cyber security presentation matrix247
TRANSCRIPT
Copyright © All rights reserved Matrix Platinum Limited 2016
Phreaking Telecoms & Cyber Threats to Business Mobile Devices
Who are the Matrix247 Group? Established 24 years
Hosted & On-Premise Telephone Systems.
Design & Supply Private Data Networks.
ISDN & SIP telephony, Lines and Calls.
Mobile Devices with Call & Data bundles.
A focus in the Legal Sector last 7 years.
Copyright © All rights reserved Matrix Platinum Limited 2016
Telecom Phreaking
How Telecom hackers break-in
How to Protect against Telecom Phreaking
Who is responsible to pay the bill…
What sensitive information your attacker is privy to
Most dangerous Threats of Mobile Device Attacks
How you can attempt to Protect your firm.
Cyber Threats to Mobile Devices
Copyright © All rights reserved Matrix Platinum Limited 2016
FACTS
UK is now within the TOP 5 Telecom hacking hotspots globally!
Scale of UK Telecom Phreaking > £ 2.25 Billion…pounds
Ref: Common Fraud Control Association (CFCA)
Average cost to UK firms that falls victim £10,000
Phreaking Telecoms…..
Copyright © All rights reserved Matrix Platinum Limited 2016
Who Benefits?
Hackers make money
The bombings in Mumbai were ENTIRELY funded by UK Telecom Phreaking. Source: FBI
Criminal Organisations that collect your cash
DANGEROUSLY UNDERESTIMATED problem for large & small firms.
The Taj Mahal Hotel Mumbai
Phreaking Telecoms…..The Threat
Terrorist Organisations are funded
Copyright © All rights reserved Matrix Platinum Limited 2016
Dial Through Fraud ( DTF ) Criminals target UK telephone systems remotely, and dial through high volumes of simultaneous
international landline and mobile calls across ALL your phone lines until they’re detected.
Premium Rate Fraud Criminals use access gained to dial premium rate numbers
they set-up and own.
Telecom system hacking occurs after working hours or on weekends when detection is least likely.....and ALL your telecom lines are NOT in use.
Phreaking Telecoms…..The Threat
Copyright © All rights reserved Matrix Platinum Limited 2016
How Telecom hackers break-in…
How do you protect your firm against this type of fraud?
Disconnect the firms voice-mail system from REMOTE access by staff.
IF remote VM access is business critical, ensure RESTRICTED ACCESS for key partners and staff.
Use strong passwords & CHANGE OFTEN.
Ensure the firms SECURITY POLICY states it is UNACCEPTABLE to leave personal passwords like Voice Mail in DEFAULT.
Change Telecom engineers passwords after EVERY remote dial-in session.
1. Remote Voice Mail Access.
Copyright © All rights reserved Matrix Platinum Limited 2016
Hackers can download from the web tools like ‘SIP Vicious’....specifically designed to attack IP -PBX systems.
If hackers determine your username and password for your SIP account,, they can generate calls from anywhere on the globe.
How Telecom hackers break-in
Fraudulent calls would NOT have to come from the actual IP-PBX.
2. SIP / VoIP Hacking
You MUST manage the RISK
3. ‘Denial of Service’ VoIP attack
Copyright © All rights reserved Matrix Platinum Limited 2016
How can you protect against ISDN, VoIP and SIP fraud?
Telecom firewalls available, that will cover upto 30 ISDN channels per location.
Telecom System Firewalls
VoIP / SIP Firewalls
Configure your existing firewall so it will only allow traffic from the outside world through the SIP port you’ve identified.
To fully protect yourself from fraud activity on your SIP channels, you are wise to invest in the appropriate VoIP/SIP Firewall.
Copyright © All rights reserved Matrix Platinum Limited 2016
Copyright © All rights reserved Matrix Platinum Limited 2016
Who is responsible to pay the bill?
“We didn’t make the calls, WHY should we pay?”
“Why didn’t you tell us the phone system could be hacked?”
“Are we covered under our Insurance policies?”
So much international cross-jurisdiction there is little chance of getting a successful prosecution.
