25
Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com

Cyber id sleuth web version

Embed Size (px)

Citation preview

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

A DATA BREACH of “PII” IS DEFINED AS A FIRST NAME, FIRST INITIAL OR LAST NAME PLUS:

A Social Security Number

A Driver’s License Number or State-Issued ID Number

An Account Number, Credit Card Number or Debit Card Number Combined with any Security Code, Access Code, PIN or Password

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

A DATA BREACH IS DEFINED AS ANY INTURDER TO YOUR ENTERPRISE

Your Trade Secrets

Access To Your Servers By a “Hactivism” Criminal

Whatever Is Important To Your Enterprise

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

When a hacker gets anyone’s credentials, it is easy for them to build a profile

of the individual to gain even more information from social media sites.

From there they can “spearPhish” more information from the victim OR

THEIR CONTACTS!

Examples of profile building follow:

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

LOST CREDENTIALS PUT YOU UNDER ATTACK

Name: Lucas NewmanExtraction

Date:12/30/20XX

Email: [email protected] Hometown: Portland, Oregon

Hashed

Password:

16b90b178faff0e3e2f92ec647b50b1

1Occupation:

Managing Director and

Portfolio Manager

Extraction

Type:Hack Source:

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

Name: Robyn MondinExtraction

Date:12/30/20XX

Email: [email protected] Hometown:Asheville, North

Carolina

Clear

Password:36f76603a2212c7fc6ff4fb8ec77a64

c

Occupation: Mortgage Banker

Extraction

Type:Hack Source:

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

EVERY EMPLOYEE, PARTNER, AND SYSTEM IS A WEAK LINK

Name: Pat GrundishExtraction

Date:8/13/20XX

Email: [email protected] Hometown: Englewood, Ohio

Clear

Password:p_grundish Occupation: Mortgage Loan Officer

Extraction

Type:Hack Source:

Name: Mandy KnerrExtraction

Date:8/13/20XX

Email: [email protected] Hometown: Huber Heights, Ohio

Clear

Password:m_knerr Occupation:

Sr. Marketplace Loan

Officer

Extraction

Type:Hack Source:

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

MULTIPLE VECTORS OF ATTACK RESULT IN BREACHES

Data Breaches

Point of Sale

Systems Email

Web

Mobile

Lost/ Stolen DeviceFTP

Cloud Services

Employees

Hacking

Social Media

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

THREE PRIMARY CAUSES DRIVE DATA BREACHES

Data Breaches

Monetization

NegligenceEgo

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

IT Administratorsharden their networks by building

walls with Anti-Virus software to keep

out the bad guys

The Resultis that Anti-Virus software can’t keep

up and the bad guys are already

inside your walls

Malware76,000 new malware

strains are released into

the wild every day

Credentials73% of online banking

users reuse their

passwords for non-

financial websites

PROVIDING VISIBILITY BEYOND THE IT WALLS

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

THE PROBLEM YOU DIDN’T KNOW YOU HAVEIT Administrators

harden their networks by building

walls with Anti-Virus software to keep

out the bad guys

The Resultis that Anti-Virus software can’t keep

up and the bad guys are already

inside your walls

The Problemis that 76,000 new

malware strains are

released into the wild

every day

The Problemis that 73% of online

banking users reuse

their passwords for non-

financial websites

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

ANATOMY OF A SPEARPHISHING ATTACK

TargetVictim

1

InstallMalware

2

AccessNetwork

3Collect & Transmit

Data

4

BreachEvent

5

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

THE LONG-TERM EFFECTS OF THE STRATFOR BREACH

2005

•An employee of a Kansas City investment bank registers for the free Stratfor newsletter

December 2011

•Stratfor becomes aware of its breach

January 2012

Stratfor initiates a massive breach response, including removing all related data

from the Web

February 2013

•A hactivist group identifies the credential/password combo that still accesses

investment bank’s webmail

February 2013

•Hacktivist group publishes investment bank’s client

information on the company’s home page

It took nearly eight years to feel the full effect of a duplicate password.

Over 300,000 individuals had their personal information leaked, such as credit card numbers, addresses, phone numbers, and more.

Employee used same password to access the Stratfor newsletter as his password to corporate webmail account.

