Upload
btr-security
View
123
Download
0
Embed Size (px)
Citation preview
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
A DATA BREACH of “PII” IS DEFINED AS A FIRST NAME, FIRST INITIAL OR LAST NAME PLUS:
A Social Security Number
A Driver’s License Number or State-Issued ID Number
An Account Number, Credit Card Number or Debit Card Number Combined with any Security Code, Access Code, PIN or Password
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
A DATA BREACH IS DEFINED AS ANY INTURDER TO YOUR ENTERPRISE
Your Trade Secrets
Access To Your Servers By a “Hactivism” Criminal
Whatever Is Important To Your Enterprise
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
When a hacker gets anyone’s credentials, it is easy for them to build a profile
of the individual to gain even more information from social media sites.
From there they can “spearPhish” more information from the victim OR
THEIR CONTACTS!
Examples of profile building follow:
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
LOST CREDENTIALS PUT YOU UNDER ATTACK
Name: Lucas NewmanExtraction
Date:12/30/20XX
Email: [email protected] Hometown: Portland, Oregon
Hashed
Password:
16b90b178faff0e3e2f92ec647b50b1
1Occupation:
Managing Director and
Portfolio Manager
Extraction
Type:Hack Source:
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Name: Robyn MondinExtraction
Date:12/30/20XX
Email: [email protected] Hometown:Asheville, North
Carolina
Clear
Password:36f76603a2212c7fc6ff4fb8ec77a64
c
Occupation: Mortgage Banker
Extraction
Type:Hack Source:
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
EVERY EMPLOYEE, PARTNER, AND SYSTEM IS A WEAK LINK
Name: Pat GrundishExtraction
Date:8/13/20XX
Email: [email protected] Hometown: Englewood, Ohio
Clear
Password:p_grundish Occupation: Mortgage Loan Officer
Extraction
Type:Hack Source:
Name: Mandy KnerrExtraction
Date:8/13/20XX
Email: [email protected] Hometown: Huber Heights, Ohio
Clear
Password:m_knerr Occupation:
Sr. Marketplace Loan
Officer
Extraction
Type:Hack Source:
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
MULTIPLE VECTORS OF ATTACK RESULT IN BREACHES
Data Breaches
Point of Sale
Systems Email
Web
Mobile
Lost/ Stolen DeviceFTP
Cloud Services
Employees
Hacking
Social Media
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
THREE PRIMARY CAUSES DRIVE DATA BREACHES
Data Breaches
Monetization
NegligenceEgo
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
IT Administratorsharden their networks by building
walls with Anti-Virus software to keep
out the bad guys
The Resultis that Anti-Virus software can’t keep
up and the bad guys are already
inside your walls
Malware76,000 new malware
strains are released into
the wild every day
Credentials73% of online banking
users reuse their
passwords for non-
financial websites
PROVIDING VISIBILITY BEYOND THE IT WALLS
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
THE PROBLEM YOU DIDN’T KNOW YOU HAVEIT Administrators
harden their networks by building
walls with Anti-Virus software to keep
out the bad guys
The Resultis that Anti-Virus software can’t keep
up and the bad guys are already
inside your walls
The Problemis that 76,000 new
malware strains are
released into the wild
every day
The Problemis that 73% of online
banking users reuse
their passwords for non-
financial websites
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
ANATOMY OF A SPEARPHISHING ATTACK
TargetVictim
1
InstallMalware
2
AccessNetwork
3Collect & Transmit
Data
4
BreachEvent
5
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
THE LONG-TERM EFFECTS OF THE STRATFOR BREACH
2005
•An employee of a Kansas City investment bank registers for the free Stratfor newsletter
December 2011
•Stratfor becomes aware of its breach
January 2012
Stratfor initiates a massive breach response, including removing all related data
from the Web
February 2013
•A hactivist group identifies the credential/password combo that still accesses
investment bank’s webmail
February 2013
•Hacktivist group publishes investment bank’s client
information on the company’s home page
It took nearly eight years to feel the full effect of a duplicate password.
Over 300,000 individuals had their personal information leaked, such as credit card numbers, addresses, phone numbers, and more.