It is YOUR responsibility to ensure YOUR systems are secure, not ours.
There are password protection options all over the phone system for programming and voicemail access etc. It is suggested you change them regularly.
No insurance option as stolen money is ‘electronic losses’ and thus EXEMPT.
“Let’s contact the police?”
Telecom Phreaking a DANGEROUSLY UNDERESTIMATED problem for large & small firms.
Copyright © All rights reserved Matrix Platinum Limited 2016
Copyright © All rights reserved Matrix Platinum Limited 2016
What sensitive information is your attacker privy to?
Mobile devices are an EASY, UNDER-PROTECTED TARGET used to get inside your firm.
Access your calendar and know when and who your meetings are with.
Turn on the Mobile device RECORDING function to listen in on: boardroom meetings...sensitive case discussions....merger / acquisitions talks.
Activate the Camera to take pictures or videos.
Read browsing activity and any USER NAMES & PASSWORDS entered into sites.
Export contact lists with call and text history.
Forward Emails / Texts sent to or from your device.
Access phone calls and voicemails.
Track partner and staff.... knowing your location at anytime via GPRS.
Copyright © All rights reserved Matrix Platinum Limited 2016
1. Mobile Remote Access Trojans. (M-RATs)
Hackers have ACCESS to EVERYTHING on your mobile.
1.2 BILLION Apps Worldwide.
Estimated Google PLAY and Apple App Store have 800,000 apps apiece.
30,000 added every month.
http://mobiThinking.com/latest-mobile-stats.
There are 5 key attacks but the greatest THREAT…
Copyright © All rights reserved Matrix Platinum Limited 2016
2. Wi-fi....Man in the middle (MitM) attacks
Breach of your mobile device happens as you connect to an attackers spoofed Wi-fi hotspot e.g. Free Costa
Check behind the counter the EXACT NAME of Wi-fi and password.
Top 5 Mobile Device Cyber Threats
Copyright © All rights reserved Matrix Platinum Limited 2016
3. Zero-Day Attacks
4. FAKE Developer and Enterprise Certificates
5. Web Browser Viruses
Top 5 Mobile Device Cyber Threats
Copyright © All rights reserved Matrix Platinum Limited 2016
Mobile Device Policies
Management and Staff will start to take matters into their OWN hands..... to help them to do their jobs more efficiently.
16% admitted they would install UNSUPPORTED software.
22% would use a website or Internet – based service that their company doesn’t support.
35% would buy something with their OWN money if it helped achieve targets.
These are imperative in your workplace NOW.
How can I Protect the firm from.......
The Top 5 Cyber Threats?
Partners and Staff taking matters into their OWN hands?
Copyright © All rights reserved Matrix Platinum Limited 2016
Enables the enforcing of the firms mobile device policies
Enforce what Apps can and can’t be downloaded
1. Mobile Device Management (MDM)
Keep track of all mobile devices in the firm
Remotely Locate, Lock and Wipe devices
Enables you to manage what company data mobile devices can access
Separate the firms data from personal data on devices.
Protection from Top 5 Mobile Cyber Threats
Copyright © All rights reserved Matrix Platinum Limited 2016
2. Security Information & Event Management (SIEM) systems.
Detect & removes EXISTINGS Trojans on Mobile device.
Network based blocking to mitigate remote attacks.
Provide security alerts as attacks are detected.
Protection from Top 5 Mobile Cyber Threats
Provide comprehensive protection against ALL threats to mobile devices.
Blocks traffic from rogue hotspots.
Copyright © All rights reserved Matrix Platinum Limited 2016
Network Access Control (NAC) solution.
Top 5 Mobile Scams to extract money directly from staff.
Top 10 Tips to Protect your staff and their mobile devices from fraud.
Protection from Top 5 Mobile Cyber Threats
Copyright © All rights reserved Matrix Platinum Limited 2016
Lets keep this in perspective:
Put security boundaries in place
Ensuring they don’t significantly hamper staffs ease of use...
Enable staff to deliver the maximum business value.
Thank you.
Summary:
Copyright © All rights reserved Matrix Platinum Limited 2016