1. 1. CORPORATE ACCOUNT TAKEOVER (CATO) Protecting your accounts from Cyber Criminals
2. 2. CORPORATE ACCOUNT TAKEOVER (CATO) Preparing for CATO (What this presentation covers) What is CATO? How does it work? Where do the attacks come from? How do you know if your computer is compromised? How should you respond? How do you protect yourself from cyber attacks?
3. 3. CORPORATE ACCOUNT TAKEOVER (CATO) What is CATO? An evolving electronic crime Typically exploits businesses of all sizes Companies with limited to no computer safeguards Companies with minimal or no disbursement for controls with online banking accounts
4. 4. CORPORATE ACCOUNT TAKEOVER (CATO) How does it work? Criminals are after money Emails with infected links (phishing) or infected websites Victim clicks on the infected website or a link in the email Criminals will monitor infected computers for days, weeks, and even months
5. 5. CORPORATE ACCOUNT TAKEOVER (CATO) How does it work? Criminals watch victims log on to Online Banking When the time is right, the criminals hijack the computer Most attacks occur before a holiday After hours After a token is used, hijack the session, and return a message
6. 6. CORPORATE ACCOUNT TAKEOVER (CATO) Where do the attacks come from? Top 3 Countries accounted for 71% of attacks 1. China 43% 2. Indonesia 15% 3. United States 13% Rest of the world accounted for 29% of attacks *Source: Daily Mail (http://www.dailymail.co.uk/sciencetech/article-2779734/China-internet-attack-capital-world-Almost- HALF-hacks-viruses-originate-country.html)
7. 7. CORPORATE ACCOUNT TAKEOVER (CATO) *Source: Daily Mail (http://www.dailymail.co.uk/sciencetech/article-2779734/China-internet-attack-capital-world- Almost-HALF-hacks-viruses-originate-country.html)
8. 8. CORPORATE ACCOUNT TAKEOVER (CATO) Which industries are most targeted? Q1 2015 1. Gaming 35% 2. Software and technology 25% 3. Internet and telecom 14% 4. Financial services 8.4% 5. Media and entertainment 7.5% 6. Education 5% 7. Retail and consumer goods 2.3% 8. Public sector 2% *Source: Akami Technologies. "The State of the Internet"
9. 9. CORPORATE ACCOUNT TAKEOVER (CATO) 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% Gaming Software and Technology Internet and Telecom Financial Services Media and Entertainment Education Retail and Consumer Goods Public Sector Percentage Attacks Target Industries Attacks *Source: Akami Technologies. "The State of the Internet"
10. 10. CORPORATE ACCOUNT TAKEOVER (CATO) What forms do attacks come in? Malware Phishing Malicious websites (this includes social networks) P2P Downloads Ads from popular websites
11. 11. CORPORATE ACCOUNT TAKEOVER (CATO) Examples of Malware
12. 12. CORPORATE ACCOUNT TAKEOVER (CATO) Examples of Phishing Suspicious emails containing infected attachments
13. 13. CORPORATE ACCOUNT TAKEOVER (CATO) How do you know if your computer is compromised? 1. Inability to log into online banking (thieves could be blocking access so that you would not see the theft until the criminal has control of the money). 2. Sudden and dramatic loss of computer speed. 3. Changes in the way things appear on the screen. 4. Computer locks up so the user is unable to perform any functions. 5. Unexpected rebooting or restarting of computer.
14. 14. CORPORATE ACCOUNT TAKEOVER (CATO) How do you know if your computer is compromised? 6. Unexpected request for a one-time password (or token) in the middle of an online session. 7. Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc.). 8. New or unexpected toolbars and/or icons. 9. Inability to shut down or restart the computer.
15. 15. CORPORATE ACCOUNT TAKEOVER (CATO) How do you protect yourself from cyber attacks? Preparation and education are key Train your employees Secure computers and networks Limit administrative rights Enable spam filters Be careful on the Internet
16. 16. CORPORATE ACCOUNT TAKEOVER (CATO) How do you protect yourself from cyber attacks? Allow security patches Adobe, Java, etc. Prevent pop-ups Do not open attachments from suspicious emails Reconcile accounts daily Note changes in computer performance
17. 17. CORPORATE ACCOUNT TAKEOVER (CATO) How do you protect yourself from cyber attacks? Develop an incidence response plan Know who to involve Create a central point of contact or leadership team Must have authority to act Should be at the highest level in executive management (or have full backing of executive management)
18. 18. CORPORATE ACCOUNT TAKEOVER (CATO) How do you protect yourself from cyber attacks? Develop an incidence response plan (continued) Create a central point of contact or leadership team Have pre-established contacts for: financial institutions, law enforcement, third-party technical support, and legal support Control physical access to computers and network components Log and report the sequence of events or incidents Preserve all evidence and maintain a chain-of-custody
19. 19. CORPORATE ACCOUNT TAKEOVER (CATO) How do you protect yourself from cyber attacks? Trace evidence provides help to forensic teams Install a strong log-management program Prevention Firewalls Data-loss prevention systems Intrusion detection systems Access control lists Anti-virus and malware protection
20. 20. CORPORATE ACCOUNT TAKEOVER (CATO) How should you respond? Immediate Steps to limit further unauthorized transactions 1. Initiate incidence response plan 2. Contact financial institution (FI) immediately a) Have a prepared list of key FI employees to contact 3. Change password(s) 4. Disconnect computers used for Internet banking 5. Request temporary hold on all other transactions 6. Contact local law enforcement a) Specifically the Cyber Crime units of local law enforcement 7. Contact state and federal agencies if necessary
21. 21. CORPORATE ACCOUNT TAKEOVER (CATO) How should you respond? Secondary Steps 1. Contact your insurance carrier 2. Contact legal counsel 3. Hire a third-party forensic company
22. 22. CORPORATE ACCOUNT TAKEOVER (CATO) Final thoughts Stay up to date with the latest best-practices Be cautious of emails from unknown senders, pop-ups, etc. Invest in cyber security Ask questions
23. 23. CORPORATE ACCOUNT TAKEOVER (CATO) Questions?