how technology helps thieves steal your identityplansource.com/collateral/how technology...
TRANSCRIPT
NOT FOR DISTRIBUTION
PRESENTED TO:
How Technology Helps Thieves Steal Your Identity JUNE 2017
NOT FOR DISTRIBUTION 2
Intro: Joel Vander LeestDirector of Business Development
NOT FOR DISTRIBUTION
EVOLUTION OF CRIME ON THE INTERNET
3
Bitcoin introduced as a form of online
payment, giving cybercriminals
anonymity
More than 15M people will have their identities stolen this
year, the highest on record
Internet technology gains popularity for everyday financial
transactions, fueling a new type of theft
One of the first computer worms,
Morris Worm, distributed via
the Internet
First known computer virus, Creeper,
targeted a telephone company to make free
long distance calls
NOT FOR DISTRIBUTION 4
NOT FOR DISTRIBUTION
HACKING INTO YOUR LIFE
5
NOT FOR DISTRIBUTION
TODAY, ATTACKERS CAN HIDE IN PLAIN SIGHT
6
• Cybercriminals weaponize commonly
used software
• Two popular tools for spreading malware
are Microsoft Office files and PowerShell
(a scripting language)
• Tools initially created to provide
administrative privileges for IT people
are equally as useful for thieves
• Legitimate tools leave a lighter footprint
and are more difficult to detect
NOT FOR DISTRIBUTION
TECHNOLOGY HAS BECOME MUNDANE
7
• Phone
• Clock
• Camera
• Movie recorder
• Music player
• E-reader
• GPS
• Game console
• Television
• Calculator
You have in your pocket a single device that is a:
NOT FOR DISTRIBUTION
VIRTUAL OFFICE SERVICES
8
• An office location, and corresponding mailing
address, shared by many businesses
• Popular for businesses that are out of state,
want a prestigious street address, or for small
businesses that want to appear larger
• Can be rented over the phone or Internet,
without ever setting foot in the location
• For cybercriminals, a local address, telephone
number, mail forwarding and reception services
are quite useful in their scams
NOT FOR DISTRIBUTION
8 CURRENT CYBER THREATS YOU SHOULD KNOW ABOUT
9
NOT FOR DISTRIBUTION
1. SPAM
10
• Email is the primary delivery
method for malware, ransomware
and a host of other cyber threats
• Frighteningly, a growing proportion
of email-borne malware is driven
by professional or government-
sponsored organizations
NOT FOR DISTRIBUTION
2. RANSOMWARE
11
Arguably the most
dangerous cyberthreat
in 2016
NOT FOR DISTRIBUTION
HOW RANSOMWARE WORKS
12
Victims paid on average $1,077 in ransom in 2016, but only 47% of victims who pay get their files back.
2. RANSOMWARE
NOT FOR DISTRIBUTION
3. MALWARE
13
• Savvy criminals use social engineering
tactics to compel victims to open the
email and attachment
• Popular tactics for delivering email
malware are:
1. Fake invoices
2. Fake scans
3. Email delivery failure notices with an attachment
NOT FOR DISTRIBUTION
4. PHISHING
14
• Mass-distributed phishing declining as
consumers are increasingly aware of
the dangers of clicking unknown links
• 1 in 2,596 emails in 2016 as compared
to 1 in 1,846 emails in 2015
• “Spearfishing” a specific target for
subversive purposes is a new form
of attack
• Power stations in Ukraine
• DNC email breach
NOT FOR DISTRIBUTION
Here are just a few of the items for sale on the dark web:
15
• Identities including name, social
security number, and date of birth
• Scanned passports
• Scanned utility bills or
other documents
• Retail shopping accounts like
Amazon and Walmart
• Credit cards
• Bank accounts
• Paypal accounts
• Uber accounts
• Netflix and Spotify accounts
• Restaurant gift cards, hotel bookings, frequent flyer miles
• Money transfers like Bitcoin
Much of this trade is made possible by The Onion Router, or Tor, free software that masks a user’s identity by hiding the originating and destination IP addresses.
