 days in 2013 and 243 days in 2012.
§ In 2014, only 31% of breaches were
self-detected by enterprises, down from 33% in 2013.
Thank You
“In 2001, armed with a Palm Pilot, I aGended Defcon 9. I lost my Palm Pilot. Defcon combined curiosity, informaJon security and a
paranoid understanding of how vulnerable, fragile and ulJmately challenging this new connected environment was going to
