www.leocybersecurity.com1

TOUR OF THE DARKNET

LEO CYBER SECURITY

Heath C Renfrow, CISO, LEO Cyber Security

+1.210.551.1340

heath.renfrow@leocybersecurity.com

www.leocybersecurity.com

@LEOCyberSec

www.leocybersecurity.com2

Agenda

Darknet basics

What does it cost to get your stuff?

Dangers of Public WiFi

What’s your stuff worth?

www.leocybersecurity.com3

The Digital World

www.leocybersecurity.com4

Our Disclaimer Slide

www.leocybersecurity.com5

•Valuation of company assets•Monitoring of threat vectors•Identifying new targets•Understanding trends•Identifying breaches

Why Do We Care?

www.leocybersecurity.com6

•Conventional browsing runs through a number of commercial entities that can monitor activity.•Marketing•Law enforcement•Throttling

How is the Darknet Different?

www.leocybersecurity.com7

• Connecting to the Tor network

• How is data hid from the ISP?

How Does the Darknet Work?

www.leocybersecurity.com8

•A “candy” store of various goods

•The E-Bay of Darknet•Reviews•Ranking•Customer support•Gurantees

What is a Marketplace?

www.leocybersecurity.com9

•Credit cards•Online•Encoded on plastic

•Credentials•Social Security Numbers•Protected Health Information•Credit information•Social engineering information•Social media account

•Trojans•Key logger•Malicious spam•DDOS•Malware installation•WiFi cracker

ValuationValue of your stuff? Price to get your stuff?

www.leocybersecurity.com10

What’s it Worth?

www.leocybersecurity.com11

Credit Cards

www.leocybersecurity.com12

Email/Social Media

www.leocybersecurity.com13

ID or Company Badge

www.leocybersecurity.com14

Social Security Numbers

www.leocybersecurity.com15

Medical Records

www.leocybersecurity.com16

Tax Records

www.leocybersecurity.com17

Full/Partial Databases

www.leocybersecurity.com18

Cost to Attack

www.leocybersecurity.com19

ATM Malware

www.leocybersecurity.com20

Ransomware

www.leocybersecurity.com21

Dangers of Public WiFi

www.leocybersecurity.com22

First, the Scary

•Unsecured - No cracking•WEP - < 5 minutes•WPA - < 15 minutes•WPS - < 24 hours Reaver•WPA2 - Depends on length •KRACK - newest discovered vulnerability in WPA2•wpacracker.com•WiFi Pineapple•Rouge AP or EvilTwin Attack•Traffic Eavesdropping•Interception Manipulation

• Captive Portal Phishing for Company Computer Hostnames or Credentials

• Data Leakage over Insecure Protocols

• Leaking Shared Files and Folders on a Public Network

• Client Side attacks can lead to corporate network compromises

• Bluetooth and Ethernet Pivots• Bridging Air Gaps

www.leocybersecurity.com23

•[FIPS 140-2]•DoD Directive 8500.0•NIST Standards•Wireless Supplicants•EAP-TLS•VPN for WiFi•No Perfect Forward Secrecy•WIDS/WIPS•Wireless Traffic Monitoring

Second, the RealismRisk Mitigations Strategies

• Asset inventory

• Change default ID and password

• Two Factor Authentication (2FA) when possible, if not a strong password

•15 characters minimum;•At least two number, two letter, and two capital letter; and•If allowed, at least two punctuation character.

• Practice a regular timely patch schedule and/or enable automatic updates

• Disable unnecessary remote administration and features (MANAGE).

• Do not allow unfiltered access to the device from the Internet.

• Do not enable universal plug and play on IoT devices.

• Use secure protocols where possible, like HTTPS and SSH for device communications.

• Include IoT devices in regular vulnerability management programs

www.leocybersecurity.com24

Thank You

Questions?

www.leocybersecurity.com LEO Cyber Security

2000 McKinney Avenue, Suite 2125,

Dallas, TX 75201

+1.469.844.3608

www.leocybersecurity.com

Heath Renfow, CISO

LEO Cyber Security

+1 210 551 1340

heath.renfrow@leocybersecurity.com