2017 - cibersecurity v1.0 (english version)

Rui Miguel FeioSharing knowledge with the world

Cybersecurity

Lisboa,Portugal(2017)


RUI MIGUEL FEIO

• Workingwithcomputerssince9yearsold,backin1984• WorkedforCitibank, IBM,Xerox• WorkedwithmanyBlueChipcompaniesaroundtheworld• Specialises inCyberSecurity• Experienceindifferentsystems(Mainframe,Linux,Windows,Unix,…)• WorkswithRSMPartnersasaSeniorTechnicalLead• Giveslecturesandpresentationsallovertheworld

Key facts:


The ”online world” is worth trillions of British Pounds and it’s being

targeted by the criminal world.

But How Safe is It?Almost every

business requires an online presence

today

Online Presence

20%

30%

25%

40%

30%

Contact people / institutions

Customers

Online Education

Social Media

Collaboration

E-commerce

Institutions

Increase Revenue

Security

Business Goals

World Wide Markets

New Ideas

Internet Search

YOUR BUSINESS ONLINE


VALUE OF ONLINE BUSINESS

*https://www.emarketer.com/Article/Worldwide-Retail-Ecommerce-Sales-Will-Reach-1915-Trillion-This-Year/1014369


CRIMINALS FROM THE PAST

Al Capone Pablo Escobar


CRIMINALS FROM THE PRESENT


01HACKERS

Thetermhackerisusedinpopularmediatodescribesomeonewhoattemptstobreakintocomputersystems.Typically,thiskindofhackerwouldbeaproficientprogrammerorengineerwithsufficienttechnicalknowledgetounderstandtheweakpointsinasecuritysystem.

02CRIMINAL ORGS

Criminalactivitiescarriedoutbycriminalorganisations bymeansofcomputersortheInternet.

03HACKTIVISTS

Hacktivistisapersonwhogainsunauthorised accesstocomputerfilesornetworksinordertofurthersocialorpoliticalends.

04NATION STATES

TheNationStateactorhasa'Licence toHack'.Theyworkforagovernmenttodisruptorcompromisetargetgovernments,organisations orindividualstogainaccesstovaluabledataorintelligence,andcancreateincidentsthathaveinternationalsignificance.

05CYBER TERRORISTSAcyber-terroristisacriminalwhousescomputertechnologyandtheInternet,especiallytocausefearanddisruption.Somecyber-terroristsspreadcomputerviruses,andothersthreatenpeople,organisations andnationselectronically.

‘ACTORS’ OF THE ONLINE THREATS


CYBER CRIME

• 80%of Hackerswork with or arepart of an organised crimegroup *

• Traditional criminalorganiSations have ‘opened’cybercrimedivisions:

• CosaNostra(ItalianMafia)• JapaneseYakuza• ChineseTriads• RussianMafia• Nigerianmobs• Mexicancartels

• They have a“businessoriented”mentality (Cybercrime Inc.)*2014study bytheRandCorporation


TYPICAL BUSINESS ORGANISATION

CEO

CFO

Management

SalesPeople

CIO

Management

Researchers Developers Engineers QATesters TechSupport

HRDirector CMO

Management

Distributors Affiliates


“CYBERCRIME INC.” ORGANISATION

CEO(Boss)

CFO(Underboss)

Management(Lieutenant)

MoneyMules(Soldiers&Associates)

CIO(Underboss)


Researchers(Soldiers)

Developers(Soldiers)

Engineers(Soldiers)

QATesters(Soldiers)

TechSupport(Soldiers)

HRDirector(Underboss)

CMO(Underboss)


Distributors(Soldiers)

Affiliates(Associates)


Innovative Marketing Inc. (aka IMI)

• FoundedbySamJainandDanielSundin (HQinUkraine)

• Developedscarewareroguesecurityprograms (WinFixer eWinAntiVirus)

• Officesin4continentswithhundredsofemployees

• SupportcentresinOhio,ArgentinaandIndia

• Marketedproductsundermorethan1,000differentbrandsandin9languages

• From2002to2008IMIgeneratedhundredsofmillionsofdollarsinprofit.