Employee used same password to access the Stratfor newsletter as his password to corporate webmail account.
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CASE STUDY: Target Corporation
Nov. 27 – Dec. 15 2013
• Hacker execute extended attach against Target’s point-of-sale system
Dec. 18, 2013
• News of the breach is reported by data and
security blog KrebsOnSecurity
Dec. 20, 2013
• Target acknowledges the breach, saying it is under
investigation
Dec. 21, 2013
• JP Morgan announces it is placing daily spending caps on affected customer debit
cards
Dec. 22, 2013
• Customer traffic drops over the holiday season,
resulting in a 3-4% drop in customer transactions
Jan. 10, 2014
• Target lowers its fourth-quarter financial
projections, saying sales were “meaningfully
weaker-than-expected”
Current estimates of the total financial impact to
Target is $200 million
Target provided affected individuals with 12 months of identity theft protection
and insurance coverage
110M user accounts compromised , exposing
credit and debit card numbers, CVN numbers,
names, home addresses, e-mail addresses and or
phone numbers
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
“Ongoing forensic investigation
has indicated that the intruder
stole a vendor's credentials which
were used to access our system.”
Molly Snyder, Target
CorporationJanuary 2014
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Email Attack on Vendor Set Up Breach at Target*
* Source: http://krebsonsecurity.com/
The breach at Target Corp. that exposed credit card and personal data on
more than 110 million consumers appears to have begun with a malware-
laced email phishing attack sent to employees at an HVAC firm that did
business with the nationwide retailer, according to sources close to the
investigation.
Last week, KrebsOnSecurity reported that investigators believe the source of
the Target intrusion traces back to network credentials that Target had
issued to Fazio Mechanical, a heating, air conditioning and refrigeration firm
in Sharpsburg, Pa.
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
THE PROFILE OF AN ATTACKER
The malware used to hack Target’s POS system was written by a Ukrainian teen
• Andrey Hodirevski from southwest Ukraine is alleged to have carried out the attack from his home
• The card details were sold through his own forum as well as other communities
• investigated the breach when it occurred and was able to verify various discussions and identifiers pointing to this suspect
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CyberID-Sleuth™ IDENTIFIES PROVIDES EARLY WARNING AT TWO POINTS
CyberID-Sleuth™
scours botnets, criminal
chat rooms, blogs, websites and
bulletin boards, Peer-to-Peer
networks, forums, private
networks, and other black market
sites 24/7, 365 days a year
CyberID-Sleuth™
harvests 1.4 million compromised credentials per
month
DarkWeb
CyberID-Sleuth™
identifies your data as it accesses criminal command-
and-control servers from multiple
geographies that national IP
addresses cannot access
CyberID-Sleuth™
harvests 7 millioncompromised IP addresses every
two weeks
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CyberID-Sleuth™ Credential Monitoring *
* Allow us to run your IP Address through our system too
Tier I
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CyberID-Sleuth™ PROVIDES MORE THAN AUTOMATED ALERTS
Credential
Monitoring
Identifying email addresses from a corporate domain
that have been hacked, phished, or breached
IP Address Scanning
Identifying devices in a
corporate network connected
to a known malware command
and control server
Doxing awareness and
hacktivist activity monitoring
Locating the
individuals and
exchanges
involved in
intellectual
property theft
Hacks, exploits
against networks,
glitches, leaks,
phishing/keyloggin
g monitoring
Identification of communities targeting brands,
networks or IP addresses
Identification of intellectual property distribution
Identification of individuals posing
a risk to any IP address
Tier II
Tier I
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Tier I Tier II
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
THE COSTS OF A DATA BREACH ARE VARIED
Detection or Discovery—”Activities that enable a company to reasonably detect the breach of personal data either at risk (in storage) or in motion”
Escalation—”Activities necessary to report the breach of protected information to appropriate personnel within a specified time period.”
Notification—physical mail, e-mail, general notice, telephone
Victim Assistance—card replacement, credit monitoring offer, identity theft protection offer, access to customer service representatives
Churn of existing customers / personnel
Future Diminished Acquisition of customers or employees
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
It’s time for you to know what the bad guys know