18th Info-Security Conference 2017 Hong Kong, HKCEC, · PDF fileBy 2014 this had grown to ... plans, designs or formula, may

© Asia Policy Partners LLC 2017

18th Info-Security Conference 2017

Hong Kong, HKCEC, June 9th 2017

Michael Mudd,

Managing Partner/CEO

Asia Policy Partners LLC


150+ countries to date UK NHS seeks to recover from

global cyber-attack as security concerns resurface… ◦ Cybersecurity centre says teams

‘working round the clock’ to fix systems rendered inaccessible by international ransomware attack

• Global cyber-attack – live updates

• This was a worm - spread other than by opening a phishing mail.*

But ransomware is now present in the majority of non specific phishing emails.

* https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

https://www.theguardian.com/society/live/2017/may/12/england-hospitals-cyber-attack-nhs-live-updates








More data been created in the past two years than in the entire previous history of the human race. Every day 2.5 quintillion* bytes of data are created.

In 1992 100GB of data created a day; 2002 100GB created every second. By 2014 this had grown to 28,875 GB/sec By 2018 it will be 50,000 GB/sec.

By the year 2020, about 1.7 megabytes of new information will be created every second for every human being on the planet.

2015 over 1.4 billion smart phones were sold - all packed with cameras and sensors capable of collecting all kinds of data; think QR codes; NFC, etc.

Data creation has led to data crime.

*a thousand raised to the power of six (1018).


A loss of corporate data, which could include contracts, supplier details, plans, designs or formula, may seriously damage the company’s business and reputation.

If customer data is also stolen it also may violate local data privacy laws which could lead to fines, business suspension or worse*.

Financial losses arising from cyber crime in Hong Kong alone jumped over 50% to HK$1.82 billion last year while the number of reported cases increased to 6,778.

Phishing is the largest and fastest growing malware vector that regularly bypasses technical defences2.

*http://cw.com.hk/opinion/hkcs-view-memo-ceo-sir-we-have-cybersecurity-problem

http://cw.com.hk/opinion/hkcs-view-memo-ceo-sir-we-have-cybersecurity-problem




















Data theft – for profit (inc bank transfers). ◦ Internal - IT/DC tech staff. ◦ Internal - Other staff – admin/sales/management. ◦ External - Suppliers. ◦ Criminals.

Data theft, alteration and/or destruction. ◦ State sponsored. ◦ Hacktivists. ◦ Terrorism.

Extortion. ◦ Data encryption (Ransomware). ◦ Phishing/Spoofing/Vishing ( may be part of for profit). ◦ Denial of Service (DoS/DDoS/DRDoS).


91% of targeted attacks start with Spear Phishing Trend Micro)

Ransomware

infects 400K

endpoints in

just a few hours (Palo Alto)

91% of targeted

attacks start

with Spear

Phishing (Trend Micro)

144 avg # of

days attacks go

unnoticed (Verizon)

Business Email

Compromise

+1,300%, (Krebs)

92% phishing emails

analyzed in Q1 ‘16

contained Ransomware

38% of SMB’s

were targeted (ISTR)

Source: PhishMe.com


MaaS now commonly available on the Dark Web.

‘iBanking malware steals credit card data.

‘RIG’ exploit now is the ‘Tinba’ banking Trojan.

‘Shade’ Ransomware on the ascendant (RaaS).

‘Adwind’ RAT java based cross platform backdoor.

‘SlemBunk’ and ‘Bankosy’ are OTP stealers aimed at

Android mobiles ( can also steal voice OTP’s).

‘MazarBOT’ takes over phones (except in Russia…).

‘XcodeGhost ‘compromises Apples IOS.

‘Patchwork’ exploits unpatched Windows .doc & .pps.

As does WannaCry also with server software.


Facebook and Google fell for a $100m phishing scheme. ◦ Friday 28 April 2017 11.27 BST The Guardian.com.

