Embed Size (px)
Citation preview
Can you solve these cybercrime cases?Test your cybersleuthing skills against some of the most challenging cybercrimes we’ve investigated.
60
300Kcal
60
This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service.
© 2017 Verizon. All Rights Reserved. The Verizon name and logo and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.
Proprietary statement
The broken circle of trust.
The crimeA regional water supplier suspected a data breach when its clients reported their online account details had been changed.
Refunds due to customers, totaling £500,000, had been transferred fraudulently to new bank accounts.
The clues
The stolen money was transferred to UK accounts and ultimately used to purchase Bitcoin.
There was no sign of malware or tampering.
Online accounts and telephone payments were administered by a third-party call center in Mumbai.
B
Whodunnit?
The Absolute Zero
The Indignant Mole
The Secret Squirrel
A. B. C.
Was the culprit a disgruntled employee?
Had a trusted partner taken advantage of their enterprise access rights?
Had an employee fallen foul of a criminal while travelling and had data stolen from their device?
The solution
B. The Indignant Mole
An employee at the Mumbai call center had used their access rights to defraud the accounts.
Although they had wiped all records of the fraudulent activity, shadow copies were found on their home computer.
A sudden hankeringfor seafood.
The crimeA university’s IT security team was receiving an increasing number of complaints from students about slow or inaccessible network connectivity.
The clues
Name servers—responsible for DNS lookups—were dropping legitimate lookups, preventing access to the majority of the internet.
The servers showed an abnormal number of subdomains related to seafood.
Firewall analysis identified over 5,000 discrete systems making hundreds of DNS lookups every 15 minutes.
Was the culprit a botnet barrage built of compromised Internet of Things (IoT) devices —like light bulbs or building automation solutions?
Was the university on the wrong side of a hacktivist?
Had the university fallen foul of a distributed denial of service (DDoS) attack?
Whodunnit?
The Panda Monium
The EpluribusEnum
60
The 12,000 Monkeyz
A. B. C.
60
300Kcal
The solution
A. The Panda Monium
An IoT botnet had spread from device to device—everything from light bulbs to vending machines—by brute forcing default and weak passwords.
60
300Kcal
When it rains,it pours.
The crimeCustomers were concerned when their first attempts to make a payment on our client’s e-commerce site always failed—but went through the second time.
The first page was a fake being used to defraud customers.
The e-commerce site was managed by a third-party web developer in the European Union.
The developer was leveraging a low-cost cloud services provider in another part of the world.
The fake payment page was coded to upload credit card data in real-time to an external IP—although a fault meant no data was actually exfiltrated.
The clues
Had an employee introduced malware from an infected USB device?
Had an employee fallen foul of financial pretexting and opened the door to a compromise?
Had criminals stormed cloud systems by taking advantage of shortfalls in outsourced cybersecurity?
Whodunnit?
The Hot Tamale The Golden Fleece
The Acumulus Datum
A. B. C.
The solution
C. The Acumulus Datum
Criminals had exploited weaknesses in the third-party’s cloud security.
Sifting through the detritus.
The crimeA gaming company discovered that its production network had been compromised and gamer points were being siphoned off from top accounts.
0 pts!
Initial reports showed unauthorized access to various systems from a domain admin who was on vacation that week.
Network-based indicators suggested systems were infected with a remote administration tool—a “Poison Ivy” infection.
There had been no connections to one of the infected systems for a year.
The clues
Had an employee introduced malware from an infected USB device?
Was the culprit a disgruntled employee?
Was the attack perpetrated using a forgotten asset?
Was this an attack by criminals using sophisticated malware?
Whodunnit?
The Absolute Zero
The Polar Vortex
The Pit ViperA. B. C.
The solution
B. The Acumulus Datum
A forgotten server proved a soft target for brute force and provided a foothold to compromise other systems.
www.verizonenterprise.com/DataBreachDigest
Get the full story
Follow our investigations of 16 real cybercrimes and discover how you can mitigate the risks.
Read the new Data Breach Digest.
60
300Kcal
Data Breach Digest
60
Perspective is Reality.
© 2017 Verizon. All Rights Reserved. The Verizon name and logo and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners. PTE16920 02/17
