cyber security presentation matrix247

Copyright © All rights reserved Matrix Platinum Limited 2016

Phreaking Telecoms & Cyber Threats to Business Mobile Devices

Who are the Matrix247 Group? Established 24 years

Hosted & On-Premise Telephone Systems.

Design & Supply Private Data Networks.

ISDN & SIP telephony, Lines and Calls.

Mobile Devices with Call & Data bundles.

A focus in the Legal Sector last 7 years.


Telecom Phreaking

How Telecom hackers break-in

How to Protect against Telecom Phreaking

Who is responsible to pay the bill…

What sensitive information your attacker is privy to

Most dangerous Threats of Mobile Device Attacks

How you can attempt to Protect your firm.

Cyber Threats to Mobile Devices


FACTS

UK is now within the TOP 5 Telecom hacking hotspots globally!

Scale of UK Telecom Phreaking > £ 2.25 Billion…pounds

Ref: Common Fraud Control Association (CFCA)

Average cost to UK firms that falls victim £10,000

Phreaking Telecoms…..


Who Benefits?

Hackers make money

The bombings in Mumbai were ENTIRELY funded by UK Telecom Phreaking. Source: FBI

Criminal Organisations that collect your cash

DANGEROUSLY UNDERESTIMATED problem for large & small firms.

The Taj Mahal Hotel Mumbai

Phreaking Telecoms…..The Threat

Terrorist Organisations are funded


Dial Through Fraud ( DTF ) Criminals target UK telephone systems remotely, and dial through high volumes of simultaneous

international landline and mobile calls across ALL your phone lines until they’re detected.

Premium Rate Fraud Criminals use access gained to dial premium rate numbers

they set-up and own.

Telecom system hacking occurs after working hours or on weekends when detection is least likely.....and ALL your telecom lines are NOT in use.

Phreaking Telecoms…..The Threat


How Telecom hackers break-in…

How do you protect your firm against this type of fraud?

Disconnect the firms voice-mail system from REMOTE access by staff.

IF remote VM access is business critical, ensure RESTRICTED ACCESS for key partners and staff.

Use strong passwords & CHANGE OFTEN.

Ensure the firms SECURITY POLICY states it is UNACCEPTABLE to leave personal passwords like Voice Mail in DEFAULT.

Change Telecom engineers passwords after EVERY remote dial-in session.

1. Remote Voice Mail Access.


Hackers can download from the web tools like ‘SIP Vicious’....specifically designed to attack IP -PBX systems.

If hackers determine your username and password for your SIP account,, they can generate calls from anywhere on the globe.

How Telecom hackers break-in

Fraudulent calls would NOT have to come from the actual IP-PBX.

2. SIP / VoIP Hacking

You MUST manage the RISK

3. ‘Denial of Service’ VoIP attack


How can you protect against ISDN, VoIP and SIP fraud?

Telecom firewalls available, that will cover upto 30 ISDN channels per location.

Telecom System Firewalls

VoIP / SIP Firewalls

Configure your existing firewall so it will only allow traffic from the outside world through the SIP port you’ve identified.

To fully protect yourself from fraud activity on your SIP channels, you are wise to invest in the appropriate VoIP/SIP Firewall.


Who is responsible to pay the bill?

“We didn’t make the calls, WHY should we pay?”

“Why didn’t you tell us the phone system could be hacked?”

“Are we covered under our Insurance policies?”

So much international cross-jurisdiction there is little chance of getting a successful prosecution.

It is YOUR responsibility to ensure YOUR systems are secure, not ours.

There are password protection options all over the phone system for programming and voicemail access etc. It is suggested you change them regularly.

No insurance option as stolen money is ‘electronic losses’ and thus EXEMPT.

“Let’s contact the police?”

Telecom Phreaking a DANGEROUSLY UNDERESTIMATED problem for large & small firms.


What sensitive information is your attacker privy to?

Mobile devices are an EASY, UNDER-PROTECTED TARGET used to get inside your firm.

Access your calendar and know when and who your meetings are with.

Turn on the Mobile device RECORDING function to listen in on: boardroom meetings...sensitive case discussions....merger / acquisitions talks.

Activate the Camera to take pictures or videos.

Read browsing activity and any USER NAMES & PASSWORDS entered into sites.

Export contact lists with call and text history.

Forward Emails / Texts sent to or from your device.

Access phone calls and voicemails.

Track partner and staff.... knowing your location at anytime via GPRS.


1. Mobile Remote Access Trojans. (M-RATs)

Hackers have ACCESS to EVERYTHING on your mobile.

1.2 BILLION Apps Worldwide.

Estimated Google PLAY and Apple App Store have 800,000 apps apiece.

30,000 added every month.

http://mobiThinking.com/latest-mobile-stats.

There are 5 key attacks but the greatest THREAT…


2. Wi-fi....Man in the middle (MitM) attacks

Breach of your mobile device happens as you connect to an attackers spoofed Wi-fi hotspot e.g. Free Costa

Check behind the counter the EXACT NAME of Wi-fi and password.

Top 5 Mobile Device Cyber Threats


3. Zero-Day Attacks

4. FAKE Developer and Enterprise Certificates

5. Web Browser Viruses

Top 5 Mobile Device Cyber Threats


Mobile Device Policies

Management and Staff will start to take matters into their OWN hands..... to help them to do their jobs more efficiently.

16% admitted they would install UNSUPPORTED software.

22% would use a website or Internet – based service that their company doesn’t support.

35% would buy something with their OWN money if it helped achieve targets.

These are imperative in your workplace NOW.

How can I Protect the firm from.......

The Top 5 Cyber Threats?

Partners and Staff taking matters into their OWN hands?


Enables the enforcing of the firms mobile device policies

Enforce what Apps can and can’t be downloaded

1. Mobile Device Management (MDM)

Keep track of all mobile devices in the firm

Remotely Locate, Lock and Wipe devices

Enables you to manage what company data mobile devices can access

Separate the firms data from personal data on devices.

Protection from Top 5 Mobile Cyber Threats


2. Security Information & Event Management (SIEM) systems.

Detect & removes EXISTINGS Trojans on Mobile device.

Network based blocking to mitigate remote attacks.

Provide security alerts as attacks are detected.


Provide comprehensive protection against ALL threats to mobile devices.

Blocks traffic from rogue hotspots.


Network Access Control (NAC) solution.

Top 5 Mobile Scams to extract money directly from staff.

Top 10 Tips to Protect your staff and their mobile devices from fraud.



Lets keep this in perspective:

Put security boundaries in place

Ensuring they don’t significantly hamper staffs ease of use...

Enable staff to deliver the maximum business value.

Thank you.

Summary:


cyber security presentation matrix247

Documents