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

CASE STUDY: Target Corporation

Nov. 27 – Dec. 15 2013

• Hacker execute extended attach against Target’s point-of-sale system

Dec. 18, 2013

• News of the breach is reported by data and

security blog KrebsOnSecurity

Dec. 20, 2013

• Target acknowledges the breach, saying it is under

investigation

Dec. 21, 2013

• JP Morgan announces it is placing daily spending caps on affected customer debit

cards

Dec. 22, 2013

• Customer traffic drops over the holiday season,

resulting in a 3-4% drop in customer transactions

Jan. 10, 2014

• Target lowers its fourth-quarter financial

projections, saying sales were “meaningfully

weaker-than-expected”

Current estimates of the total financial impact to

Target is $200 million

Target provided affected individuals with 12 months of identity theft protection

and insurance coverage

110M user accounts compromised , exposing

credit and debit card numbers, CVN numbers,

names, home addresses, e-mail addresses and or

phone numbers

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

“Ongoing forensic investigation

has indicated that the intruder

stole a vendor's credentials which

were used to access our system.”

Molly Snyder, Target

CorporationJanuary 2014

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

Email Attack on Vendor Set Up Breach at Target*

* Source: http://krebsonsecurity.com/

The breach at Target Corp. that exposed credit card and personal data on

more than 110 million consumers appears to have begun with a malware-

laced email phishing attack sent to employees at an HVAC firm that did

business with the nationwide retailer, according to sources close to the

investigation.

Last week, KrebsOnSecurity reported that investigators believe the source of

the Target intrusion traces back to network credentials that Target had

issued to Fazio Mechanical, a heating, air conditioning and refrigeration firm

in Sharpsburg, Pa.

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

THE PROFILE OF AN ATTACKER

The malware used to hack Target’s POS system was written by a Ukrainian teen

• Andrey Hodirevski from southwest Ukraine is alleged to have carried out the attack from his home

• The card details were sold through his own forum as well as other communities

• investigated the breach when it occurred and was able to verify various discussions and identifiers pointing to this suspect

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

CyberID-Sleuth™ IDENTIFIES PROVIDES EARLY WARNING AT TWO POINTS

CyberID-Sleuth™

scours botnets, criminal

chat rooms, blogs, websites and

bulletin boards, Peer-to-Peer

networks, forums, private

networks, and other black market

sites 24/7, 365 days a year

CyberID-Sleuth™

harvests 1.4 million compromised credentials per

month

DarkWeb

CyberID-Sleuth™

identifies your data as it accesses criminal command-

and-control servers from multiple

geographies that national IP

addresses cannot access

CyberID-Sleuth™

harvests 7 millioncompromised IP addresses every

two weeks

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

CyberID-Sleuth™ Credential Monitoring *

* Allow us to run your IP Address through our system too

Tier I

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

CyberID-Sleuth™ PROVIDES MORE THAN AUTOMATED ALERTS

Credential

Monitoring

Identifying email addresses from a corporate domain

that have been hacked, phished, or breached

IP Address Scanning

Identifying devices in a

corporate network connected

to a known malware command

and control server

Doxing awareness and

hacktivist activity monitoring

Locating the

individuals and

exchanges

involved in

intellectual

property theft

Hacks, exploits

against networks,

glitches, leaks,

phishing/keyloggin

g monitoring

Identification of communities targeting brands,

networks or IP addresses

Identification of intellectual property distribution

Identification of individuals posing

a risk to any IP address

Tier II

Tier I

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

Tier I Tier II

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

THE COSTS OF A DATA BREACH ARE VARIED

Detection or Discovery—”Activities that enable a company to reasonably detect the breach of personal data either at risk (in storage) or in motion”

Escalation—”Activities necessary to report the breach of protected information to appropriate personnel within a specified time period.”

Notification—physical mail, e-mail, general notice, telephone

Victim Assistance—card replacement, credit monitoring offer, identity theft protection offer, access to customer service representatives

Churn of existing customers / personnel

Future Diminished Acquisition of customers or employees

Data Security Compliance Advisors

Certified Identity Theft Risk Management Specialists

873 East Baltimore Pike #501

Kennett Square, PA 19348

610-444-5295

www.BTR-Security.com

It’s time for you to know what the bad guys know