Top Banner
The ever- increasing threat of Cyber Crime Prepared By: Nathan Desfontaines 27 March 2014 Information Protection & Business Resilience
25

The ever increasing threat of cyber crime

Aug 23, 2014

Download

Presentation talking about the ever increasing threat of cyber crime and how social media, mobile devices, cloud computing make an interesting point of attack. Cyber security is only getting more and more important due to the widespread of new platforms, increasingly available and simple to use exploit kits as well as attacks becoming more sophisticated and having specific targets.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: The ever increasing threat of cyber crime

The ever-increasing threat of Cyber Crime

Prepared By: Nathan Desfontaines

27 March 2014

Information Protection & Business Resilience

Page 2: The ever increasing threat of cyber crime

1© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

Agenda

Who am I... And How did we get here?■ Me, in a CMD-shell■ Evolution of computers

Video Time■ Microsoft Europe – Cyber Security

World’s biggest data breaches■ World’s Biggest Data Breaches (Graphic)

What should you care about?■ Cyber Security Threats for 2013/2014■ Cyber Security Threats: New Platforms■ Cyber Security Threats: Exploit Kits■ Cyber Security Threats: Targeted Attacks

Video Time■ 10 Infamous Computer Hackers

Questions?

Page 3: The ever increasing threat of cyber crime

Who am I… And how did we get here?

Page 4: The ever increasing threat of cyber crime

3© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

Who am I… And how did we get here? (cont.)

Do you remember “back in the day”?

Page 5: The ever increasing threat of cyber crime

4© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

Who am I… And how did we get here? (cont.)

Apple II

Sinclair ZX-81 Timex Sinclair 1000Sinclair ZX Spectrum

Kaypro 4-84 Tandy 1000EX

KIM-1

Tandy 102

Digi-Comp

Magitronic 286

Atari 800XL

Z-180

Commodore PET

Page 6: The ever increasing threat of cyber crime

Microsoft Europe –Cyber Security

Page 7: The ever increasing threat of cyber crime

6© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

Microsoft Europe – Cyber SecuritySource: YouTube.com

Page 8: The ever increasing threat of cyber crime

World's Biggest Data Breaches

Page 9: The ever increasing threat of cyber crime

8© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

World's Biggest Data BreachesSource: informationisbeautiful.net

Page 10: The ever increasing threat of cyber crime

What should you care about?

Page 11: The ever increasing threat of cyber crime

10© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

What should you care about?

1. Widespread use of new platforms

Cyber Security Threats for 2013/2014

Three significant reasons as to why cyber security will remain a key concern for IT managers:

3. Attacks are becoming more sophisticated and have specific targets

2. Increasingly available and simple to use exploit kits

Page 12: The ever increasing threat of cyber crime

11© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

What should you care about? (cont.)

Mobile Devices

Cyber Security Threats: New Platforms

• Rapid increase in the use of mobile devices

• Improved functionality of smartphones and tablets

• Mobile devices make for an interesting point of attack

• Existence of “apps” as a source of malware

• Increase of cyber attacks on the iOS platform

• Increased use of ‘Bring Your Own Device’ (BYOD) policies in the workplace

Page 13: The ever increasing threat of cyber crime

12© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

What should you care about? (cont.)

Mobile Devices

Cyber Security Threats: New Platforms

Impersonation• SMS Redirection• Sending Email Messages• Posting to Social Media

Financial• Sending premium rate SMS Messages• Stealing Transaction Authentication Numbers (TANs)• Extortion via Ransomware• Fake Antivirus• Making Expensive Calls

Data Theft• Account Details• Contracts• Call Logs• Phone Number• Stealing Data via Application Vulnerabilities• Stealing International Mobile Equipment Identity Numbers (IMEI)

Surveillance• Audio• Camera• Call Logs• Location• SMS Messages

Page 14: The ever increasing threat of cyber crime

13© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

What should you care about? (cont.)

Cyber Security Threats: New Platforms

The Cloud

• A single point of entry that can be accessed from almost anywhere

• This access can be abused in different ways:

• Theft or destruction of data

• DoS attacks

• Hijacking of cloud service traffic and redirecting

it to other sources of malicious content

Attacks can cause significant disruption to businesses

Page 15: The ever increasing threat of cyber crime

14© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

What should you care about? (cont.)

Cyber Security Threats: New Platforms

Social Media

• Easy access to personal information

• One entry point provides a trusted voice to reach others

• “Check-ins” can provide malicious users access to possible transactions:

• Fraudulent bank transactions

• Identity theft situations

Page 16: The ever increasing threat of cyber crime

15© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

What should you care about? (cont.)

