SlideShare ist ein Scribd-Unternehmen logo

How I'd hack into your business and how you can stop me!

Als PPTX, PDF herunterladen
AVG Technologies AU
AVG Technologies AU

The document provides tips on how businesses can protect themselves from cyber attacks. It begins by introducing common hacker tactics like phishing, exploiting wireless networks, and scanning for website vulnerabilities. It then discusses the types of attackers and their motives, usually to steal financial information or damage a company's reputation. Several specific attack vectors are outlined, including using default passwords, vulnerable websites, insecure wireless networks, flaws in internet banking, and social engineering through phishing emails. The presentation emphasizes adopting a "protect, detect, correct" mindset and classifying sensitive data, as well as following security best practices like enabling two-factor authentication, using strong unique passwords, and keeping software updated. The key message is that businesses of any size can take

Technologie
1 von 52
How I’d hack into your business, and how you can stop me! Michael McKinnon, Security Advisor mmckinnon@avg.com.au | @bigmac
What are we looking at today? Ask questions! What sort of business do you have? 2 AVG Confidential We are all here to prosper together.
Overview Introduction • Who is AVG? • What data are you protecting in your business? Common hack tactics • Phishing, Wireless Networks, Website vulnerabilities • Malicious links, Mobile devices, Automated scans Security, it’s a way of thinking • Protect, Detect and Correct • Staying in the “know” when it comes to security. 3 AVG Confidential
Top line statistics in Australia During 2012 • 5.4 million Australians fell victim to cyber crime • Estimated cost to the economy $1.65 billion • 250 Businesses surveyed found 1 in 5 were victims • No mandatory disclosure laws means the problem may well be much bigger 4 AVG Confidential
Business - How vulnerable are you? Is your business MORE or LESS vulnerable than the business next door? 79% victims were targets of opportunity 96% attacks were not highly difficult 85% took two-weeks or more to discover Source: Verizon Data Breach Investigations Report 2012 5 AVG Confidential
The solutions are NOT expensive 6 AVG Confidential
Tonight is all about the easy wins 80% 20% 7 AVG Confidential
Who would hack your business, and why?
Motive & opportunity The ability for anyone to attack your business is always based on two factors: • How much they want to (their motive) • How easy it would be to do (their opportunity) When your business is connected to the Internet: • Motivations are magnified by currency exchange rates in poorer countries – something you don‟t value is worth much more. • Opportunity is provided through instant electronic connectivity anywhere in the world. Can be so tempting, that motivation sometimes is hard to identify! 9 AVG Confidential
Types of attackers Targeted Attackers Garden Variety Cybercriminals 10 AVG Confidential
Motives - Follow the money • Cybercriminals tend to “follow the money” • So, the types of attack are often predictable • • • • • Credit card data Private customer information Refund / returns policy Bank accounts Financial processes • Think about the money leaving the business… 11 AVG Confidential
Example – Stealing POS transaction data • Lots of examples in the news… http://www.cio.com.au/article/436663/two_romanians_plead_guilty_point-of-sale_hacking/ 12 AVG Confidential
Motives – Using your reputation • When money isn‟t available, you are the stepping stone • You could be related to the “real” target • So, the types of attack change slightly • • • • Installing links on your website to snare visitors Private Customer Information Phishing attacks using your e-mail Passing themselves off as your business • The damage to your reputation could last a life time 13 AVG Confidential
Types of attack
Common types of attack How many involve the incorrect use of passwords? 5 out of 10 * Source: Verizon Data Breach Investigations Report 2012 15 AVG Confidential
Malware / Trojans • Common varieties that cause general havoc (Fake antivirus, ransomware) • Retail / POS specific – “RAM Scrapers” (Designed to exflitrate transaction data) • Remote Control Trojan or Rootkit (Designed to remain hidden for future access) 16 AVG Confidential
Hacking • When combined with custom written malware, this is highly-targeted and designed to avoid detection and remain in place for a long time. • In 2011, Verizon reported that 81% of incidents utilised some form of hacking. 17 AVG Confidential
Attack vectors
#1. Default passwords 1. The user manual says: “Step 1. Change the default password” 2. Far too common that these are not changed, or they‟re changed to someone else‟s “default” password (which is widely known) 19 AVG Confidential
Passwords – Back to basics! What should we aim for in a password? • • Should be easy for you to remember Should be hard for someone else to guess (and “brute-force”) 20 AVG Confidential
Passwords – World’s top 10 most used • • • • • 21 AVG Confidential 123456 123456789 Password 12345678 654321 • • • • • Password1 Password123 1234567 abc123 Qwerty
Can someone guess your password? • Favourite football team? • Pet‟s name? • Family members? 22 AVG Confidential
Rank these passwords in order of strength… 1. E56#av+Yb! 2. Password123 3. aaaaaAAAAA#####43 4. 123456 5. lucasjames 23 AVG Confidential MOST SECURE
Why? Anatomy of a good password • • • • • • The password: aaaaaAAAAA#####43 It is 17 characters in length Contains upper and lowercase letters Contains numbers Contains the „#‟ symbol How many combinations? • • 24 AVG Confidential 72 combinations, 17 combinations long is 72^17 That‟s 37 thousand billion billion billion combinations!
Password separation • Make new passwords for different accounts you access… • Start with your “base” password (aaaaaAAAAA#####43) • • • 25 aaaaaAAAAA#####43fb • • “Facebook” – you could take the letters “f” and “b” from Facebook and create a new password: aaaaaAAAAA#####43tr “Twitter” – you could take the letters “t” and “r” from Twitter and create another password: Mix it up! Be creative! And don‟t use these examples! AVG Confidential
