SAFE COMPUTING IN THE AGE OF PERVASIVE CYBERCRIME A Real & Present Danger Jane Ginn, MRP, AIT Managing Director SedonaCyberLink
Nov 18, 2014
SAFE COMPUTING IN THE AGE OF
PERVASIVE CYBERCRIME
A Real & Present Danger
Jane Ginn, MRP, AIT
Managing Director
SedonaCyberLink
PURPOSE:Why are we here today?
Characterize magnitude of problem
Overview of threats/vulnerabilities Identify potential cyber exploits
Outline countermeasures Online resources
Hotlinks on PowerPoint Local resources
Tech support
KEY ISSUES TO PLAN FOR
Data Security Customer Privacy
GROWTH OFCYBERCRIME
Exponential growth of criminal activity on the web ---
STATE OF THE WORLDCenters of Criminal Activity ---
Source: HostExploit – Global Security Report, April 2012
DEEP WEBDark Nets of Cyber Crime ---
CYBER CRIMINALSWhat is their motivation?
CRIMINAL ACTIVITY2011 Poneman Benchmark Study
Source: Symantec
NEW MALWARE2011 Patterns ---
Source: Panda Labs
GLOBAL SPAMTypes ---
Source: McAfee 2011 Q4 Report
SPAM TO USOver 50% from US, China & Brazil-
http://www.securelist.com/en/analysis/204792234/Spam_report_May_2012
BOTNET HERDS2011 Infections ---
Source: McAfee 2011 Report
EXPLOITS EVERYWHERE
Apple Exploits (2009 data)---
http://www.sans.org/top-cyber-security-risks/trends.php
RELATIVE VOLUMEHuman errors lead to most exploits ---
ACTIVITIES & EXPLOITS
What you do during the day that could lead to a cyber exploit ---
AGENT/BROKER PROCESS
Marketing
Prospecting
Developing Deal
Closing Deal
Across
All
USING EMAIL AS A TOOL
Local and Web-based Clients ---
Sending and receiving eMail Criminals intercept and steal
confidential information Man-in-the-Middle Attacks (DSN example)
Criminals conduct phishing attacks (spam)
Fraud, Extortion Recruiting for Botnet Herds
Criminals plant malware Viruses Spyware Trojans Worms
SURFING THE INTERNET
All Browsers---Browsing Websites
Criminals use Cross-site Scripting (XSS)Spoofed websites for capturing
personally identifiable information (PII) Downloading Key-Loggers Downloading Screen-Capture Programs Downloading rootkits
Criminals Recruit for BotNetsDistributed Denial of Service Attacks
(DDoS) Computer used as proxy for:
Peer-to-Peer hosting Darknet usage
BUILDING A WEBSITEGetting your message out ---
Website design Criminals seek access control
Password cracking Brute-force attacks War-dialing War-driving
Criminals want your client listsSQL injection
Criminals can steal your client informationGraham – Leach – Bliley ActCalifornia data breach notification law, SB1386
Criminals want your mailing lists (prospects)
SOCIAL NETWORKING
Increase in exploits ---Facebook scam
Bogus Facebook warnings – June 6, 2012 Infected Apps- Software installer w/
TrojanTwitter hack
LulzSec posts 10,000 passwords in mid June, 2012 TweetGIF hack
LinkedIn hack 6 million passwords stolen in early June,
2012 Weak password encryption (SHA1)
Real estate scams – 67,190 in 2009 (FBI)
USING WIRELESS ACCESS
Special Risks ---Cellular calls & data services
Criminals download malware to mobile devicesAndroid – iPhone - Blackberry
Mobile banking vulnerabilities Criminals intercept mobile transmissions
Gap in the WAP vulnerability
Bluetooth Criminals can hijack bluetooth devices
Wireless local area networks (LAN) Criminals can infiltrate your network
OTHER EXPLOITSExploits Targeting Humans ---Point of Sale (POS) scams
Criminals steal credit card dataFor sale on darknet sites
Botnets Criminals set up proxies on legitimate
sitesPolitical activism
Protect activists against tyrannyHacktivism
Conduct DDoS AttacksMask IP addresses for sale of illicit items
(drugs, porn, PII, money mules, money laundering schemes, etc…
COUNTER-MEASURES
What you can do to prevent cyber exploits ---
ADMIN CONTROLSKeeping security tight ---
Manage networkEstablish Network AdministratorStress Test System
Perimeter testingAvoid social engineering
Maintain computer updatesPatch your operating system (OS)Patch your applications
Freeze credit reports
SAFE NETWORKINGReducing vulnerabilities ---
Home-based Office Solutions Use Antivirus + Personal Firewall
SolutionNorton 360, McAfee Total, Webroot Secure
Anywhere Use Specialty Software for Banking
Outsourced Solutions Hosting Service Offsite data storage
Use Secure Wireless Access 802.11i (WPA2)
BANKING SECURITY TOOL
Simple Controls Editable Security Policy
SAFE INTERACTIONSMaintaining constant vigilance ---
Practice Safe eMailing Spam Filters
Black listingWhite listing
Practice Safe web surfing Browser security
HTTPSGoogle ChromeCocoon (Firefox & IE)
Carefully manage client lists Salt list (proof of theft)
Monitor scams on social networks
BROWSER MATTERSPerformance & Security ---
3RD PARTY CRM TOOLTop Producer CRM ---
3RD-PARTY CRM TOOLCheck security policy ---
ONLINE RESOURCES
The websites that you can visit to learn how to protect yourself & your clients ---
REALTOR UNIVERSITY
Course Addressing Data SecurityCourse Addressing
Privacy
NGOS & GOV AGENCIES
Links to help you --- Identity Theft
Privacy Rights ClearinghouseElectronic Privacy Information Center
Banking FraudFederal Trade Commission
Phishing IntelligenceFraudWatch International
NotificationsUS-CERT
PRIVATE SECTOR SOURCES
Apps for tracking latest scams ---
COMPLIANCE ISSUES
Data Security Customer Privacy
Databases – ISO 27001 & 27002Credit Card Payments – PCI
compliance
Gramm Leach Bliley Act
NIST 800-122
RECAP
And now?
SUMMARY:What did we cover?
Characterize magnitude of problem
Overview of threats/vulnerabilities Identify potential cyber exploits
Outline countermeasures Online resources
Hotlinks on PowerPoint Local resources
Tech support
Q & AJust the beginning….