Post-Data Breach ID Theft & Fraud Transactions… How the Bad Guys Operate. 21 Sep 2017 Liz Shirley, Tech Director, Intel & Intel Analysis Wapack Labs How Credential Reuse Attacks and Dark Net ID Fraud Sales Work, Suspicious Activity To Look For And Mitigation Steps To Take
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Post-Data Breach ID Theft & Fraud Transactions…
How the Bad Guys Operate.
21 Sep 2017
Liz Shirley,
Tech Director, Intel & Intel Analysis
Wapack Labs
How Credential Reuse Attacks and Dark Net ID Fraud
Sales Work, Suspicious Activity To Look For
And Mitigation Steps To Take
Wapack Labs –
How We Do Actionable Cyber Threat Intelligence
Wapack Labs is a private cyber threat intelligence company. We identify threats to your
organization, your suppliers, your partners, and industry — insiders, threats to personnel,
cyber systems, geopolitical, operational risk, and more…
Wapack Labs presents consulting and intelligence expertise in identity fraud, credential
reuse attacks and data breach notification in the corporate environment and mitigation
recommendations. We draw on Lessons Learned from financial, retail, healthcare, as well
as government and military large scale data breaches including Personally Identifiable
Information (PII) similar to the compromised Equifax data.
We also include recommendations for due diligence cyber threat assessments for financial
and other institutions engaging in activities including: Mergers and Acquisitions (M&A) and
contracting with vendors/suppliers or Business Associates (BAs).
Lost PII of employees or customers can be used by hackers to attack corporate networks
How is Stolen PII Data Used?
In a social engineering context, cyber threat actors have
discovered that corporate users more readily respond to
emails associated with their company and bosses (e.g.
CEO fraud), than to personal matters.1 – Krebs Security
Criminals and APT actors (Chinese, Russian, NK Lazarus)
may use Personal email address of a boss, HR, vendor, or
customer to contact employees to conduct phishing
attacks or solicit further PII (such as SSNs) that may result
in fraud, industrial espionage or ransomware attacks.
Lazarus Group
APT used
Phishing and
Watering-hole
attacks to target
FIs & steal funds
Stolen PII Enables Criminals to Fraudulently Obtain:
Credit cards, Pre-Paid & Gift cards, eWallets, Bitcoins