The golden rules of passwords • Never, never, ever give your password to someone else! • Absolute minimum of 15 characters • Use a combination of different characters • • • Upper and lowercase (a – z, A – Z) At least one numeral ( 0 – 9 ) At least one symbol ( !@#$%^&*()_+= ) • • 26 Password length is always better than randomness Must be easy for you to remember AVG Confidential
#2. Your vulnerable website • Websites are being compromised too frequently, especially: • Wordpress, Joomla and others • Is your website password also used elsewhere? • Examples of impact to your business could be: • • • • • 27 Theft of credit card details if you have a shopping cart Stolen credentials can be used to access other systems Visitors to your website can be infected/snared into other scams Your website could be implicated in spam or phishing attacks Get your website updated or tested. AVG Confidential
#3. Insecure wireless networks • • • 28 Wireless networks are convenient But poorly configured they represent a huge security risk! Data packets can be “sniffed” by nearby attackers AVG Confidential
Secure your wireless networks • • • • 29 Amazing how many are insecure – including my GP! Never use “WEP”, always use “WPA” or “WPA2” Wireless password should be very long and NOT easy to remember (okay to write it down somewhere safe) When using public WiFi networks, it‟s always better to use password protected ones rather than “open” wireless networks – easy for criminals to “sniff” the traffic AVG Confidential
#4. Incorrect internet banking • Many businesses I speak with are using “Consumer” grade Internet banking • • Not secured with two-factor authentication Sharing logins with bookkeepers etc. (no ability to separate permissions – i.e. who can transfer money?) • • General security when accessing Internet banking • • 30 SOLUTION: Talk to your bank! AVG Confidential Never from an unprotected computer – keyloggers etc. Always bookmark the Bank URL with https://…
Internet banking – Two-factor authentication • • 31 Insist on “Two-factor” authentication for business Internet banking; either a security token (preferred) or an SMS response code. Contact your bank ASAP if you find anything unusual AVG Confidential
#5. Phishing, spear phishing & whaling • • “Click here to see the details of your order” –> (login page) • 32 Sending of specially crafted e-mails to trick users into divulging sensitive information Does your e-mail use anti-spam to stop these? What about the ones that it won‟t stop? AVG Confidential
Scammers & spammers
Rogue scanners & fake antivirus 34 AVG Confidential
Fake antivirus – Nag screens and pop-ups 35 AVG Confidential
Ransomware – Your PC is blocked… “Australian Federal Police” labeled Ransomware – first appeared late September 2012 36 AVG Confidential
Scams – Fake Telstra emails 37 AVG Confidential
Scams – Fake Facebook emails * Received by AVG on 7 August 2012 38 AVG Confidential
Social engineering – Getting you to click 39 AVG Confidential
Big events – London 2012 games on YouTube 40 AVG Confidential
Mobile security – Rogue apps • • Malicious functionality can communicate with remote servers, install additional malware, botnet functions • 41 Trojan-infected version of „Angry Birds Space‟ appeared in January 2012 Only download from official app stores AVG Confidential
SMS scams & extortion attempts 42 AVG Confidential
“Microsoft” acam – How the call starts • • …a Partner of Microsoft and Microsoft R&D, given information by your ISP that you are infected… • • …viruses being tracked back to your IP number… • 43 …Microsoft had told them of the failure and that your system was in danger of crashing… …My ID Number is XXX. We have been notified that your system is infected… …have been commissioned by Microsoft to help people remove malware from infected systems… AVG Confidential
Mobile security tips
Mobile security - What are the risks? • • 45 AVG Confidential Physical loss of the device, still the biggest risk Infection from malware and possible fraud
Mobile security – Physical risks • Device locks • • Can you locate your lost/stolen phone? • • 46 AVG Confidential PIN numbers and/or passwords “Find My iPhone/iPad” Android solutions as well
Mobile Security - Protecting Mobile Data • What data do you have on your devices? • • • • 47 AVG Confidential Do an audit to find out! Classify your data and think about the consequences Does it need to be mobile? Device encryption available in latest mobile devices
Mobile security - Preventing mobile malware • Use anti-malware on your mobile • Don‟t install apps from outside trusted marketplaces • • When installing apps always check permissions • 48 AVG Confidential Never, ever hack your phone • i.e. iPhone/iPad “Jailbreak” or Android “root” Limit/consider implications of clicking on links on a mobile device, especially via social networking sites
Protect Detect Correct Adopting a security mindset 4 9
Identify and classify your data • • • • Top secret (if obtained could shut your business down) • 50 Consider classifying all the data in your business into three areas: Your strategies around protecting your information will be much easier. AVG Confidential Classified (if obtained would cause embarrassment) Unclassified (everything else, brochures, publicly available)
Summary • • • Use strong two-factor authentication whenever you can. • If you didn’t ask for it, don’t click the link. But if you do, make sure you‟ve got software to detect and correct. • 51 Change default passwords, and use strong and long passwords, and separate them. And communicate this advice to your colleagues and staff and even customers! You‟re only as secure as your weakest link. Always update your computers and mobile devices (use auto-update where possible). AVG Confidential
Thank you! For more information please visit our website: www.avg.com.au/business facebook.com/avgaunz twitter.com/avgaunz resources.avg.com.au

