Upload
ngothien
View
214
Download
0
Embed Size (px)
Citation preview
© Asia Policy Partners LLC 2017
18th Info-Security Conference 2017
Hong Kong, HKCEC, June 9th 2017
Michael Mudd,
Managing Partner/CEO
Asia Policy Partners LLC
© Asia Policy Partners LLC 2017
150+ countries to date UK NHS seeks to recover from
global cyber-attack as security concerns resurface… ◦ Cybersecurity centre says teams
‘working round the clock’ to fix systems rendered inaccessible by international ransomware attack
• Global cyber-attack – live updates
• This was a worm - spread other than by opening a phishing mail.*
But ransomware is now present in the majority of non specific phishing emails.
* https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
© Asia Policy Partners LLC 2017
More data been created in the past two years than in the entire previous history of the human race. Every day 2.5 quintillion* bytes of data are created.
In 1992 100GB of data created a day; 2002 100GB created every second. By 2014 this had grown to 28,875 GB/sec By 2018 it will be 50,000 GB/sec.
By the year 2020, about 1.7 megabytes of new information will be created every second for every human being on the planet.
2015 over 1.4 billion smart phones were sold - all packed with cameras and sensors capable of collecting all kinds of data; think QR codes; NFC, etc.
Data creation has led to data crime.
*a thousand raised to the power of six (1018).
© Asia Policy Partners LLC 2017
A loss of corporate data, which could include contracts, supplier details, plans, designs or formula, may seriously damage the company’s business and reputation.
If customer data is also stolen it also may violate local data privacy laws which could lead to fines, business suspension or worse*.
Financial losses arising from cyber crime in Hong Kong alone jumped over 50% to HK$1.82 billion last year while the number of reported cases increased to 6,778.
Phishing is the largest and fastest growing malware vector that regularly bypasses technical defences2.
*http://cw.com.hk/opinion/hkcs-view-memo-ceo-sir-we-have-cybersecurity-problem
© Asia Policy Partners LLC 2017
Data theft – for profit (inc bank transfers). ◦ Internal - IT/DC tech staff. ◦ Internal - Other staff – admin/sales/management. ◦ External - Suppliers. ◦ Criminals.
Data theft, alteration and/or destruction. ◦ State sponsored. ◦ Hacktivists. ◦ Terrorism.
Extortion. ◦ Data encryption (Ransomware). ◦ Phishing/Spoofing/Vishing ( may be part of for profit). ◦ Denial of Service (DoS/DDoS/DRDoS).
© Asia Policy Partners LLC 2017
91% of targeted attacks start with Spear Phishing Trend Micro)
Ransomware
infects 400K
endpoints in
just a few hours (Palo Alto)
91% of targeted
attacks start
with Spear
Phishing (Trend Micro)
144 avg # of
days attacks go
unnoticed (Verizon)
Business Email
Compromise
+1,300%, (Krebs)
92% phishing emails
analyzed in Q1 ‘16
contained Ransomware
38% of SMB’s
were targeted (ISTR)
Source: PhishMe.com
© Asia Policy Partners LLC 2017
MaaS now commonly available on the Dark Web.
‘iBanking malware steals credit card data.
‘RIG’ exploit now is the ‘Tinba’ banking Trojan.
‘Shade’ Ransomware on the ascendant (RaaS).
‘Adwind’ RAT java based cross platform backdoor.
‘SlemBunk’ and ‘Bankosy’ are OTP stealers aimed at
Android mobiles ( can also steal voice OTP’s).
‘MazarBOT’ takes over phones (except in Russia…).
‘XcodeGhost ‘compromises Apples IOS.
‘Patchwork’ exploits unpatched Windows .doc & .pps.
As does WannaCry also with server software.
© Asia Policy Partners LLC 2017
Facebook and Google fell for a $100m phishing scheme. ◦ Friday 28 April 2017 11.27 BST The Guardian.com.
Not even two of the biggest US technology firms are safe from fraud, as the social network and the search company named as victims of sophisticated attack.
