This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Data Security Compliance AdvisorsCertified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501Kennett Square, PA 19348
Data Security Compliance AdvisorsCertified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Robert Listerman (Bob) is a licensed Certified Public Accountant, State of Michigan and has over 30 years of experience as a process improvement business consultant. He graduated from Michigan State University and became a CPA while employed at Touche Ross & Co., Detroit, now known as a member firm of Deloitte & Touche USA LLP
Bob added the Certified Identity Theft Risk Management Specialist (CITRMS) designation issued by The Institute of Fraud Risk Management in 2007. The designation is in recognition of his knowledge and experience in identity theft risk management. Today Bob focuses his practice on data security compliance. Over 50% of identity theft can be traced back to unlawful or mishandling of non-public data within the workplace.
Currently Bob serves his professional community as an active Board Member for the Institute of Management Accountants (IMA), Mid Atlantic Council “IMA-MAC.” He is currently servicing as President of IMA-MAC (2011-2013). He is a regular seminar presenter for the IMA, Pennsylvania Institute of CPAs (PICPA), and the Michigan Association of CPAs (MACPA). Bob serves on, and is a past chair of the MACPA’s Management Information & Business Show committee which enjoys serving over 1000 CPAs in attendance each year. He is Continuing Education Chair of the PICPA’s IT Assurance Committee.
Bob serves his local community as a member of the Kennett Township, PA Planning Commission, Communications, Business Advisory, and Safety Committees. He is an active board member of the Longwood Rotary Club. He serves his Rotary District 7450 as their Interact Club Chair (Rotary in High School) since 2010.
Past professional and civic duties include serving on the Board of Directors for the Michigan Association of Certified Public Accountants (1997-2000), past board member of the Delaware Chapter of the IMA and past Chapter president for the IMA Oakland County, Michigan (1994-1995).
Data Security Compliance AdvisorsCertified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
When a hacker gets anyone’s credentials, it is easy for them to build a profile of the individual to gain even more information from social media sites.
From there they can “spearPhish” more information from the victim OR THEIR CONTACTS!
Data Security Compliance AdvisorsCertified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
STOLEN CREDENTIALS REPEATEDLY USED TO BREACH FINSERV16 Financial Services institutions publically reported a data breach in 2012, totaling 1.1M breached records.
We harvested 6 credentials belonging to Independent Capital Management in December 2011.
As recently as 4/1/2013, we have found Citi credentials for a total of 1,688
Data Security Compliance AdvisorsCertified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Email Attack on Vendor Set Up Breach at Target*
* Source: http://krebsonsecurity.com/
The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation.
KrebsOnSecurity reported that investigators believe the source of the Target intrusion traces back to network credentials that Target had issued to Fazio Mechanical, a heating, air conditioning and refrigeration firm in Sharpsburg, Pa.
Data Security Compliance AdvisorsCertified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
An Internet service provider (ISP, also called Internet access provider) is a business or organization that offers users access to the Internet and related services.
Data Security Compliance AdvisorsCertified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CyberID-Sleuth™ IDENTIFIES-PROVIDES EARLY WARNING AT TWO POINTS
CyberID-Sleuth™ scours botnets, criminal chat rooms, blogs, websites and bulletin boards, Peer-to-Peer networks, forums, private networks, and other black market sites 24/7, 365 days a year
CyberID-Sleuth™ harvests 1.4 million compromised credentials per month
DarkWeb CyberID-Sleuth™
identifies your data as it accesses criminal command-and-control servers from multiple geographies that national IP addresses cannot access
CyberID-Sleuth™ harvests 7 millioncompromised IP addresses every two weeks
Data Security Compliance AdvisorsCertified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Zeus Infection targeted towards multiple entities within the Hotel Industry within India
CyberID-Sleuth™ identified a targeted Zeus campaign which appears to have been focused and distributed to Hotel chains, mainly within the India region. The attack in question caused active compromises against a number of systems.
CyberID-Sleuth™ ’s main focus is the type of data often held within Reservation and other Hotel systems. Personal information such as credit card data, as well as passport scans or copies, are often held on Hospitality systems and the data identified next highlights that these same systems are compromised and under direct control of malicious actors.
Data Security Compliance AdvisorsCertified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CyberID-Sleuth™ IDENTIFIES ACTUAL MALWARE VARIANT
Infection Type: Zeus Infection - V2.1 Payload: Theft of all credentials, Key logging of all data,
Remote access to devicesTotal Infection Count: 487Total Credential Count: 12894 ( including duplicates )Command and Control (C2) Domain: matphlamzy.com
Date extracted and listed below is related to valid and legitimate accounts which are still active. These are not passwords taken from Breach events or other untrusted sources. They are taken directly from devices that are still infected/compromised!
Data Security Compliance AdvisorsCertified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Over 257 unique credit cards were stolen during the attack.CyberID-Sleuth™ identified the botnet, which was made up of infected devices.
CyberID-Sleuth™ CASE STUDY ANATOMY OF THE FINDINGS
Q. How many credit cards were captured?
Q. Specifically what data did it steal and report back that you could see?
CyberID-Sleuth™ could see EVERYTHING that was entered on a user’s device or saved as a password or credential.
Q. How much did this breach cost the client?
No “price” could be put on the damage caused to a victim after a fraudster has stolen their credentials. The data stolen would allow the fraudster access to internal systems, either via the stolen credentials or via backdoor access to affected systems.
Data Security Compliance AdvisorsCertified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Q. What data about the attacker were we able to find?
Limited details. Any information about the attackers are not shared with clients unless a directed attack, and is only shared with US and UK Law Enforcement.
Q. How did the authorities use the data to capture the intruders
The individual responsible for running the botnet in question is so far still at large.
CyberID-Sleuth™ CASE STUDY ANATOMY OF THE FINDINGS
Data Security Compliance AdvisorsCertified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
RECOMMENDATIONS TO REDUCE DATA BREACH EXPOSURE & COSTs
• Promote Employee Data Management Training & Education
• Require GC / CISO and their teams to understand industry, state, federal, and event specific data breach response guidelines and recommendations
• Establish an internal data breach response plan and process flow
• Prior to a data breach event contract with a data breach remediation, notification, and or forensics provider
• Utilize and maintain available data loss prevention technologies such as CyberID-Sleuth™
• Require advance encryption and authentication solutions be in place across the organization
• Contractually require notification from vendors who manage data from your organization to alert you of they incur a breach of any data
• Support enactment of legislation that clearly dictates rules and guidelines for organizations to follow in advance of, and following a data breach event
Data Security Compliance AdvisorsCertified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
1. Remember to ask us for a no-obligation credential search for your enterprise2. Allow us to give you your 20 Question Assessment Score on your risk level
Email your questions to [email protected] or to get two no-obligation services mentioned below