Empfohlen

Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From HomeDallasHaselhorst
 
Hackers and cyber crimes
Hackers and cyber crimesHackers and cyber crimes
Hackers and cyber crimesSweta Kumari Barnwal
 
Unit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesUnit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesSweta Kumari Barnwal
 
Cyber Vigilantes: Turning the Tables on Hackers
Cyber Vigilantes: Turning the Tables on HackersCyber Vigilantes: Turning the Tables on Hackers
Cyber Vigilantes: Turning the Tables on HackersImperva
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureLourdes Paloma Gimenez
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingVishesh Singhal
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTechWell
 

Empfohlen

Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From HomeDallasHaselhorst
 
Hackers and cyber crimes
Hackers and cyber crimesHackers and cyber crimes
Hackers and cyber crimesSweta Kumari Barnwal
 
Unit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesUnit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesSweta Kumari Barnwal
 
Cyber Vigilantes: Turning the Tables on Hackers
Cyber Vigilantes: Turning the Tables on HackersCyber Vigilantes: Turning the Tables on Hackers
Cyber Vigilantes: Turning the Tables on HackersImperva
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureLourdes Paloma Gimenez
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingVishesh Singhal
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTechWell
 
Login cat tekmonks - v3
Login cat tekmonks - v3Login cat tekmonks - v3
Login cat tekmonks - v3TEKMONKS
 
Seminar
SeminarSeminar
SeminarChëëñå Båbü
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
Login cat tekmonks - v4
Login cat tekmonks - v4Login cat tekmonks - v4
Login cat tekmonks - v4Rohit Kapoor
 
