The Trojan Horse: Phishing and Ransomware Attacks

DAVID S. LIPKUSKESTENBERG S IEGAL L IPKUS LLP

BARRISTERS & SOLICITORS65 GRANBY STREET, TORONTO, ONTARIO, M5B 1H8

WWW.KSLLAW.COM

TEL: 416-342-1103 FAX: 416-597-6567

Agenda

1) Ke y Te rm s

2) C a se Stud y

3) Pre ve ntio n

4) NO W WHAT? ? ? !!!? ? ?

$445 Billion Year cost to the global economy

7% in 2 yearsNumber of business reporting $1 million loss

The risks are REALBut MANAGEABLE

Key Terms

Key Terms

Key Terms

Key Terms

Social Engineering

Key Terms - Phishing

Spear Phishing

Key Terms

Information Sec urity

Critic a l Infrastruc ture

Intellec tual Property

TECH 101SOME PRACTICAL BASICS

CREATING A PHISHING ATTACK

• A phishing campaign can be launched in as little as fifteen minutes

• Cursory research using Google, LinkedIn, or your company’s website can provide an attacker with enough information to sound convincing to users

• In this example, Google Forms was used to easily create a fillable survey users could be targeted with

CREATING A PHISHING ATTACK

• Although a Gmail account was used here, easily obtained software tools allow large numbers of users to be targeted

• Sophisticated attackers will send less easily detected emails and embed tracking images or even code in their phishing emails

Friday, May 12, 2017

In 1 Day 230,000 infec ted

c o m p ute rs a c ro ss 150 c o untrie s.

Estim a te d Ec o no m ic Lo sse s:

$4 BillionTo p 4 C o untrie s Affe c te d :• Russia

• Ukra ine • Ind ia

• Ta iwa n

Affected Organizations• Andhra Pradesh Police, India• Aristotle University of Thessaloniki,

Greece• Automobile Dacia, Romania• Cambrian College, Canada• Chinese public security bureau• CJ CGV• Dalian Maritime University• Deutsche Bahn• Dharmais Hospital, Indonesia• Faculty Hospital, Nitra, Slovakia• FedEx• Garena Blade and Soul• Guilin University Of Aerospace

Technology• Guilin University Of Electronic

Technology• Harapan Kita Hospital[disambiguation

needed], Indonesia• Hezhou University• Hitachi

• Honda• Instituto Nacional de Salud, Colombia• Lakeridge Health• LAKS• LATAM Airlines Group• MegaFon• Ministry of Internal Affairs of the Russian

Federation• Ministry of Foreign Affairs (Romania)• National Health Service (England)• NHS Scotland• Nissan Motor Manufacturing UK• O2, Germany• Petrobrás• PetroChina• Portugal Telecom• Q-Park• Renault• Russian Railways• Sandvik• São Paulo Court of Justice

• Saudi Telecom Company• Sberbank• Shandong University• State Governments of India• Government of Gujarat• Government of Kerala• Government of Maharashtra• Government of West Bengal• Suzhou Vehicle Administration• Sun Yat-sen University, China• Telefónica• Telenor Hungary, Hungary• Telkom (South Africa)• Timrå Municipality, Sweden• Universitas Jember, Indonesia• University of Milano-Bicocca, Italy• University of Montreal, Canada• Vivo, Brazil

How it worked:

Generally: Will trick you into clicking an e-mail/link/attachment which will then infect your operating system.

WannaCry: In this case, a vulnerability in an operating system.

The question is not “IF” but

“WHEN”

HAVE YOU HAD YOUR

CYBER HEALTH CHECK?

Cyber Health Check

1. Prevention

2. Education & Training

3. Information Sharing

PreventionAN OUNCE OF PREVENTION IS WORTH A POUND OF CURE – BENJAMIN FRANKLIN

#1. REGULARLY BACKUP AND STORE DATA OUTSIDE OF YOUR BUSINESS NETWORK.

Prevention

#2. EDUCATION & TRAINING

Prevention

#2. EDUCATION & TRAININGPrevention

Insider threats are the most common entry point

for cyber criminals

[60%]

#2. EDUCATION & TRAININGPreventionThe “Human Factor”

- People can be the best resource and the weakest link

#3. SOFTWAREPrevention

Virtual Private Network (VPN)

• Originally designed to allow users to securely access a private network across the Internet or other public network

• Often used in a similar manner to proxies, with two key differences:• The connection between the VPN server and the user is encrypted

• VPNs can handle all types of traffic, whereas proxies generally only deal with web traffic (HTTP)

• VPNs used in this manner are generally paid services, allowing users to pick from a variety of locations they wish to appear to be coming from

VPN Demonstration

Information SharingAN EFFECTIVE STRATEGY

- Business are hesitant to share information.

Information Sharing

Sharing information among key players is essential to combating cybercrime.

Information Sharing

CCTX

(Canadian Cyber Threat Exchange)

Information Sharing

• Not-for-profit• Share information about vulnerabilities and

cyber threats among governments, businesses and research institutions.

• Provide analysis of information security issues

• Point of contact for cyber information sharing organizations in other countries.

NOW WHAT???!!!???

• C & D• Registrars/ISPs• Mail Servers

• IT department• Third Parties

http://www.antifraudcentre-centreantifraude.ca/index-eng.htm

The Trojan Horse: Phishing and Ransomware Attacks

DAVID S. LIPKUSKESTENBERG S IEGAL L IPKUS LLP

BARRISTERS & SOLICITORS65 GRANBY STREET, TORONTO, ONTARIO, M5B 1H8

WWW.KSLLAW.COM

TEL: 416-342-1103 FAX: 416-597-6567