cyber crime - "who, what and how"
TRANSCRIPT
Cyber Crime – “Who, What and How”Charlie McMurdie – Senior Cyber Crime Advisor PWC
1/11/2016
Cyber Crime “Who, What and How"Charlie McMurdie – Senior Cyber Crime Advisor PWC
1 November 2016
Cyber statistics - Information Security Breaches Survey
More sophisticated
Longer discovery
time
UK top target
in Europe
Human failures
50% of worst breaches due to human error despite increase in staff training
Who is attacking?
PwC
Accidental
Malware non-targeted
Cyber Terrorist
Organised Cyber
Criminal
State-Sponsored
Attacks
DisgruntledCustomer
Competitor
Disgruntled ex-Employee
3rd Party Provider
Thre
at a
ctor
so
phis
ticat
ion
Hacker Hobbyist
Threat actor motivation
Hacktivist
Insider
££££££££££
Mitigation cost
Risk Appetite?
110 million credit card
details stolen (Nov 2013)
465,000 prepaid cash cards holder PII
breached (July 2013)Nation States
Cyber Regimes (e.g.
Equation Group)
World’s largest DDoS attack
impacting Internet from Netherlands ISP - Cyberbunker (March 2013)
Lulzsec & Anonymous
targeted hacktivists (2012-
2013)
Malware wipes 10,000 desktop hard
drives (August 2012)
£2.3m FSA fine for data loss (August
2010)
Edward Snowden discloses NSA and GCHQ spying
programmes (June 2013)Employee copies
35,000 client details to personal
computer (August 2012)
Threats are rapidly increasing and evolving
What’s the impact of a cyber attack?
Direct costs Indirect costs Intangible costs
Investigation and remediation
Regulatory sanction
Customer redress
Increased cyber insurance premium
Customer fraud
Class action law suit
Damage to brand
Heads roll
Competitive disadvantage
OPM hack: 21 million people’s personal information stolen, federal agency says
36 million email accounts Extortion : Paranoia: Suicide
UK Top Target for Ddos Attacks
2016 “Record” year for Ransomware
71% increase
Organised crime on an industrial scale
Cyber threats: organised crime
PwC
Tango Down!!! UK Subjects Arrested.
DDoS on numerous organisations including the Ministry of Sound, Paypal, Mastercard, Amazon. The attacks by Anonymous were under the banner of Operation PAYBACK. The group used Facebook, Twitter and IRC channels to organise LOIC attacks
Cyber crime in the news
12
The Sun
Essex geek ‘is Sony hacker’Ryan, 19, arrested over global cyber attacksUrercilla feu feugiam, quissed elisi eum velit praessequisi exero conse do dunt wisi er summolobor ad do od modip eu feuisl ing et, vel et iriuscinit, venit augiam irillaor amconum quat, conum iure exero dolutem amconum quat la facipis nibh et accummo dionull aorper si.
Urercilla feu feugiam, quissed elisi eum velit praessequisi exero conse do dunt wisi er summolobor ad do od modip eu feuisl ing et, vel et iriuscinit, venit augiam irillaor
13
Major companies and institutions hacked
• The Sun • The X Factor
• Arizona Department of Public Safety • Sony
• The Central Intelligence Agency • SOCA
• United States Senate Mastercard
Cyber crime in the news
14
BBC News
Man admits hacking abortion provider BPAS’s websiteJames Jeffery, 27, has been remanded in custody after admitting to breaking into the British Pregnancy Advisory Service website on ThursdayUrercilla feu feugiam, quissed elisi eum velit praessequisi exero conse do dunt wisi er summolobor ad do od modip eu feuisl ing et, vel et iriuscinit, venit augiam irillaor amconum quat, conum iure exero dolutem amconum quat la facipis nibh et accummo
Cyber crime in the news• Confirmed involvement with Anonymous,
LulzSec and AntiSec.
• Within seven hours suspect arrested.
• Subject was logged into the twitter account of ‘PabloEscobarSec’, and on another computer was in the process of deleting previously stolen data.
• Full admissions made to the BPAS offence and further historic hacking, phishing and site defacements, including the US Navy, Arizona State Police, FBI and Facebook.
15
Did Hackers put the London Stock Exchange Website out of commission? (Source:Getty)
Cyber Criminals reportedly shut down the London Stock Exchange website last week, keeping it out of action for more than two hours.
According to the Mail on Sunday, hacker group Anonymous carried out the attack on Thursday morning.
The group claims the attack on the London Stock Exchange was the latest in a series that has also seen it target the websites of NYSE Euronext and the Turkey Stock Exchange as part of a campaign called Op Icarus.
PwC
Financial Virtual Task Force
18
Cyber crime in the newsThe Guardian
Teenagers jailed for running £16m internet crime forumCourt told that Ghostmarket website was the ‘criminal equivalent of Facebook’, with links to huge losses from credit card detailsUrercilla feu feugiam, quissed elisi eum velit praessequisi exero conse do dunt wisi er summolobor ad do od modip eu feuisl ing et, vel et iriuscinit, venit augiam irillaorquissed elisi eum velit praessequisi exero conse do dunt wisi er summolobor ad
GhostMarket
Meth Lab
£84millionn
5 YEARS
8000 users
PwC
PwC
“It takes a network to defeat a network”
Cyber threats: protecting what matters
Threat intelligenc
e
IG
Crown jewels
What do you have?
How is it managed?
Who wants it?
Who has access to it?
PwC
•
© 2013 Achilleon Consultancy Ltd.. All rights reserved. In this document,
Thank you Any Questions?
This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. © 2015 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers LLP (a limited liability partnership in the United Kingdom) which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity. Images sourced via Google.