cybercrime: it’s not a question of if, but when. is your
TRANSCRIPT
![Page 1: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/1.jpg)
{
Cybercrime: It’s not a question of if, but when.
Is your data safe?
Presented by: Nicole Beckwith
Fraud Investigator/Digital Forensic Examiner
![Page 2: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/2.jpg)
In 2015 Ohio ranked #10 in the nation for cybercrime**
In 2016 Ohio ranked #9 in the nation for cybercrime***
The hardest hit age group are those over 60 ***
In 2016 more than 4.2 billion records were exposed*
In over 4149 data breaches*
By 2019 cybercrime is expected to reach $2 TRILLION in loss*
*Verizon 2016 Data Breach Investigations Report
** 2015 FBI cybercrime report
***2016 FBI cybercrime report
Threat Overview
![Page 3: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/3.jpg)
Cybercrime in Ohio
![Page 4: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/4.jpg)
Victims of Cybercrime Montgomery County, Miami Valley Regional Planning
Commission – Ransomware Clinton County, Vernon Township – Ransomware Morrow County, Peru Township – Ransomware Columbiana County, Court System – Ransomware Licking County – Ransomware Madison County – Agricultural Society – Vishing Delaware County – Big Walnut Schools – Phishing Athens County – Trimble Local Schools – Phishing Many, Many More……
![Page 5: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/5.jpg)
In the News
![Page 6: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/6.jpg)
Agenda Threats Overview Ransomware Social Engineering
Vishing
Smishing
Phishing
Important Contact Information
![Page 7: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/7.jpg)
Top 5 Hackers
![Page 8: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/8.jpg)
Who are they? Why do they attack the little guys?
Why governments?
![Page 9: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/9.jpg)
Malware A blanket term covering any form of intrusive software such as: Trojans Worms Spyware Adware
Bots Viruses Keyloggers Ransomware
![Page 10: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/10.jpg)
Ransomware
![Page 11: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/11.jpg)
![Page 12: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/12.jpg)
Ransomware A form of malware that targets your critical
data and systems for the purpose of extortion.
The ransomware encrypts files and requires a key to decrypt them.
A timeframe is set and specific instructions are given to purchase the key.
![Page 13: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/13.jpg)
Ransomware
![Page 14: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/14.jpg)
![Page 15: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/15.jpg)
CryptoWall Active since April 2014. The group responsible has
reportedly collected over $325 million in the last year alone.
CTB-Locker Emerged in June 2014. More efficient and harder to
detect than others because Tor components are embedded in the malware.
![Page 16: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/16.jpg)
TeslaCrypt Emerged in February 2015, targeting the video game
community by encrypting gaming files.
![Page 17: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/17.jpg)
MSIL or Samas (SAMSAM) Compromised the networks of healthcare facilities
running outdated content management applications.
Locky Active since early 2016.
Infected computers belonging to businesses in the United States, New Zealand, Australia, Germany and the United Kingdom.
![Page 18: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/18.jpg)
![Page 19: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/19.jpg)
![Page 20: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/20.jpg)
Social Engineering
![Page 21: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/21.jpg)
The Human Element
![Page 22: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/22.jpg)
What is it? The art of manipulating people by deception to divulge
confidential information that is then used for fraudulent purposes.
How do they do it? Researching your family, pets, likes, hobbies, cars,
work, relatives and co-workers…
Talking to you personally, searching online, digging through your trash, emails, etc.
![Page 23: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/23.jpg)
Vishing - Voice
Smishing – SMS texts
Phishing - Email
Spear Phishing - Email
Social Engineering Schemes
![Page 24: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/24.jpg)
The Human Element
![Page 25: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/25.jpg)
Use of Voice/phone calls to obtain information IRS phone scam Microsoft Help Desk phone scam Google business listings Free vacations Free security system Credit Cards
Vishing
![Page 26: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/26.jpg)
Use of SMS text messaging to gain
information Typically includes a link directing you
to sign into something May appear as a common name or
company
Smishing
Dad Story
![Page 27: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/27.jpg)
Phishing An attempt to obtain sensitive information
through email by posing as a trustworthy source.
Seeking usernames, passwords, credit card details, money, access to computer networks or injecting malware.
Asks you to click on a link which sends you to fake websites.
![Page 28: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/28.jpg)
This email bypassed my SPAM filters because of the real email address.