*https://www.wired.com/2011/09/mf_scareware/


Innovative Marketing Inc. (aka IMI)

Photograph taken in 2003

BJORN DANIEL SUNDINWire Fraud; Conspiracy to Commit Computer Fraud; Computer Fraud

DESCRIPTIONAlias: David Sundin

Date(s) of Birth Used: August 7, 1978 Place of Birth: Sweden

Hair: Red Eyes: Hazel

Height: 5'10" Weight: 136 pounds

Sex: Male Race: White

Occupation: Internet Entrepreneur Nationality: Swedish

Languages: English, Swedish NCIC: W10511664

REWARDThe FBI is o6ering a reward of up to $20,000 for information leading to the arrest and conviction of Bjorn Daniel Sundin.

REMARKSSundin has ties to Sweden and the Ukraine.

CAUTIONBjorn Daniel Sundin, along with his co-conspirator, Shaileshkumar P. Jain, is wanted for his alleged involvement in an international cybercrimescheme that caused internet users in more than 60 countries to purchase more than one million bogus software products, resulting inconsumer loss of more than $100 million. It is alleged that from December 2006 to October 2008, through fake advertisements placed onlegitimate companies’ websites, Sundin and his accomplices deceived internet users into believing that their computers were infected with“malware” or had other critical errors in order to encourage them to purchase “scareware” software products that had limited or no ability toremedy the purported defects.

Sundin and his co-conspirators allegedly deceived victims, through browser hijacking, multiple fraudulent scans and false error messages,into purchasing full paid versions of software products o>ered by their company, Innovative Marketing, Inc. The proceeds of these credit cardsales were allegedly deposited into bank accounts controlled by the defendant and others around the world, and were then transferred tobank accounts located in Europe. When customers complained that their purchases were actually fraudulent software, call centerrepresentatives were allegedly instructed to lie or provide refunds in order to prevent fraud reports to law enforcement or credit companies.

On May 26, 2010, Sundin was indicted in Chicago, Illinois, by a federal grand jury for the United States District Court, Northern District ofIllinois. He was indicted for wire fraud, conspiracy to commit computer fraud and computer fraud. That same day, a federal warrant wasissued for Sundin’s arrest.If you have any information concerning this person, please contact your local FBI o7ce or the nearest American Embassy orConsulate.


Carbanak Group (aka Anunak)

• “Found”earlyin2015byKasperskyLab

• UsedanAdvancedPersistentThreat(APT)campaigntargetingfinancialinstitutions

• Estimated$1BillionUSdollarshavebeenstoleninanattackagainst100banksandprivatecustomers

• TargetedprimarilyRussia,UnitedStates,Germany,ChinaandUkraine

• RumoursofbeingassociatedwithacomputersecuritycompanyinRussia:

• https://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/

https://www.symantec.com/connect/blogs/carbanak-multi-million-dollar-cybercrime-gang-focuses-banks-rather-their-customers


COST OF CYBER CRIME IN THE UK

https://www.getsafeonline.org/news/fraud-cybercrime-cost-uk-nearly-11bn-in-past-year/


ONLINE SECURITY THREATS

Risks

Virus

X-SiteScripting

Spoofing

Denial-of-Service attack is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users.

Malicious Software is a computer program designed to infiltrate and damage computers without the users consent. It’s the general term covering all the different types of threats to your computer such as viruses, spyware, worms, trojans, rootkits and so on.

Virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes.

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and confidential data, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application.

Spoofing is the act of falsifying the origin of an internet communication in order to mislead the recipient. It's widely used to create bogus emails or web pages in order to steal money, passwords or banking credentials.


THE DARK WEB

DarkWebAccessible only through special browsers like TOR, that are designed for anonymity.

Website addresses are not in clear text (e.g. http://3g2upl4pq6kufc4m.onion)

You can get access to drugs, weapons, illegal information, hacking tools, hackers, criminals, credit cards details, private confidential data, login credentials, etc.

InternetThe visible internet that we see when we browse. E.g. Google, Facebook, BBC, company websites, etc.