Not even two of the biggest US technology firms are safe from fraud, as the social network and the search company named as victims of sophisticated attack.

Google and Facebook were phished for over $100m, it has been reported, proving not even the biggest technology companies in the world are immune from the increasingly sophisticated attacks of online scammers.

Last month it was reported that two major tech companies were tricked by a Lithuanian man into sending him over $100m (£77m). Evaldas Rimasauskas, 48, was charged with wire fraud, money laundering and aggravated identity theft for impersonating Quanta Computer – a Taiwanese electronics manufacturer that includes Google, Facebook and Apple as clients.

https://www.theguardian.com/technology/2017/apr/28/facebook-google-conned-100m-phishing-scheme


131,000 victims to March 2015.*

718,000 from April 2015 to March 2016.*

Uses 2048-bit RSA cryptographic key pairs.

Shade gang asks $400-600 in bitcoin for key.

Petya-Mischa gang uses fake job offers.

Prevention and back up crucial. ◦ Training and Attack identification .

Kaspersky Lab and Intel Security jointly addressing technical solutions.ǂ

*http://www.bankinfosecurity.com/ ǂ https://www.nomoreransom.org/


Business-context phishing emails remain the most difficult for users to recognize. Top emotional motivators: Curiosity, Fear, Urgency. Up to 30% of phishing emails are opened (unless users are trained). Susceptibility to phishing email drops almost 20% after just one failed anti phishing simulation exercise. Reporting rates significantly outweigh susceptibility rates when simple reporting is deployed to more than 80% of a company’s population, even in the first year. Active reporting of phishing email threats can reduce the standard time for detection of a breach to 1.2 hours on average—a significant improvement over the current industry average of 144 days.

https://phishme.com/2016-enterprise-phishing-susceptibility-report












FINAL UPGRADE REMINDER

MT

© Microsoft account team <[email protected]>

Reply| Today, 08:18

[email protected]

Inbox

Microsoft account

Microsoft update info

The deadline for updating all Microsoft E-mail account is Today

You are advice to Update your account now to avoid being suspended.

We are doing this to serve you better and to help you fight malicious users.

Kindly click the link below to complete the process.

Note: Your account will be closed if not updated before the end of today

Grammar/spelling

Fake account

The Threat

Urgency


This message was identified as spam. OFFICIAL NOTIFICATION LETTER Google Inc. <[email protected]> Reply| Today, 12:41 Show all 1 attachments (490 KB) Download Contains the malware file!! Dear Google User. You have been selected as a winner for using Google services, attached to this email is Our Official Notification Letter for your perusal. Larry Page, CEO/CO-FOUNDER, GOOGLE INC.

Grammar


ATTN: SIR ( CRUDE OIL PROSPECT PROPOSAL MT

Mr Domini tay <[email protected]>

Reply|Today, 04:05

Hello, I greet you with warm regards. I work for Singapore Refining Company as a procurement supervisor, Singapore Refining Company is a refining outfit owned by the South East Asian government. On my desk is a mandate to arrange for crude oil purchase from Republic of Malta for up to 2,000,000 barrels on monthly bases for 12 calendar months. The reason for my reaching out to you is because am in the process of establishing a middle man structure to mediate between the 2 parties involved (our Company and the Company in Republic of Malta) before the contract is signed. You may be wondering why I cannot do it myself? The honest fact is that as a staff member working for this company, it is against our company's operational ethics/policy to for a staff member to profit from any dealings between our company and any other company hence the reason I need a trustworthy person outside my work circle in order to maintain a discreet profile. I wish to extend this partnership to you my friend to build a middle man structure with you while I work from the background to guide you. Our commission/brokerage as middle men is between $2 - $3 per barrel so if the target of 2 Million barrels is met monthly we stand to share $4M - $6M every month for a span of 12 months. Do not worry about the speedy sales as I have contacts within the oil producing country's top management for license of crude oil export/lifting to any firm I present for this business. Contact me if you are interested in this deal, so that I can give you further details. Honestly if you can forecast you see that this venture is a step to being a name to reckon with in the global oil market. Kind regards. Mr Domini Tay Email: [email protected] Phone: +6531637643

Grammar/spelling

Admission of criminal intent!

mailto:[email protected]


Hi,

Here's some activity you have missed on Facebook.