Keeping hackers out of your POS!
Keeping hackers out of your POS!Keeping hackers out of your POS!
Keeping hackers out of your POS!AVG Technologies AU
 
Web security 2012
Web security 2012Web security 2012
Web security 2012Mohamed Elabnody
 
Hacking
HackingHacking
HackingVipinYadav257
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecRaghunath G
 
Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughMartin Opsahl
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziNCCOMMS
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomwaremarketingunitrends
 
Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)Rohit Kapoor
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
CSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacCSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacNCCOMMS
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingKeith Brooks
 
CyberDen 2020
CyberDen 2020CyberDen 2020
CyberDen 2020Fahad Al-Hasan
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...NCCOMMS
 
Ethical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportEthical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportRaghav Bisht
 
Arrecifes de Coral
Arrecifes de CoralArrecifes de Coral
Arrecifes de CoralColegio de La Esperanza
 
E07 01 v230-c_ndoc_interoperability_mcuconnection_vc300_600
E07 01 v230-c_ndoc_interoperability_mcuconnection_vc300_600E07 01 v230-c_ndoc_interoperability_mcuconnection_vc300_600
E07 01 v230-c_ndoc_interoperability_mcuconnection_vc300_600Hai Lua
 
10 October 13, 2013, John 4;39 5;47, The Power To Save, The Power To Heal
10 October 13, 2013, John 4;39 5;47, The Power To Save, The Power To Heal10 October 13, 2013, John 4;39 5;47, The Power To Save, The Power To Heal
10 October 13, 2013, John 4;39 5;47, The Power To Save, The Power To HealFirst Baptist Church Jackson
 

Weitere ähnliche Inhalte

Was ist angesagt?

Login cat tekmonks - v3
Login cat tekmonks - v3Login cat tekmonks - v3
Login cat tekmonks - v3TEKMONKS
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
Login cat tekmonks - v4
Login cat tekmonks - v4Login cat tekmonks - v4
Login cat tekmonks - v4Rohit Kapoor
 
Keeping hackers out of your POS!
Keeping hackers out of your POS!Keeping hackers out of your POS!
Keeping hackers out of your POS!AVG Technologies AU
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecRaghunath G
 
Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughMartin Opsahl
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziNCCOMMS
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomwaremarketingunitrends
 
Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)Rohit Kapoor
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
CSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacCSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacNCCOMMS
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...NCCOMMS
 
Ethical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportEthical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportRaghav Bisht
 

Was ist angesagt? (19)

Login cat tekmonks - v3
Login cat tekmonks - v3Login cat tekmonks - v3
Login cat tekmonks - v3
 
Seminar
SeminarSeminar
Seminar
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
 
Login cat tekmonks - v4
Login cat tekmonks - v4Login cat tekmonks - v4
Login cat tekmonks - v4
 
Keeping hackers out of your POS!
Keeping hackers out of your POS!Keeping hackers out of your POS!
Keeping hackers out of your POS!
 
Web security 2012
Web security 2012Web security 2012
Web security 2012
 
Hacking
HackingHacking
Hacking
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_Dec
 
Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enough
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael Narezzi
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomware
 
Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber security
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
 
CSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacCSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha Kranjac
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
CyberDen 2020
CyberDen 2020CyberDen 2020
CyberDen 2020
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
 
Ethical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportEthical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training Report
 

Andere mochten auch

E07 01 v230-c_ndoc_interoperability_mcuconnection_vc300_600
E07 01 v230-c_ndoc_interoperability_mcuconnection_vc300_600E07 01 v230-c_ndoc_interoperability_mcuconnection_vc300_600
E07 01 v230-c_ndoc_interoperability_mcuconnection_vc300_600Hai Lua
 
10 October 13, 2013, John 4;39 5;47, The Power To Save, The Power To Heal
10 October 13, 2013, John 4;39 5;47, The Power To Save, The Power To Heal10 October 13, 2013, John 4;39 5;47, The Power To Save, The Power To Heal
10 October 13, 2013, John 4;39 5;47, The Power To Save, The Power To HealFirst Baptist Church Jackson
 
Us.report.letter.to.obama.(final)
Us.report.letter.to.obama.(final)Us.report.letter.to.obama.(final)
Us.report.letter.to.obama.(final)Keri Strahler
 
