the dark web & your credit union: impact, risks, strategy · current state of cybercrime...
TRANSCRIPT
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
The Dark Web & Your Credit Union: Impact, Risks, Strategy
Randy RomesCISSP, CRISC, MCP, PCI-QSAPrincipal – Information Security [email protected]
August 2019
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTINGInvestment advisory services are offered through CliftonLarsonAllenWealth Advisors, LLC, an SEC-registered investment advisor
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
DisclaimerThis presentation is designed to provide accurate and authoritativeinformation in regard to the subject matter covered. The handouts, visuals,and verbal information provided are current as of the webinardate. However, due to an evolving regulatory environment, FinancialEducation & Development, Inc. does not guarantee that this is the most-current information on this subject after that time.
Webinar content is provided with the understanding that the publisher is notrendering legal, accounting, or other professional services. Before relying onthe material in any important matter, users should carefully evaluate itsaccuracy, currency, completeness, and relevance for their purposes, andshould obtain any appropriate professional advice. The content does notnecessarily reflect the views of the publisher or indicate a commitment to aparticular course of action. Links to other websites are inserted forconvenience and do not constitute endorsement of material at those sites,or any associated organization, product, or service.
2
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
SponsorsCarolinas Credit Union League
Cooperative Credit Union Association
Credit Union League of Connecticut
Cornerstone Credit Union League
Credit Union Association of the Dakotas
Georgia Credit Union Affiliates
Hawaii Credit Union League
Heartland Credit Union Association
Illinois Credit Union League
Indiana Credit Union League
Kentucky Credit Union League
League of Southeastern Credit Unions
Louisiana Credit Union League
Maine Credit Union League
Minnesota Credit Union Network
Mississippi Credit Union Association
Montana Credit Union Network
Mountain West Credit Union Association
Nebraska Credit Union League
New Jersey Credit Union League
Credit Union Association of New Mexico
New York Credit Union Association
Northwest Credit Union Association
Pennsylvania Credit Union Association
Tennessee Credit Union League
Association of Vermont Credit Unions
Virginia Credit Union League
West Virginia Credit Union League
Wisconsin Credit Union League
Directed by
The Credit Union Webinar Network
3
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Today’s PresenterRandy RomesCISSP, CRISC, MCP, PCI-QSACliftonLarsonAllen LLP
• “Professional Student”
• Science Teacher / Self-Taught Computer Guy
• IT Consultant – Project Manager – IT Staff/Help Desk – Hacker
• Assistant Scout Master (Boy Scouts)
4
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Raise Your Hand If…
5
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Everything Can Talk to Everything….
• Security cameras
• HVAC systems
• Door sensors and proximity readers
• “Chrome wants to remember your location…”
• “Hey Alexa, what’s my balance?”
➢ “Presence”
6
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING
Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor
The Current State of Cybercrime
Sun Tzu:“Know your enemy and know yourself and you can fight a hundred battles without disaster”
7
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
What Threats Do Financial Institutions Face from the Dark Web
• Financial institutions face a wide variety of threats posed by the Dark Web
– Credit Card Fraud
– Corporate Theft
– Emerging Malware
– Fraud Techniques
– Threats can also be internal◊ Employee selling confidential information
8
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Current State of Cybercrime
• Hackers have monetized their activity
– Theft of personally identifiable information (PII)
– Payment fraud
– Ransomware
• Most attacks are carried out by organized crime
9
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Organized Crime
• Hacking is run like a business where people specialize in different areas
– Writing malware
– Renting botnets
– Stealing data
– Selling data (collect data from various sources/BIG DATA)
– Etc.
• Most attacks are completely automated
10
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Theft of PII
• Every organization stores information about their employees in electronic format– Payroll/tax/W2
◊ Name, address, SSN, etc.
– Email address
• Every institution has their accountholders’ PFI
• Some institutions store other sensitive data– Credit card information
– Health information
11
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Theft of PII
• All this information has value– Submit fraudulent tax returns
– Submit fraudulent insurance claims
– Set up fraudulent identities for credit
– Purchase items with stolen credit card information
– Use emails for phishing campaigns
• Attackers buy and sell data on cyber black market– Similar to amazon.com for stolen information
12
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
The Open Web
• The open web is anything that can be indexed by a search engine (Google, Bing, Yahoo etc.)
– Easily accessible
– Under constant surveillance and monitoring
– Open web contains around 10% of the internet
13
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
The Deep Web
• The Deep Web is the internet that is hidden from view
– Any content that cannot be linked in a search engine
– Estimated to be 500x larger than open internet
– Examples:
◊ Private intranets
◊ VPNs
◊ Also contains “Dark Web”
14
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
The Dark Web• The Dark Web is a portion of the Deep Web, that
cannot be accessed via a standard internet browser
• The Dark Web is essentially a private network on the Deep Web
• The Dark Web uses onion routing to anonymize users (TOR)
15
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
What Is TOR? (Onion Routing)
• The Onion Router (TOR) is a free and open source software/ protocol that enables anonymous communication
• Traffic through the TOR network is anonymized by relaying traffic through a free volunteer supported relay network
• Dark Web websites are similar to any other website, however instead of the websites ending with a .com or .net, Dark Web sites end with a .onion
• TOR makes it difficult to trace users internet activity:
– Visiting websites
– Online posts
– Messaging
– File transfers
16
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
What Is TOR? (Onion Routing)•TOR adds additional layers of encryption as data
is routed through the relay network, making network surveillance extremely difficult.