CRYPTO CURRENCIES HELP CYBER CRIME


HACKING-AS-A-SERVICE

http://5eme2auqilcux2wq.onion/


HACKING-AS-A-SERVICE

http://hacker4hhjvre2qj.onion/


AVAILABLE TOOLS

SOFTWARE HARDWARE


AVAILABLE TOOLS

TRAINING AND TUTORIALS BOOKS AND ARTICLES


INTERESTING FACTS

• Approximately 3.2billion people usethe internet

• 30.000websitesarehacked every day

• Approximately 204million emailsaresent every minuteand 70%of them arespam

• The majority of internettraffic is not generated by humans,but by bots andmalware.According toarecent study conducted by Incapsula,61.5%or nearly two-thirds of all the websitetraffic is caused by Internetbots

*https://fossbytes.com/10-interesting-facts-internet-really-need-know/


THE VALUE OF DATA

• Howmuchdoyouvalueyourprivacy?

• Howaboutyourfriendsandfamily’sprivacy?

• Whatdoyouthinkcouldhappenifyourdatawasmisused?

• Haveyoueversearchedorvisitedanonlinewebsitethatyouwouldratherliketokeepita‘secret’?

• Criminalorganisationsandhackersaimtoaccessprivateandconfidentialdata

• Butlegitimatecompaniesarealsotargetingforprivatedata…


http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

DATA BREACHES ARE FREQUENT


Thedatabreachcostperrecordisinaverageof$154(USD)worldwide.IntheUK,theaveragecostperrecordisof$159(USD)/£128(GBP).

$154COST PER RECORD

ThemosttargetedsectorbyattackerswastheHealthcare,followedbyEducation,Financial,Services,LifeScience,Retail,Communications,Industrial,EnergyandTechnology.

HEALTHTARGETED SECTOR

Theglobalaveragenumberofbreachedrecordswas23,834.IntheUK,theaveragenumberwasof22,759breachedrecords.

23,834RECORDS BREACHED

Globally,maliciousorcriminalattacksaccountedfor48%oftherootcauseofthedatabreach,followedby27%forsystemglitchand25%forhumanerror.IntheUKthesenumberswere51%,24%,and25%respectively.

48%ROOT CAUSE

2016 RESEARCH

* Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC June 2016


VALUE OF DATA TO HACKERS

• Allowsforidentitytheft

• Blackmail:• Financialgaining• Accesstoprivatedata• Accesstosystems

• Accesstoprivilegedinformationthatcouldleadtocompromiseoraccessthedataofanotherpersonorentity

• Sellingofthedatatothirdparties(includinglegitimatecompanies)


VALUE OF DATA TO COMPANIES

• HaveyoueverwonderedwhyFacebookorGoogleareworthbillionsofUSdollars?

• AstudypublishedbytheWallStreetJournalonFacebook:

• Eachlong-termuserisworth$80.95• Eachfriendshipisworth$0.62• Yourprofilepageisworth$1,800• Abusinesspageandassociatedadrevenuesareworth$3.1million

• Googleintheotherhand:

• Processesaround24Petabytesofdataeachday• Produces”onlineprofiles”ofitsusers• Thedataisthenstoredandsoldforpublicity


EVERYONE WANTS DATA

• DatabrokercompanyAcxiomCorporation:

• Hasmorethan23,000servers

• Theseserverscollect,collateandanalysemorethan50trillionuniquedatatransactionsperyear

• 96%ofAmericanhouseholdsareinitsdatabases

• Hasmorethan700millionuserprofilesfromaroundtheworld

• Eachprofilehasmorethan1,500specifictraits

• Onequotestated‘Thisistheageofthestalkereconomy’…


THE IMPORTANCE OF AN EMAIL



https://www.wired.com/2016/12/yahoo-hack-billion-users/

• AccordingtoYahoothedataincluded:• Names• Emailaddresses• Contacts• DateofBirthdetails• Hashedpasswords• Amixofquestionsandanswersencryptedandnot

encrypted

• Also,accordingtoYahoo,thedatadidnotinclude:• Unencryptedpasswords• Creditcarddetails• Bankaccountdetails

• ArewetotrustwhatYahoosays?...



http://www.fraud-magazine.com/article.aspx?id=4294987206


SYSTEM Z – IBM’S MAINFRAME

• There’sthisideathatthemainframeisanoldandobsoletetechnology

• IBMkeepsreleasingnewmainframeseveryfewyears.Recentlytheyhavereleasedthez13thatcostIBMmorethanUS$1billioninR&D

• Whousesthemainframe?