Posibl. - The first social solidarity network
Posibl. - The first social solidarity networkPosibl. - The first social solidarity network
Posibl. - The first social solidarity networkposibldreams
 
Social media jamiekehl
Social media jamiekehlSocial media jamiekehl
Social media jamiekehljamiekehl
 

Andere mochten auch (7)

Arrecifes de Coral
Arrecifes de CoralArrecifes de Coral
Arrecifes de Coral
 
E07 01 v230-c_ndoc_interoperability_mcuconnection_vc300_600
E07 01 v230-c_ndoc_interoperability_mcuconnection_vc300_600E07 01 v230-c_ndoc_interoperability_mcuconnection_vc300_600
E07 01 v230-c_ndoc_interoperability_mcuconnection_vc300_600
 
10 October 13, 2013, John 4;39 5;47, The Power To Save, The Power To Heal
10 October 13, 2013, John 4;39 5;47, The Power To Save, The Power To Heal10 October 13, 2013, John 4;39 5;47, The Power To Save, The Power To Heal
10 October 13, 2013, John 4;39 5;47, The Power To Save, The Power To Heal
 
Us.report.letter.to.obama.(final)
Us.report.letter.to.obama.(final)Us.report.letter.to.obama.(final)
Us.report.letter.to.obama.(final)
 
Posibl. - The first social solidarity network
Posibl. - The first social solidarity networkPosibl. - The first social solidarity network
Posibl. - The first social solidarity network
 
Hinzman Fire Plan
Hinzman Fire Plan Hinzman Fire Plan
Hinzman Fire Plan
 
Social media jamiekehl
Social media jamiekehlSocial media jamiekehl
Social media jamiekehl
 

Ähnlich wie How I'd hack into your business and how you can stop me!

itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfMansoorAhmed57263
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Information & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. onlineInformation & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. onlineSumanPramanik7
 
eSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers SafeeSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers SafeAVG Technologies AU
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBCapyn
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleJarrod Overson
 
Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)David Herrington
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayanehaz
 
Cybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaCybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaSteve Poole
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdfw4tgrgdyryfh
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Vibrant Event
 
Keeping you and your library safe and secure
Keeping you and your library safe and secureKeeping you and your library safe and secure
Keeping you and your library safe and secureLYRASIS
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security PracticeBrian Pichman
 

Ähnlich wie How I'd hack into your business and how you can stop me! (20)

itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Information & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. onlineInformation & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. online
 
eSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers SafeeSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers Safe
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBC
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycle
 
Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and students
 
Cybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaCybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 Sofia
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Keeping you and your library safe and secure
Keeping you and your library safe and secureKeeping you and your library safe and secure
Keeping you and your library safe and secure
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
 
Cyber Safety 101
Cyber Safety 101Cyber Safety 101
Cyber Safety 101
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
 

Mehr von AVG Technologies AU

How To Be Facebook Friends With The Boss & Keep Your Job
How To Be Facebook Friends With The Boss & Keep Your JobHow To Be Facebook Friends With The Boss & Keep Your Job
How To Be Facebook Friends With The Boss & Keep Your JobAVG Technologies AU
 
Computing on the Move - Mobile Security
Computing on the Move - Mobile SecurityComputing on the Move - Mobile Security
Computing on the Move - Mobile SecurityAVG Technologies AU
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityAVG Technologies AU
 
AVG Community Powered Threat Report: Q1 2012
AVG Community Powered Threat Report: Q1 2012AVG Community Powered Threat Report: Q1 2012
AVG Community Powered Threat Report: Q1 2012AVG Technologies AU
 
Emerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityEmerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityAVG Technologies AU
 

Mehr von AVG Technologies AU (7)

AVG Threat Report Q4 2012
AVG Threat Report Q4 2012AVG Threat Report Q4 2012
AVG Threat Report Q4 2012
 
AVG Q3 2012 Threat Report
AVG Q3 2012 Threat ReportAVG Q3 2012 Threat Report
AVG Q3 2012 Threat Report
 
