system source webinar –don’t be · 2020. 5. 21. · system source webinar –don’t be the...
TRANSCRIPT
System Source Webinar – Don’t Be
the Next Cybercrime Headline - 5/21
Tony Paul PuglieseEnterprise Consulting Engineer
System Source
Brad BrowningChannel Manager – Southeast
Barracuda
• Introductions – Chris Riley
• Tony Paul Pugliese
• Stopping Security Breaches
• Multi-Factor Authentication
• Password recommendations
• Brad Browning
• Threat landscape evolution
• Q&A – Chris Riley
Agenda
We Hope You are
Enjoying Your
Pizza!!
If you haven’t received your pizza,
then contact Mike Jones:
During the Webinar…
Audio – In presentation mode until end
Control Panel
View webinar in full screen mode
In Chat – Tell us what you hope to learn today?
Feel free to submit written questions
Evaluation just after webinar finish
Stopping Security Breach Sources
• Verizon Data Breach Investigations report
• System Source Managed Services
Tony Paul Pugliese
Mobile Attacks• Mobile users more susceptible to social attacks
• Limited screen size
• Limited verification ability
• Devices have Consumer focus
• Mobile users often multi-tasking and not focusing
Social Attacks
• Pretexting
“false narrative to get information or influence behavior”< 10% pretext incidents include malware
• 2 main targets
Finance – wire transfer or phony invoice paymentHR – W2 information for fraudulent tax returns
Web Applications • Web app was path of the attack
Errors•Unintentional action directly compromising asset
Misuse•Unapproved or malicious use of resources
•Privilege abuse
•For fun, curiosity or financial gain
Top Breach Patterns We Can Learn From
Web Application Attacks
• Code / framework exploit
• >50% cloud email server access
• Thwarting authentication process with stolen credentials
• Fixes:
Minimize information or credentials on web server
2FA to slow intruders
Patch CMS and plug-ins consistently
Miscellaneous Errors
Unintentional actions directly compromising security • Delivering data to wrong recipient
• Leads to immediate loss
• Lost or misplaced assets• Misconfiguration (unsecured database)
• Exposing data on public webpage (publishing errors)• Use monitoring and 2nd reviewer when publishing
Miscellaneous Errors
Privilege Misuse
• Mainly insider privilege abuse for $ gain and curiosity
• Security controls for employee misuse may detect external attackers masquerading as privileged users
Improvements for Privilege Misuse
External email tags RDP port check 2FAMobile device
management
External vulnerability
scanBackup checking Disk encryption Dedicated backup server
Email filter tuning IMAP/POP removal Email encryption Internal vulnerability scan
Entrance/Exit process Anti-virus management Firewall review Penetration testing
Compliance reporting Self-service passwords Conditional access Secure workstation image
AD Scan Azure risky login alerts Intrusion protectionAzure Password
protection
DNS filtering Patch management Data loss preventionService account ad hoc
login removal
Security metrics Phishing test with training Single sign-on DDOS protection
Next gen passwordsDisappear from Business
Social Media
Enhanced financial
controls
Email compromise
recovery
In Research: Yubikey Next gen anti-virus
Payroll Fraud phishingResult: Four figure loss
Hi xxxxxx,
I recently switched to a new financial institution and I need your quick assistance to update my paycheck direct deposit details.
Thanks,X
It will never happen to me…
1. Fraudster contacted payroll about new account2. Payroll sent fraudster to xxxxx3. Xxxxx replied to bogus email, would call employee to get new account details.4. Fraudster replied in another email with account details.5. Xxxxx processed payroll deposit to new account.
(later that day) 6. Real employee – text: Where’s my deposit?7. Xxxxx – text: check new account!8. Real employee – text: What new account?9. Money gone.
Improvement for Payroll Fraud
External email tags RDP port check 2FAMobile device
management
External vulnerability
scanBackup checking Disk encryption Dedicated backup server
Email filtering IMAP/POP removal Email encryption Internal vulnerability scan
Entrance/Exit process Anti-virus management Firewall review Penetration testing
Compliance reporting Self-service passwords Conditional access Secure workstation image
AD Scan Risky login alerts Intrusion protection Password protection
DNS filtering Patch management Data loss preventionService account ad hoc
login removal
Security metrics Phishing test with training Single sign-on DDOS protection
Next gen passwordsDisappear from Business
Social Media
Enhanced financial
controls
Email compromise
recovery
In Research: Yubikey Next gen anti-virus
Fraudulent Invoice SubmissionResult: Five Figure Loss
• A manager’s account was hacked
• E-mails watched for financial transactions, determined approval process for order requests
• Created fake invoice from legitimate company and forwarded to her account
• Filled out a required form by copying from older approval
• Forwarded to accounting with her approval e-mail
• Accounting followed the process and paid $xx,xxx. ..