5. THE DARK WEB
NOT FOR DISTRIBUTION
• Using legitimate features and tools to
carry out attacks
• Difficult to detect as it is often mistaken
for day-to-day network activity
• Most common legitimate tool misused
by hackers is Mimikatz, which can:
• Change privileges
• Export security certificates
• Recover Windows passwords
6. LIVING OFF THE LAND
16
NOT FOR DISTRIBUTION
• Allow thieves to bypass security, exfiltrate
stolen data, and cause maximum disruption
• Growing vulnerability
• Organizations use on average 928 cloud apps,
but CIOs typically believe it’s less than 40
• Early 2016 example in California
• 4,000 cloud-based files locked by ransomware
• Began when an employee opened a malicious email and attachment
• Files were restored after one week, thanks to daily backups
7. CLOUD-BASED APPS
17
NOT FOR DISTRIBUTION
• EMV (Europay, MasterCard and Visa), or chip cards,
contain computer chips used to authenticate each
transaction with a unique code that can’t be used again
• Cybercriminals are rushing to steal
what they can before the EVM
transition in the U.S. is complete
• ATMs and POS terminals are under
attack from skimming devices
• Doesn’t protect against card-not-present
fraud, which is expected to rise to $7B by 2020
8. EMV TECHNOLOGY
18
NOT FOR DISTRIBUTION
DATA SUPPORT
19
NOT FOR DISTRIBUTION
DATA SUPPORT – BREACHES
20
• In the last 8 years, more than 7B online identities
have been stolen through data breaches, which
is almost equivalent to one for every person on
the planet (ISTR)
• Average number of identities stolen per breach
is 1M (ISTR)
• 15 mega breaches in 2016 – in which more than
10M identities are stolen (ISTR)
• 1 in 3 notified data breach victims experience fraud in the same year (Javelin)
• Breaches are a “practical guarantee that accounts and identities are
at risk” (Javelin)
NOT FOR DISTRIBUTION
DATA SUPPORT – MOBILE
21
• Mobile malware scams are financially motivated – sending
premium text messages, advertisement click fraud, and
ransomware (ISTR)
• Android operating system is the most targeted mobile
platform; attacks on the iOS are rare (ISTR)
NOT FOR DISTRIBUTION 22
NOT FOR DISTRIBUTION
DATA SUPPORT – WEB
23
NOT FOR DISTRIBUTION 24
• Time it takes for an IoT to be attacked – 2 minutes (ISTR)
• Fraudsters misused credit and bank accounts an average of 38 days in 2016; new accounts were misused for 131 days (Javelin)
• Many data breaches often go undetected for years. Yahoo didn’t detect or report its 2014 breach until 2016.
DATA SUPPORT – SPEED OF ATTACK
NOT FOR DISTRIBUTION
HOW TO PREVENT IT
25
NOT FOR DISTRIBUTION
TIPS TO PROTECT YOURSELF
26
• Use strong passwords and
regularly update them
• Don’t reuse passwords across
multiple sites or accounts
• Use two-factor authentication
whenever possible
Strengthen Your First Line of Defense Shop Safely Online
• Shop only on reputable
web sites
• Use credit over debit cards
• Look for the https URL and
the padlock icon
• Make purchases on a secure
network, not public wifi
NOT FOR DISTRIBUTION
MONITOR ONLINE ACTIVITY OF MINORS
27
• Enable parental controls
• Place childrens’ computers in a highly
trafficked area of your home
• Bookmark favorite web sites to help them
avoid inappropriate sites
• Teach children to ask permission before
clicking an ad or downloading
• Share an email or social media account with
your child so you can monitor messages
• Set limits on late-night use, when predators
know children may have less supervision
NOT FOR DISTRIBUTION
BEST PRACTICES
28
SOFTWARE UPDATES
INCOMING EMAILS
CLOUD SERVICEBACKUP MOBILE
• Keep your operating
system and software
up-to-date
• Use and frequently
update security
software
• Delete and
report suspicious-
looking emails
• When possible, type
web addresses into
your browser instead
of using links in
an email
• Be wary of any Office
attachment that
advises you to
enable macros
• Regularly back up any
files stored on
your computer or
any devices
• Ensure there is an
IT process to regularly
backup company
data stored on
cloud-based apps
• Install apps only from
trusted sources
• Pay close attention
to permissions
requested by apps
NOT FOR DISTRIBUTION
ADVANCED IDENTITY MONITORING
29
Backed by 100%
Resolution
Guarantee and
$1M in expense
reimbursement
insurance
Alerted in minutes
by phone, text,
email or mobile*
Certified Customer
Care Advocates
available 24/7
Continuously
monitors credit
activity through
the world’s largest
credit bureaus
Comprehensive
identity
monitoring
searches 279
billion public
records and
even the internet
black market /
dark web
CREDIT MONITORING
CYBER MONITORING
24/7 CALL CENTER
$1M EXPENSE REIMBURSEMENT
INSURANCE
RAPID CREDITALERTS
* Q3 2017
NOT FOR DISTRIBUTION
Thank Youwww.idwatchdog.com
blog.idwatchdog.com
twitter.com/ID_Watchdog
facebook.com/IDWatchdog1
30
Joel Vander LeestDirector of Business [email protected]