![Page 29: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/29.jpg)
![Page 30: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/30.jpg)
What do I look for? To whom is it addressed? Grammar and spelling Deals too good to be true Is it somebody you deal
with? Were you expecting the
email? Does it include links?
(learn to hover!)
Asks for personal information
Check domain names/email addresses
Includes a reason they can’t be reached personally
Deadlines or urgency
![Page 31: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/31.jpg)
Spear Phishing Case Study – local school
The treasurer of a local school went on
vacation and while she was gone her assistant treasurer received the following emails …
![Page 32: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/32.jpg)
Treasurer
Superintendent
Treasurer
Treasurer
Asst. Treasurer
Asst. Treasurer
![Page 33: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/33.jpg)
Treasurer
Treasurer
Asst. Treasurer
Asst. Treasurer
![Page 34: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/34.jpg)
Treasurer
Asst. Treasurer
Asst. Treasurer
Treasurer
![Page 35: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/35.jpg)
Asst. Treasurer
Treasurer
Treasurer
Attachment for malware delivery.
![Page 36: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/36.jpg)
When she hit reply it actually showed the real email address the suspect used.
Treasurer
Treasurer
Asst. Treasurer
Asst. Treasurer
![Page 37: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/37.jpg)
Yandex A Russian based Google-type service with email
![Page 38: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/38.jpg)
Google the address or
name to see if they even exist.
![Page 39: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/39.jpg)
Wi-Fi Safety
![Page 40: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/40.jpg)
What do I look for? Don’t trust Ask an employee for the Wi-Fi network
name Use a VPN – Virtual Private Network If you must use Wi-Fi, do not go to secure
sites. Save it until later. Use your cell phone as a hotspot
![Page 41: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/41.jpg)
Secondary: text messages, emails, phone calls, PIN numbers https://twofactorauth.org
Example: Trimble Schools in Athens
Two Factor Authentication
![Page 42: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/42.jpg)
Top 25 passwords 1. 123456 2. password 3. 12345 4. 12345678 5. qwerty 6. 123456789 7. 1234 8. baseball 9. dragon
10. football 11. 1234567 12. monkey 13. letmein 14. abc123 15. 111111 16. mustang 17. access 18. shadow
19. master 20. michael 21. superman 22. 696969 23. 123123 24. batman 25. trustno1
![Page 43: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/43.jpg)
Pineapples and Pumpkins Rotten pieces of fruit!
![Page 44: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/44.jpg)
Wi-Fi - Access
How do hackers find you? (Wigle.net)
What if I don’t connect to the rogue access point? (Probing Demo)
![Page 45: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/45.jpg)
USB’s Cell Phones Tablets Laptops Anything requiring connection to your Wi-Fi
Do you have a policy?
Bring Your Own Device
![Page 46: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/46.jpg)
You became a victim -What now? United States Secret Service Electronic Crimes Task Force: www.secretservice.gov/investigation/#field • Cleveland ECTF - (216) 750-2058 • Cincinnati ECTF - (513) 684-3585 Local Field Offices: www.secretservice.gov/contact/
Internet Crime Complaint Center www.ic3.gov
Federal Bureau of Investigation Cyber Task Forces: www.fbi.gov/contact-us/field-offices • Cleveland Office - (216) 522-1400 • Cincinnati Office - (513) 421-4310
![Page 47: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/47.jpg)
Mitigation Department of Homeland Security United States Computer Emergency Readiness Team (US-CERT): www.us-cert.gov Make sure you are within federal requirements regarding reporting information breaches: https://www.us-cert.gov/incident-notification-guidelines Download the Incident Reporting Form here: https://www.us-cert.gov/report
![Page 48: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/48.jpg)
Contact Information
Nicole Beckwith Fraud Investigator/Digital Forensic Analyst
Cell Phone: (937) 307-4303 E-mail: [email protected]
Follow me on Twitter @NicoleBeckwith
for breaking news, tips and tricks.
Fraud Hotline: 1-866-FRAUD-OH
![Page 49: Cybercrime: It’s not a question of if, but when. Is your](https://reader030.vdocuments.us/reader030/viewer/2022012423/61781bc5a6e78f53aa1bec12/html5/thumbnails/49.jpg)
Ohio Auditor of State Dave Yost
88 E. Broad St. Columbus, Ohio 43215
Phone: (800) 282-0370 Fax: (614) 466-4490 Email: [email protected]
www.OhioAuditor.gov