Improvement for Fraudulent Invoices Protection
External email tags RDP port check 2FAMobile device
management
External vulnerability
scanBackup checking Disk encryption Dedicated backup server
Email filtering IMAP/POP removal Email encryption Internal vulnerability scan
Entrance/Exit process Anti-virus management Firewall review Penetration testing
Compliance reporting Self-service passwords Conditional access Secure workstation image
AD Scan Risky login alerts Intrusion protection Password protection
DNS filtering Patch management Data loss preventionService account ad hoc
login removal
Security metrics Phishing test with training Single sign-on DDOS protection
Next gen passwordsDisappear from Business
Social Media
Enhanced financial
controls
Email compromise
recovery
In Research: Yubikey Next gen anti-virus
Deny Risky Logins in Real-Time
Nigerian Login!
Protected Information Sent to OthersResult: Government Inquiry
Protected information emailed to wrong party
Improvement for Protected Information Handling
External email tags RDP port check 2FAMobile device
management
External vulnerability
scanBackup checking Disk encryption Dedicated backup server
Email filtering IMAP/POP removalEmail encryption/
Azure Rights MgmtInternal vulnerability scan
Entrance/Exit process Anti-virus management Firewall review Penetration testing
Compliance reporting Self-service passwords Conditional access Secure workstation image
AD Scan Risky login alerts Intrusion protection Password protection
DNS filtering Patch management Data loss preventionService account ad hoc
login removal
Security metrics Phishing test with training Single sign-on DDOS protection
Next gen passwordsDisappear from Business
Social Media
Enhanced financial
controls
Email compromise
recovery
In Research: Yubikey Next gen anti-virus
Healthcare Ransomware IncidentResult: 200+ Computers Replaced
• Infected systems reimaged/replaced eliminating forensics
• Incomplete patching• Inconsistent patch configuration (manual/automated)
• Some PCs not requesting needed patches
• Vendors not patching• Old, less visible PCs including displays and timeclocks
• Some OS versions frozen because of software incompatabilties
• Source traced to parent institution
Improvement for Ransomware Protection
External email tags RDP port check 2FAMobile device
management
External vulnerability
scanBackup checking Disk encryption Dedicated backup server
Email filtering IMAP/POP removal Email encryption Internal vulnerability scan
Entrance/Exit process Anti-virus management Firewall review Penetration testing
Compliance reporting Self-service passwords Conditional access Secure workstation image
AD Scan Risky login alerts Intrusion protection Password protection
DNS filtering Patch management Data loss preventionService account ad hoc
login removal
Security metrics Phishing test with training Single sign-on DDOS protection
Next gen passwordsDisappear from Business
Social Media
Enhanced financial
controls
Email compromise
recovery
In Research: Yubikey Next gen anti-virus
Multi-Factor Authentication
Multi-Factor Authentication
• Name + Password = “Something you know”• Hackers have multiple ways to get passwords:
• Compromised site
• Phishing
• Malware / keylogger
• Static passwords are not safe!
Office 365 / Azure AD MFA
Multi-Factor Authentication• Office 365
• Provides / forces MFA for the following admin accounts• Global administrator
• SharePoint administrator
• Exchange administrator
• Conditional Access administrator
• Security administrator
• Helpdesk administrator or password administrator
• Billing administrator
• User administrator
• Authentication administrator
Multi-Factor Authentication
• MFA Recommended for• Remote communications (start VPN connection)
• Corporate resource external access (Windows Remote Desktop / Citrix / VDI)
• Web-based application portals – internal or cloud-based
• Office 365
Microsoft password
guidelines
Microsoft password guidelines• Follow new NIST guidelines
• Evolving password requirements to fit reality of hacking attempts versus illusion of added safety
• Do away with requirements around:• minimum length
• complexity• (upper / lower letters + numbers + symbols)
• password expiration
Microsoft Password Guidelines
• Educate users not to reuse organization credentials anywhere else
“This is not just theoretical: for Microsoft account, we see hackers testing leaked credentials against our systems at an average of 12M credential pairs every day.
It is common practice for cyber criminals to try compromised credentials across many sites.” 4
4 Microsoft Password Guidance – Jun 2016.
Microsoft Password Guidelines
• Enforce Multi-Factor Authentication registration
• Users should maintain current security information so they can respond to security challenges and be notified of security events.• alternate email address
• Phone number
• device registered for push notifications
• DON’T depend on SMS
Microsoft Password Guidelines
• Use risk based multi-factor authentication
• Strikes balance of safety and user convenience
• When system detects suspicious activity, it can challenge the user to ensure that they are the legitimate account owner.