2 friend request

Go To

Facebook

See All

Notifications

Facebook 2 friend request [email protected] You have notifications pending

Spoofed account

Contains the malware file!!



Good morning sir, We have been instructed by your customer to make this transfer to you. Details of our payments are as follows: Cont. # 41 SPV001 / Aug / 15 $ 344,299.13 - 11,748.82 (50% disc For R008 & R016) = Cont. # 42 EXSQI013 / Nov / 5 $ 299,154.66 -------------------- Total Remittance: US $ 551,704.97 Attached is the TT copy, check with your bank and let us know. Regards, Anup Varghese Philip UAE Exchange Center, Al Mansoori Building, Damascus Street, Al Qusais Dubai, UAE. Phone: + 971-22459418 / 22459413 Fax: + 971-22459419 =======================

Contains the malware file!!

Nonsensical calculation


UNITED STATES DEPARTMENT OF JUSTICE <[email protected]>

Reply| Today, 17:07 Federal Bureau of Investigation (FBI) Anti-Terrorist And Monitory Crime Division. Federal Bureau Of Investigation. J.Edgar.Hoover Building Washington Dc Customers Service Hours / Monday To Saturday Office Hours Monday To Saturday: Dear Beneficiary, etc etc

Stolen account from Taiwan

Spelling or grammar errors

No one works Saturday!!


Email account similar to the real one


DATE: XXXXXXXXX

TO. XXXXX LIMITED,

PAYMENT AUTHORIZATION LETTER

XXXXXXXXXXXXXXXXXXX TRADE CORP.LTD, ADRESS in CHINA.

Hereby authorized and direct XXXX LIMITED, to make required payment of the below

designated bank account:

BENEFICIARY NAME: XXXXXXXXXXXXXXXXXXX TRADE CORP.LTD,

NAME OF BANK: XXXXX BANK POLAND

IBAN NUMBER: PL 1234567890

SWIFT CODE: XXXXXPW

BANK ADDRESS: XXXXXX, POLAND

Note, All payments to our company, must be paid into the above banking details from

henceforth.

This shall be your good and legal sufficient authority for making the payment into our subsidiary

banking details stated above.

Best Regards. XXXXX


Return Address: [email protected]

Email Format: HTML

URL of Web Content: http://www.sladurkovci.com//wellsfargo.html

Anchor text of URLs:

1) secured ,sign on to,

2) Go .to http//dns.wellsfargo.com/secure?portalsign

3) secure email

Location: PLOVDIV, PLOVDIV, BULGARIA

Email in Line text;

Your Wells Fargo online access need's to be re-identify on our server.

Because we are having difficulty to contact you with the email address on file with us do to this reason's you are advised to perform account security identification process by confirming your email account with us also to make your account 100% secured ,sign on to continue.

(Note grammatical errors in line text)

Courtesy PhishMe.com


Groups

What's new in your group

Consultants Network

MULTIPLE 0PPORTUNITIES TO WORK WITH BIG COMPANIES

AND GET GOOD INC0ME.

By Russel Marek

https://lnkd.in/bu8BV9H ==>> FOLLOW THESE SIMPLE AND EASY STEPS TO WORK 0NLINE AND

MAKE GOOD M0NEY EVERYDAY...

Amol Khedkar

This has all the stench of spam and scam written all over it.

David Glenn

Its sad that people fall for these types of scams.

View Discussion

© 2016 LinkedIn Ireland Limited. LinkedIn, the LinkedIn logo, and InMail are registered trademarks of LinkedIn

Corporation in the United States and/or other countries. All rights reserved.