Cyber Security Threats: Exploit Kits

Exploit Kits• The “For Dummies” series equivalent in the world of cyber security

• Uses pre-written code to target applications with a history of known

security exploits or users who fail to update software

• Can be purchased by anyone and requires no knowledge of how

an exploit works

• Roughly 70% of exploit kits

originate from Russia

► Neutrino 24%

► Unknown Kit 21%

► Redkit 19%

► SweetOrange 11%

► Styx 10%

► Glazunov/Sibhost 5%

Page 17: The ever increasing threat of cyber crime

16© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

What should you care about? (cont.)

Cyber Security Threats: Targeted Attacks

Targeted & Sophisticated Attacks

• Higher payoff makes cyber attacks more of an enterprise

• “Hacktivists”: Groups of cyber criminals and/or protestors that target government and corporate websites to bring awareness to their cause

• “Cyberwarfare”: Nation-state sponsored attacks

• Advanced Persistent Threat (APT)

• Zero-Day-Forever

Page 18: The ever increasing threat of cyber crime

17© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

Zero-Day-Forever

Zero-Day-Forever

Legacy Windows users are bracing for Microsoft’s April 8, 2014 deadline to end security updates on Windows

XP and Office 2003.

Page 19: The ever increasing threat of cyber crime

18© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

What should you care about? (cont.)

Cyber Security Threats: Targeted Attacks

Targeted & Sophisticated Attacks

• Malware

• Ransomware: Common iteration referred to as Cryptolocker. Ransomware has been around for nearly a quarter-century, the latest version uses very strong encryption to make users’ files inaccessible and extort cash from them.

• Spyware

• Adware

• Scareware: Software that appears to be something legit (usually masquerading as some tool to help fix your computer) but when it runs it tells you that your system is either infected or broken in some way. This message is generally delivered in a manner that is meant to frighten you into doing something.

Page 20: The ever increasing threat of cyber crime

19© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

What should you care about? (cont.)

Cyber Security Threats: Targeted Attacks

Targeted & Sophisticated Attacks

• Viruses

• Boot Sector Virus

• Direct Action Virus

• Browser Hijacker

• File Infector Virus

• Macro Virus

• Multipartite Virus

• Polymorphic Virus

• Resident Virus• Web Scripting Virus

Page 21: The ever increasing threat of cyber crime

10 Infamous Computer Hackers

Page 22: The ever increasing threat of cyber crime

21© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

10 Infamous Computer HackersSource: YouTube.com

Page 23: The ever increasing threat of cyber crime

22© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

Questions?

Page 24: The ever increasing threat of cyber crime

Thank you

Nathan Desfontaines

[email protected]

• 082 719 2426

Page 25: The ever increasing threat of cyber crime

© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.

Disclaimer:

1) This presentation has been prepared by KPMG Services (Pty) Ltd (“KPMG”) and is exclusively for the benefit, information and internal use of “McDonald Butler” for the exclusive purposes of/in order to present at the “CSO Summit”. Under the terms of KPMG Services (Pty) Ltd, neither this presentation nor its content thereof may be used for any other purposes without KPMG’s prior written consent.

2) This presentation should be viewed solely in conjunction with a KPMG Services (Pty) Ltd representative.

3) In preparing this presentation, KPMG has relied upon and assumed, without independent verification, the accuracy and completeness of any information provided to, and/or gathered by KPMG whether from public sources or otherwise, and accordingly KPMG express no opinion or make any representation concerning the accuracy and completeness of any such information contained in this presentation.

4 ) KPMG’s finding shall not in any way constitute advice or recommendations and/or regarding any other commercial decisions associated with this presentation. All relevant issues may not have been identified, and only those issues that have been identified as part of our review are included in this presentation.

5) The information contained in this presentation reflects prevailing conditions and KPMG’s view as at 27 March 2014. KPMG has not undertaken to nor shall KPMG be under any obligation in any circumstances to update the presentation or revise the information contained in the presentation for events or circumstances arising after the 27th of March 2014 and the presentation or any information contained in the presentation shall not amount to any form of guarantee that KPMG have determined or predicted future events or circumstances.

6 ) This presentation cannot be copied, published, quoted, referred to or disclosed by “McDonald Butler” to any other third party, without KPMG’s prior written consent. No party, other than “McDonald Butler”, may rely on the presentation and/or its contents thereof, either in whole or in part. KPMG and/or KPMG Inc including its directors, employees and agents, and any body or entity controlled by or owned by or associated with KPMG or KPMG Inc (collectively “KPMG”) accepts no liability or responsibility whatsoever, resulting directly or indirectly from the disclosure or referral of the presentation and/or its contents thereof to any third party and/or the reliance of any third party on the presentation and/or its contents thereof, either in whole or in part and “McDonald Butler” agrees to indemnify and hold KPMG harmless in this regard from and against any and all claims from any person or party whatsoever, expenses, liability, loss or damages arising from or in connection thereto in this respect.