• 96ofthe100largestbanksintheworld• 23ofthe25largestretailcompaniesintheUS• 9ofthe10largestinsurancecompaniesintheworld• Governmentagencies• Military• Universities


MAINFRAME – THE CROWN JEWELS

• Themainframeprocessesandstoreslargesvolumesofdata

• It’sconsideredthemostsecureplatformintheworldthatcannotbehacked

• Assuch,itdoesnotrequirebiginvestmentsinsecurity…

• Unfortunately,it’snotquiteso.Thetruthis:

• Themainframeisaplatformthatishighlysecurablebutnotsecuredbydefault.Investmentandresourcesarerequiredtosecureit


HACKING THE MAINFRAME


INTERNET OF THINGS

IoT

Manufacturers of the IoTdevies are under pressure to release new gadgets with new functionalities to an ever more demanding customer. However, security is not greatly taken in consideration which creates security risks to individuals, organisations and governments.

Security RiskThere are currently 6.4 billion IoTdevices connected to the internet. It’s estimated that by 2020, there will be 20 to 50 billion IoTdevices connected to the internet.

Internet of Things


MOBILITY

• Mobile devices are moving targets• Most mobile devices are easy to hack

and compromise• Mobile devices may contain private

and business data• Hackers ‘love’ mobile devices• If compromised, they can become entry

points to your home or business IT network

The Downside

• Being able to access data and do business wherever you are is a major advantage and a requirement in the modern world.

Mobility is Good

• Old devices• Operating system not up-to-date• Apps can leak and collect personal

data• Connected to ‘dubious’ free WiFi spots• Devices not protected with access

credentials

Risks and Threats


THERE ARE NO PERFECT SYSTEMS


WHAT’S THE SOLUTION?


CYBERSECURITY MUST BE A PRIORITY AND TAKEN

SERIOUSLY


SOLUTION

• Morelegislationandregulationisrequired.Forexample:GeneralDataProtectionRegulation(GDPR).

• https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

• Investmentisamust!

• Hireexperient andqualifiedstaff• Trainingandeducation• ReviewtheITsystems,processesandprocedures• Regularlyimplement:

• Penetrationtests• Securityaudits• Vulnerabilityscanning• Dataclassification• Recertification


BUT WE ALSO NEED• Companies,governmentsandindividualsneedtochangetheirmindset

andattitudeinregardstosecurityrisksandthreats:

• It’simportanttokeepthesystemsupdated• Questiontheoriginofdocuments,links,emails,etc• Beawareandmindfulofthedatatheyshareonline• Defaultuserids/passwords• Securitymustbealwaysinyourmind!

• Securityisnotonlyatwork• ThinkabouttheIoT devices• Don’tforgetsecurityathome

• Remember:• Freecanbeveryexpensive!• Blindtrustcanbefatal!


ON A BUSINESS TRIP


ON A LARGE CLIENT


BE PROACTIVEBE AWAREBE MINDFUL

THREE Bs TO BE SECUREDThesearethe3Bs tohelpyoubesecuredinthecyberworld.Bemindfulofwhatyoudo;alwaysquestionifyou

shouldclickonalink,onanoption,ifyoushouldopenadocument,thesourceofthedocumentoremail.Beawareofthesecurityrisks;keepinformed,askquestions.Don’tputyourselfandyourbusinessatrisk.Beproactive.Don’twaituntilyoursystemsarecompromised.Keepthemup-to-datewiththelatestversionsoftheoperatingsystem,

andsoftware.Applythesecurityfixes.Haveafirewallandananti-virusandkeepthemupdated.Askforprofessional,experiencedhelp.Inthelongrunthiscansaveyoualotofmoney!!

WHAT TO DO


CONTACTS

�

[email protected]+44(0)7570911459+351962211564

www.RuiFeio.com

tf g

lEMAIL + CONTACTS SOCIAL MEDIA (for the latest news on Cybersecurity)

twitter.com/rfeio

facebook.com/RuiMiguelFeio

linkedin.com/in/rfeio

google.com/+RuiMiguelFeio