Google and Facebook were phished for over $100m, it has been reported, proving not even the biggest technology companies in the world are immune from the increasingly sophisticated attacks of online scammers.
Last month it was reported that two major tech companies were tricked by a Lithuanian man into sending him over $100m (£77m). Evaldas Rimasauskas, 48, was charged with wire fraud, money laundering and aggravated identity theft for impersonating Quanta Computer – a Taiwanese electronics manufacturer that includes Google, Facebook and Apple as clients.
https://www.theguardian.com/technology/2017/apr/28/facebook-google-conned-100m-phishing-scheme
© Asia Policy Partners LLC 2017
131,000 victims to March 2015.*
718,000 from April 2015 to March 2016.*
Uses 2048-bit RSA cryptographic key pairs.
Shade gang asks $400-600 in bitcoin for key.
Petya-Mischa gang uses fake job offers.
Prevention and back up crucial. ◦ Training and Attack identification .
Kaspersky Lab and Intel Security jointly addressing technical solutions.ǂ
*http://www.bankinfosecurity.com/ ǂ https://www.nomoreransom.org/
© Asia Policy Partners LLC 2017
Business-context phishing emails remain the most difficult for users to recognize. Top emotional motivators: Curiosity, Fear, Urgency. Up to 30% of phishing emails are opened (unless users are trained). Susceptibility to phishing email drops almost 20% after just one failed anti phishing simulation exercise. Reporting rates significantly outweigh susceptibility rates when simple reporting is deployed to more than 80% of a company’s population, even in the first year. Active reporting of phishing email threats can reduce the standard time for detection of a breach to 1.2 hours on average—a significant improvement over the current industry average of 144 days.
https://phishme.com/2016-enterprise-phishing-susceptibility-report
© Asia Policy Partners LLC 2017
FINAL UPGRADE REMINDER
MT
© Microsoft account team <[email protected]>
Reply| Today, 08:18
Inbox
Microsoft account
Microsoft update info
The deadline for updating all Microsoft E-mail account is Today
You are advice to Update your account now to avoid being suspended.
We are doing this to serve you better and to help you fight malicious users.
Kindly click the link below to complete the process.
Note: Your account will be closed if not updated before the end of today
Grammar/spelling
Fake account
The Threat
Urgency
© Asia Policy Partners LLC 2017
This message was identified as spam. OFFICIAL NOTIFICATION LETTER Google Inc. <[email protected]> Reply| Today, 12:41 Show all 1 attachments (490 KB) Download Contains the malware file!! Dear Google User. You have been selected as a winner for using Google services, attached to this email is Our Official Notification Letter for your perusal. Larry Page, CEO/CO-FOUNDER, GOOGLE INC.
Grammar
© Asia Policy Partners LLC 2017
ATTN: SIR ( CRUDE OIL PROSPECT PROPOSAL MT
Mr Domini tay <[email protected]>
Reply|Today, 04:05
Hello, I greet you with warm regards. I work for Singapore Refining Company as a procurement supervisor, Singapore Refining Company is a refining outfit owned by the South East Asian government. On my desk is a mandate to arrange for crude oil purchase from Republic of Malta for up to 2,000,000 barrels on monthly bases for 12 calendar months. The reason for my reaching out to you is because am in the process of establishing a middle man structure to mediate between the 2 parties involved (our Company and the Company in Republic of Malta) before the contract is signed. You may be wondering why I cannot do it myself? The honest fact is that as a staff member working for this company, it is against our company's operational ethics/policy to for a staff member to profit from any dealings between our company and any other company hence the reason I need a trustworthy person outside my work circle in order to maintain a discreet profile. I wish to extend this partnership to you my friend to build a middle man structure with you while I work from the background to guide you. Our commission/brokerage as middle men is between $2 - $3 per barrel so if the target of 2 Million barrels is met monthly we stand to share $4M - $6M every month for a span of 12 months. Do not worry about the speedy sales as I have contacts within the oil producing country's top management for license of crude oil export/lifting to any firm I present for this business. Contact me if you are interested in this deal, so that I can give you further details. Honestly if you can forecast you see that this venture is a step to being a name to reckon with in the global oil market. Kind regards. Mr Domini Tay Email: [email protected] Phone: +6531637643
Grammar/spelling
Admission of criminal intent!