How To Be Facebook Friends With The Boss & Keep Your Job
How To Be Facebook Friends With The Boss & Keep Your JobHow To Be Facebook Friends With The Boss & Keep Your Job
How To Be Facebook Friends With The Boss & Keep Your Job
 
Computing on the Move - Mobile Security
Computing on the Move - Mobile SecurityComputing on the Move - Mobile Security
Computing on the Move - Mobile Security
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
 
AVG Community Powered Threat Report: Q1 2012
AVG Community Powered Threat Report: Q1 2012AVG Community Powered Threat Report: Q1 2012
AVG Community Powered Threat Report: Q1 2012
 
Emerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityEmerging Threats and Trends in Online Security
Emerging Threats and Trends in Online Security
 

Kürzlich hochgeladen

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Kürzlich hochgeladen (20)

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

How I'd hack into your business and how you can stop me!

  • 1. How I’d hack into your business, and how you can stop me! Michael McKinnon, Security Advisor mmckinnon@avg.com.au | @bigmac
  • 2. What are we looking at today? Ask questions! What sort of business do you have? 2 AVG Confidential We are all here to prosper together.
  • 3. Overview Introduction • Who is AVG? • What data are you protecting in your business? Common hack tactics • Phishing, Wireless Networks, Website vulnerabilities • Malicious links, Mobile devices, Automated scans Security, it’s a way of thinking • Protect, Detect and Correct • Staying in the “know” when it comes to security. 3 AVG Confidential
  • 4. Top line statistics in Australia During 2012 • 5.4 million Australians fell victim to cyber crime • Estimated cost to the economy $1.65 billion • 250 Businesses surveyed found 1 in 5 were victims • No mandatory disclosure laws means the problem may well be much bigger 4 AVG Confidential
  • 5. Business - How vulnerable are you? Is your business MORE or LESS vulnerable than the business next door? 79% victims were targets of opportunity 96% attacks were not highly difficult 85% took two-weeks or more to discover Source: Verizon Data Breach Investigations Report 2012 5 AVG Confidential
  • 6. The solutions are NOT expensive 6 AVG Confidential
  • 7. Tonight is all about the easy wins 80% 20% 7 AVG Confidential
  • 8. Who would hack your business, and why?
  • 9. Motive & opportunity The ability for anyone to attack your business is always based on two factors: • How much they want to (their motive) • How easy it would be to do (their opportunity) When your business is connected to the Internet: • Motivations are magnified by currency exchange rates in poorer countries – something you don‟t value is worth much more. • Opportunity is provided through instant electronic connectivity anywhere in the world. Can be so tempting, that motivation sometimes is hard to identify! 9 AVG Confidential
  • 10. Types of attackers Targeted Attackers Garden Variety Cybercriminals 10 AVG Confidential
  • 11. Motives - Follow the money • Cybercriminals tend to “follow the money” • So, the types of attack are often predictable • • • • • Credit card data Private customer information Refund / returns policy Bank accounts Financial processes • Think about the money leaving the business… 11 AVG Confidential
  • 12. Example – Stealing POS transaction data • Lots of examples in the news… http://www.cio.com.au/article/436663/two_romanians_plead_guilty_point-of-sale_hacking/ 12 AVG Confidential
  • 13. Motives – Using your reputation • When money isn‟t available, you are the stepping stone • You could be related to the “real” target • So, the types of attack change slightly • • • • Installing links on your website to snare visitors Private Customer Information Phishing attacks using your e-mail Passing themselves off as your business • The damage to your reputation could last a life time 13 AVG Confidential
  • 15. Common types of attack How many involve the incorrect use of passwords? 5 out of 10 * Source: Verizon Data Breach Investigations Report 2012 15 AVG Confidential
  • 16. Malware / Trojans • Common varieties that cause general havoc (Fake antivirus, ransomware) • Retail / POS specific – “RAM Scrapers” (Designed to exflitrate transaction data) • Remote Control Trojan or Rootkit (Designed to remain hidden for future access) 16 AVG Confidential
  • 17. Hacking • When combined with custom written malware, this is highly-targeted and designed to avoid detection and remain in place for a long time. • In 2011, Verizon reported that 81% of incidents utilised some form of hacking. 17 AVG Confidential