17
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
What Can Be Found on the Dark Web?
• Since the creation of cryptocurrency's (Bitcoin), the Dark Web has flourished with illicit marketplaces and forums
• A large variety of illicit products can be anonymously purchased on the Dark Web
– Bank Account Logins
– Credit Card Info
– Forged Documents
– Malware (Banking Trojans, Remote Administrator Tools)
• Dark Web ecommerce sites are similar to traditional sites like eBay or Amazon, such as ratings, reviews, shopping carts, forums, and customer service
18
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Payment Methods on the Dark Web
• Cryptocurrencies are the most popular form of payment on the Dark Web
• Cryptocurrencies pseudo-anonymize, which criminals find ideal for conducting financial cyber crimes
• The most common form of cryptocurrency used on the Dark Web is Bitcoin
• In recent years, there has been a push to use more privacy focused cryptocurrencies on the Dark Web, such as Monero
19
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Dark Web Marketplace
Fraud technique for sale on Dark Web marketplace
20
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Backend Payment Systems Carbanak – Biggest Bank Heist EVER
• $1B over 2 years
• Average $10M per bank
• 2 to 4 months per bank
• Methods: Online Banking, Swift, ATMs
• Attackers primarily in Russia, Ukraine, China
• Banks primarily Russia, Europe, United States
http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/
21
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Backend Payment Systems Carbanak – Biggest Bank Heist EVER
22
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Dark Web Marketplace
“Vendor” selling bank account logins
23
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Dark Web Forum
Example of bank logins being openly advertised and sold on a Dark Web forum
24
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Payment Fraud – Account Take Overs
• When is the last time you wrote a check???
• Electronic payments are the norm…– Wire transfers and ACH payments
– Online banking
– ”Send money”
➢Corporate Account Take Over CATO– Compromise accounts/credentials that
can move money
➢Persuasion Attacks– Convince others to send money
25
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
https://krebsonsecurity.com/tag/bec/
Persuasion Attacks (More Recently)
CEO asks the accountant…
Common mistakes
1. Use of private email
2. “Don’t tell anyone”
26
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Marketplace for Stolen (Credit Cards)
27
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Credit Card Breaches in the News (Two Years Ago…)
28
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Credit Card Breaches in the News (Weeks Ago…)
“…The PoS malware was designed to collect information stored on the magnetic stripe of payment cards, including cardholder's name, payment card number, card verification code, and expiration date.
However, the company pointed out that the investigation found no evidence suggesting that hackers made off with additional information belonging to the affected cardholders, and that "not all guests who visited the listed restaurants" are affected by the breach….”
29
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING
Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor
Strategies and Action Items
The Boy Scout Motto:
“Be Prepared”
30
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Protecting Financial Institutions from Dark Web Threats• Because the Dark Web provides the ability to keep
users anonymous, the number of criminals who use TOR for financial fraud is only increasing
• Financial institutions need to be on the forefront when it comes to threats originating from the Dark Web
• Its important for financial institutions to understand the threat the Dark Web poses
• Actions should be taken to monitor and prevent threats before they occur
31
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Strategies
Our information security strategy should have the following objectives:
➢Users who are aware and savvy
➢ Systems that are hardened and resistant to malware and attacks
➢Resilience capabilities: monitoring, incident response, testing, and validation
32
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Protecting Financial Institutions from Dark Web Threats• Implement robust systems to ensure that all
technology, people, processes are up to date
• Enforce two-factor authentication where possible
• Patching systems and software regularly
• Raise employee awareness about emerging Dark Web threats
• The rewards for a successful attacker can be significant, and catastrophic for the organization. It’s important to include effective monitoring of the Deep and Dark Web.
33
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Policies & Standards
➢ People, rules, and tools
– What do we expect to occur?
– How do we conduct business?
➢ Standards-based operations from a governance or compliance framework:
– GLBA/FFIEC, NCUA 748 A&B, etc.
– PCI – DSS
– CIS Critical Controls, NIST, ISO
People Rules
`
Tools
34
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Disciplined Exception Control, Vulnerability Management & Monitoring
• Monitoring (“built in”)– Key system configurations
– System and application logs
– Accounts
– Critical data systems/files
– Data activity and flow
• Scanning (independent)– Patch Tuesday and vulnerability scanning
– Rogue devices
35
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
Create Opportunities | We promise to know you and help you.
Know Your NetworkKnow What “Normal” Looks Like
•Infrastructure
•Servers and Applications
•Data Flows
•Archiving vs. Reviewing
•System Inventory
•Application Inventory
•Data Inventory
36
©2
01
9 C
lifto
nLa
rso
nA
llen
LLP
CLAconnect.com
Thank you!
Randy RomesCISSP, CRISC, CISA, MCP, PCI-QSAManaging Principal – Cybersecurity TeamDirect: [email protected]