© Asia Policy Partners LLC 2017
Hi,
Here's some activity you have missed on Facebook.
2 friend request
Go To
See All
Notifications
Facebook 2 friend request [email protected] You have notifications pending
Spoofed account
Contains the malware file!!
© Asia Policy Partners LLC 2017
Good morning sir, We have been instructed by your customer to make this transfer to you. Details of our payments are as follows: Cont. # 41 SPV001 / Aug / 15 $ 344,299.13 - 11,748.82 (50% disc For R008 & R016) = Cont. # 42 EXSQI013 / Nov / 5 $ 299,154.66 -------------------- Total Remittance: US $ 551,704.97 Attached is the TT copy, check with your bank and let us know. Regards, Anup Varghese Philip UAE Exchange Center, Al Mansoori Building, Damascus Street, Al Qusais Dubai, UAE. Phone: + 971-22459418 / 22459413 Fax: + 971-22459419 =======================
Contains the malware file!!
Nonsensical calculation
© Asia Policy Partners LLC 2017
UNITED STATES DEPARTMENT OF JUSTICE <[email protected]>
Reply| Today, 17:07 Federal Bureau of Investigation (FBI) Anti-Terrorist And Monitory Crime Division. Federal Bureau Of Investigation. J.Edgar.Hoover Building Washington Dc Customers Service Hours / Monday To Saturday Office Hours Monday To Saturday: Dear Beneficiary, etc etc
Stolen account from Taiwan
Spelling or grammar errors
No one works Saturday!!
© Asia Policy Partners LLC 2017
Email account similar to the real one
© Asia Policy Partners LLC 2017
DATE: XXXXXXXXX
TO. XXXXX LIMITED,
PAYMENT AUTHORIZATION LETTER
XXXXXXXXXXXXXXXXXXX TRADE CORP.LTD, ADRESS in CHINA.
Hereby authorized and direct XXXX LIMITED, to make required payment of the below
designated bank account:
BENEFICIARY NAME: XXXXXXXXXXXXXXXXXXX TRADE CORP.LTD,
NAME OF BANK: XXXXX BANK POLAND
IBAN NUMBER: PL 1234567890
SWIFT CODE: XXXXXPW
BANK ADDRESS: XXXXXX, POLAND
Note, All payments to our company, must be paid into the above banking details from
henceforth.
This shall be your good and legal sufficient authority for making the payment into our subsidiary
banking details stated above.
Best Regards. XXXXX
© Asia Policy Partners LLC 2017
Return Address: [email protected]
Email Format: HTML
URL of Web Content: http://www.sladurkovci.com//wellsfargo.html
Anchor text of URLs:
1) secured ,sign on to,
2) Go .to http//dns.wellsfargo.com/secure?portalsign
3) secure email
Location: PLOVDIV, PLOVDIV, BULGARIA
Email in Line text;
Your Wells Fargo online access need's to be re-identify on our server.
Because we are having difficulty to contact you with the email address on file with us do to this reason's you are advised to perform account security identification process by confirming your email account with us also to make your account 100% secured ,sign on to continue.
(Note grammatical errors in line text)
Courtesy PhishMe.com
© Asia Policy Partners LLC 2017
Groups
What's new in your group
Consultants Network
MULTIPLE 0PPORTUNITIES TO WORK WITH BIG COMPANIES
AND GET GOOD INC0ME.
By Russel Marek
https://lnkd.in/bu8BV9H ==>> FOLLOW THESE SIMPLE AND EASY STEPS TO WORK 0NLINE AND
MAKE GOOD M0NEY EVERYDAY...
Amol Khedkar
This has all the stench of spam and scam written all over it.