You are receiving Groups Digest emails. Unsubscribe

This email was intended for Michael Mudd (Managing Partner at Asia Policy Partners LLC). Learn why we included this.

If you need assistance or have questions, please contact LinkedIn Customer Service.

LinkedIn is a registered business name of LinkedIn Ireland Limited.

Registered in Ireland as a private limited company, Company Number 477441

Registered Office: Wilton Plaza, Wilton Place, Dublin 2, Ireland

Noted by recipients as a scam



Be Aware Security Is Compromised.* Use phishing simulation training and reporting from a

reputable company such as PhishMe or Wombat. Enable User Access Control and remove admin rights. Enable the ‘Show file extensions’. ◦ Avoid mousing over or clicking on ‘.exe’, ‘.vbs’ and ‘.scr’

Use robust antivirus software with heuristics. Use only licensed software and keep it up to date. Trust no one. Literally! Double and triple check

payment requests; pick up the phone. If you see strange activity, pull the plug. Literally! ◦ Shut down the machine, restart without an internet

connection, run antivirus before reconnecting, call help. ◦ System Watcherǂ or a similar service, detects malicious

activity and enables automated remediation.

℠ BASIC: Be Aware Security Is Compromised is a service mark of APP Ltd. ǂ http://www.kaspersky.com/images/Kaspersky_Lab_Whitepaper_System_Watcher_ENG.pdf http://blogs.microsoft.com/microsoftsecure/2016/04/22/ransomware-understanding-the-risk/

http://www.kaspersky.com/images/Kaspersky_Lab_Whitepaper_System_Watcher_ENG.pdf

http://blogs.microsoft.com/microsoftsecure/2016/04/22/ransomware-understanding-the-risk/









Example: Azure Rights Management Services – Data Protection for the Cloud.

Multi platform - Windows, Android or IOS.

Integrated with origination programs - the access rights travel with the data.

Data owners can track activities on shared data and revoke access when necessary.

The Cloud therefore provides a strong layer of protection to your data access policies that may not be compromised internally.


The CEO should task the Finance/Risk/Security/HR leads to implement a framework for user awareness training, and budget for it.

This should also include a full IT audit of all computers and servers to ensure that only legitimate supported and licensed software is installed and is up to date (patched) also ensure that users cannot upload their own programs, including USB port security management.

Cloud based email provide an extra layer of defence due to constant real time cleaning.

HR needs to create a cyber security awareness course for all employees before they touch a company linked computer, tablet or mobile phone (especially BYOD) - inc the C Suite..

Write and enforce an email and social media policy, check and monitor continually with anti phishing testing services and take remedial action for employees that fail phishing simulations.


Michael Mudd

Managing Partner, Asia Policy Partners LLC Michael (Mike) Mudd is the Managing Partner of Asia Policy Partners LLC (APP) an ICT data strategy , privacy and cybersecurity policy advisory firm providing though t leadership on business transformation through technology which he founded in 2010. Prior to this he held leading commercial positions with Riverbed Technology and Standard Chartered Bank PLC, joining the bank from Noble Group.

An appointed technical expert to the ISO, he is a member of the Government of Hong Kong’s Expert Group on Cloud Computing, Security and Privacy Advisory Committee. He holds positions on IT Policy, FinTech and Cloud in the Hong Kong Computer Society as well as OSAC, Hong Kong chapter and is the co chair of the IT, IP and Telecom Committee of AmCham in Hanoi,

He is the chief representative of the UK based Open Computing Alliance for APAC and the Middle East/Africa. He also participates in the work of APEC in several working groups on digital trade and technology. [email protected]



Thank You! Michael Mudd

[email protected]

APP - technology : policy : consulting.


Documents

18th Info-Security Conference 2017 Hong Kong, HKCEC, · PDF fileBy 2014 this had grown to ... plans, designs or formula, may