enjoy safer technology and defeat cyber criminals
DESCRIPTION
I created "Enjoy Safer Technology and Defeat Cyber Criminals" to present these issues to the general public.TRANSCRIPT
Enjoy Safer Technology and Defeat Cyber Criminals
Stephen Cobb, CISSPSenior Security Researcher, ESET NA
Why do cyber criminals want your digital devices?
36 ways to abuse hacked devices• Spam zombie• DDoS extortion zombie• Click fraud zombie• Anonymization proxy• CAPTCHA solving zombie
• eBay/PayPal fake auctions• Online gaming credentials• Website FTP credentials• Skype/VoIP credentials• Encryption certificates
• Fake antivirus• Ransomware• Email account ransom• Webcam image extortion
• Bank account data• Credit card data• Stock and 401K accounts• Wire transfer data
• Phishing site• Malware download site• Warez piracy server• Child porn server• Spam site
• Harvest email contacts• Harvest associated accounts• Access to corporate email• Webmail spam• Stranded abroad scams
• Facebook• Twitter• LinkedIn • Google+
• Online gaming characters• Online gaming goods/$$$• PC game license keys• OS license key
Based on original work by Brian Krebs: krebsonsecurity.com
Webserver
Botnetactivity
Email attacks
Virtualgoods
Reputationhijacking
Financial credentials
Hostage attacks
Account credentials
IMPACTADVANTAGEMONEY
CREDENTIALS
What’s my motivation?
Verizon 2012 Data Breach Investigations Report
1 to 10
11 to 100
101 to 1,000
1,001 to 10,000
10,001 to 100,000
Over 100,000
0 100 200 300 400 500 600
720 breaches by size of organization (employees)
SMBs
The SMB sweet spot for the cyber-criminally inclined
Assets worthlooting
Level of protection
Big enterprise
SMB “sweet spot”
Consumers
How do they get to your devices?
1. Malware involved in 69% of breaches2. Hacking* used in 81% of breaches3. Deception
Verizon 2012 Data Breach Investigations Report
*80% of hacking is passwords: default, missing, guessed, stolen, cracked
Thriving markets for credentials
All driven by proven business strategies
Specialization Modularity
Division of labor Standards
Markets
Some good news: bad guys get caught
So how do you defend your devices?
Three main attacks …. and defenses
Scanning
Authentication
Malware
Hacking
AwarenessDeception
Scanning requires proper implementation
Scan devices while connected
Scan devices prior to connection
Require AV on mobile devices
0% 5% 10% 15% 20% 25% 30% 35% 40%
Measures in use at a sample of healthcare facilities
Ponemon Institute Third Annual Benchmark Study on Patient Privacy & Data Security
Authentication beyond passwords
Passwords exposed in 2012: 75,000,000Need to add a second factor to authenticationUsed by Facebook, Twitter, Google, SharpMore to come
Awareness: a powerful weapon
• Think before you click/open• If it sounds too good…• Just because your friend said…• Resources:
• Securing Our eCity• We Live Security• Podcasts and webinars• Social Media Scanner
Check your data:
Google yourselfGet your Facebook contentCheck your credit reportwww.annualcreditreport.comwww.aboutthedata.com
Protecting your card accounts
1. • Check accounts for suspicious activity2. • Ask for a new card3. • Check your credit report4. • Set activity alerts on accounts5. • Change card PINs and account passwords6. • Use stronger PINs and passwords7. • Use different PIN/password on each account8. • Password protect phones, tablets, laptops
Securing Our eCity
Security news, how-to, podcasts
Connections
• Securing Our eCity• www.securingourecity.org
• We Live Security• www.welivesecurity.com
• Webinars• www.brighttalk.com/channel/1718
• Social Media Scanner• my.eset.com