Microsoft Password Protection
• Microsoft now bans common passwords when the user changes password on Office 365 / Azure AD
• Microsoft account currently bans patterns which are commonly used in attacks, or even close to those patterns
Microsoft Password Protection• Microsoft now bans common passwords when the user changes
password on Office 365 / Azure AD
• Microsoft account currently bans patterns which are commonly used in attacks, or even close to those patterns
Microsoft Password Protection
• Microsoft now bans common passwords when the user changes password on Office 365 / Azure AD
• Microsoft account currently bans patterns which are commonly used in attacks, or even close to those patterns
• Azure AD Password Protection protects your organization by detecting and blocking known weak passwords and their variants
• allows custom defined terms specific to each organization
Microsoft Password Protection• Microsoft now bans common passwords when the user changes
password on Office 365 / Azure AD
• Microsoft account currently bans patterns which are commonly used in attacks, or even close to those patterns
• Azure AD Password Protection protects your organization by detecting and blocking known weak passwords and their variants
• allows custom defined terms specific to each organization
Microsoft Password Protection
• Microsoft now bans common passwords when the user changes password on Office 365 / Azure AD
• Microsoft account currently bans patterns which are commonly used in attacks, or even close to those patterns
• Azure AD Password Protection protects your organization by detecting and blocking known weak passwords and their variants
• allows custom defined terms specific to each organization
• rule matches are "fuzzy" and look at variants of global list and custom terms, user-names and tenant names.
• can be extended to on-premises AD
Microsoft Dynamically Banned Passwords
• Microsoft now bans common passwords when the user changes password on Office 365 / Azure AD
• Microsoft account currently bans patterns which are commonly used in attacks, or even close to those patterns
• Azure AD Password Protection protects your organization by detecting and blocking known weak passwords and their variants
• allows custom defined terms specific to each organization
• rule matches are "fuzzy" and look at variants of global list and custom terms, user-names and tenant names.
• can be extended to on-premises AD
Microsoft Password Protection•Pricing
• Cloud-only users• Check against global list = free,
• Custom list requires Azure AD P1 or P2
• AD Synced users, Azure AD Premium P1 or P2.• P1 = 6$ / user / month
• P2 = 9$ / user / month
• (Pricing shown is unbundled)
Threat landscape evolution
Brad BrowningChannel Manager – Southeast
Barracuda
More targeted, sophisticated and costly
93%
Most breaches start with email
Social engineering represents 93% of email breaches.
- 2018 Verizon DBIR
BR
AN
D -
Co
nfid
ential
CONFIDENTIAL
Email Security Stack
BR
AN
D -
Co
nfid
ential
CONFIDENTIAL
• Free tool - scans an Office 0365 tenant and relates directly to our Sentinel (AI based solution)
• Provides detailed report of all threats found regardless of the Gateway in place
• Highlights gaps in existing email security solution
• Identifies security and compliance threats already existing in user mailboxes
What is the Email Threat Scan?
Sentinel - API based e-mail protection solutionComprehensive Spear Phishing Protection
AI for Real-
Time Spear
Phishing
Prevention
Domain Fraud
Visibility and
Protection
with DMARC
Fraud
Simulation for
High-Risk
Individuals
PhishlineWhy Security Awareness Training?
Security is not a destination- you cannot arrive at “secure”, it’s an ongoing pursuit.
Frequent testing exposes users to a variety of attack types and promotes proper detection and handling techniques
Continuous training reinforces security best practices that users utilize in their day-to-day lives
Simulation
Training
Analysis
SimulationMulti-vector threat
simulation to assess user
awareness
TrainingExtensive library of
training content
tailored for different
learning styles and
abilities.
AnalysisDetailed reporting metrics
to determine effectiveness
and inform the next
campaign
Components of a Security Awareness Program
Security Awareness TrainingWhen?
• Part of new hiring practices
• As a follow up to testing results
• To measure program’s success
…You’re dealing with humans
How?
• Via PhishLine
• Using training link
• You company intranet site
• A Learning Management System (LMS)
What?• 30+ Video Modules
• 20+ Languages
• Short, colorful, designed for the adult learner• Quiz and No Quiz
• Easy to Deploy
• Click Thinking
• Can be bundled and customized*
Q & A
Kindly complete the survey at the end of this webinar. We will use your feedback to help us
improve.
THANK YOU!