David Glenn
Its sad that people fall for these types of scams.
View Discussion
© 2016 LinkedIn Ireland Limited. LinkedIn, the LinkedIn logo, and InMail are registered trademarks of LinkedIn
Corporation in the United States and/or other countries. All rights reserved.
You are receiving Groups Digest emails. Unsubscribe
This email was intended for Michael Mudd (Managing Partner at Asia Policy Partners LLC). Learn why we included this.
If you need assistance or have questions, please contact LinkedIn Customer Service.
LinkedIn is a registered business name of LinkedIn Ireland Limited.
Registered in Ireland as a private limited company, Company Number 477441
Registered Office: Wilton Plaza, Wilton Place, Dublin 2, Ireland
Noted by recipients as a scam
© Asia Policy Partners LLC 2017
© Asia Policy Partners LLC 2017
Be Aware Security Is Compromised.* Use phishing simulation training and reporting from a
reputable company such as PhishMe or Wombat. Enable User Access Control and remove admin rights. Enable the ‘Show file extensions’. ◦ Avoid mousing over or clicking on ‘.exe’, ‘.vbs’ and ‘.scr’
Use robust antivirus software with heuristics. Use only licensed software and keep it up to date. Trust no one. Literally! Double and triple check
payment requests; pick up the phone. If you see strange activity, pull the plug. Literally! ◦ Shut down the machine, restart without an internet
connection, run antivirus before reconnecting, call help. ◦ System Watcherǂ or a similar service, detects malicious
activity and enables automated remediation.
℠ BASIC: Be Aware Security Is Compromised is a service mark of APP Ltd. ǂ http://www.kaspersky.com/images/Kaspersky_Lab_Whitepaper_System_Watcher_ENG.pdf http://blogs.microsoft.com/microsoftsecure/2016/04/22/ransomware-understanding-the-risk/
© Asia Policy Partners LLC 2017
Example: Azure Rights Management Services – Data Protection for the Cloud.
Multi platform - Windows, Android or IOS.
Integrated with origination programs - the access rights travel with the data.
Data owners can track activities on shared data and revoke access when necessary.
The Cloud therefore provides a strong layer of protection to your data access policies that may not be compromised internally.
© Asia Policy Partners LLC 2017
The CEO should task the Finance/Risk/Security/HR leads to implement a framework for user awareness training, and budget for it.
This should also include a full IT audit of all computers and servers to ensure that only legitimate supported and licensed software is installed and is up to date (patched) also ensure that users cannot upload their own programs, including USB port security management.
Cloud based email provide an extra layer of defence due to constant real time cleaning.
HR needs to create a cyber security awareness course for all employees before they touch a company linked computer, tablet or mobile phone (especially BYOD) - inc the C Suite..
Write and enforce an email and social media policy, check and monitor continually with anti phishing testing services and take remedial action for employees that fail phishing simulations.
© Asia Policy Partners LLC 2017
Michael Mudd
Managing Partner, Asia Policy Partners LLC Michael (Mike) Mudd is the Managing Partner of Asia Policy Partners LLC (APP) an ICT data strategy , privacy and cybersecurity policy advisory firm providing though t leadership on business transformation through technology which he founded in 2010. Prior to this he held leading commercial positions with Riverbed Technology and Standard Chartered Bank PLC, joining the bank from Noble Group.
An appointed technical expert to the ISO, he is a member of the Government of Hong Kong’s Expert Group on Cloud Computing, Security and Privacy Advisory Committee. He holds positions on IT Policy, FinTech and Cloud in the Hong Kong Computer Society as well as OSAC, Hong Kong chapter and is the co chair of the IT, IP and Telecom Committee of AmCham in Hanoi,
He is the chief representative of the UK based Open Computing Alliance for APAC and the Middle East/Africa. He also participates in the work of APEC in several working groups on digital trade and technology. [email protected]
© Asia Policy Partners LLC 2017
Thank You! Michael Mudd
APP - technology : policy : consulting.