  • 19. #1. Default passwords 1. The user manual says: “Step 1. Change the default password” 2. Far too common that these are not changed, or they‟re changed to someone else‟s “default” password (which is widely known) 19 AVG Confidential
  • 20. Passwords – Back to basics! What should we aim for in a password? • • Should be easy for you to remember Should be hard for someone else to guess (and “brute-force”) 20 AVG Confidential
  • 21. Passwords – World’s top 10 most used • • • • • 21 AVG Confidential 123456 123456789 Password 12345678 654321 • • • • • Password1 Password123 1234567 abc123 Qwerty
  • 22. Can someone guess your password? • Favourite football team? • Pet‟s name? • Family members? 22 AVG Confidential
  • 23. Rank these passwords in order of strength… 1. E56#av+Yb! 2. Password123 3. aaaaaAAAAA#####43 4. 123456 5. lucasjames 23 AVG Confidential MOST SECURE
  • 24. Why? Anatomy of a good password • • • • • • The password: aaaaaAAAAA#####43 It is 17 characters in length Contains upper and lowercase letters Contains numbers Contains the „#‟ symbol How many combinations? • • 24 AVG Confidential 72 combinations, 17 combinations long is 72^17 That‟s 37 thousand billion billion billion combinations!
  • 25. Password separation • Make new passwords for different accounts you access… • Start with your “base” password (aaaaaAAAAA#####43) • • • 25 aaaaaAAAAA#####43fb • • “Facebook” – you could take the letters “f” and “b” from Facebook and create a new password: aaaaaAAAAA#####43tr “Twitter” – you could take the letters “t” and “r” from Twitter and create another password: Mix it up! Be creative! And don‟t use these examples! AVG Confidential
  • 26. The golden rules of passwords • Never, never, ever give your password to someone else! • Absolute minimum of 15 characters • Use a combination of different characters • • • Upper and lowercase (a – z, A – Z) At least one numeral ( 0 – 9 ) At least one symbol ( !@#$%^&*()_+= ) • • 26 Password length is always better than randomness Must be easy for you to remember AVG Confidential
  • 27. #2. Your vulnerable website • Websites are being compromised too frequently, especially: • Wordpress, Joomla and others • Is your website password also used elsewhere? • Examples of impact to your business could be: • • • • • 27 Theft of credit card details if you have a shopping cart Stolen credentials can be used to access other systems Visitors to your website can be infected/snared into other scams Your website could be implicated in spam or phishing attacks Get your website updated or tested. AVG Confidential
  • 28. #3. Insecure wireless networks • • • 28 Wireless networks are convenient But poorly configured they represent a huge security risk! Data packets can be “sniffed” by nearby attackers AVG Confidential
  • 29. Secure your wireless networks • • • • 29 Amazing how many are insecure – including my GP! Never use “WEP”, always use “WPA” or “WPA2” Wireless password should be very long and NOT easy to remember (okay to write it down somewhere safe) When using public WiFi networks, it‟s always better to use password protected ones rather than “open” wireless networks – easy for criminals to “sniff” the traffic AVG Confidential
  • 30. #4. Incorrect internet banking • Many businesses I speak with are using “Consumer” grade Internet banking • • Not secured with two-factor authentication Sharing logins with bookkeepers etc. (no ability to separate permissions – i.e. who can transfer money?) • • General security when accessing Internet banking • • 30 SOLUTION: Talk to your bank! AVG Confidential Never from an unprotected computer – keyloggers etc. Always bookmark the Bank URL with https://…
  • 31. Internet banking – Two-factor authentication • • 31 Insist on “Two-factor” authentication for business Internet banking; either a security token (preferred) or an SMS response code. Contact your bank ASAP if you find anything unusual AVG Confidential
  • 32. #5. Phishing, spear phishing & whaling • • “Click here to see the details of your order” –> (login page) • 32 Sending of specially crafted e-mails to trick users into divulging sensitive information Does your e-mail use anti-spam to stop these? What about the ones that it won‟t stop? AVG Confidential
  • 34. Rogue scanners & fake antivirus 34 AVG Confidential
  • 35. Fake antivirus – Nag screens and pop-ups 35 AVG Confidential
  • 36. Ransomware – Your PC is blocked… “Australian Federal Police” labeled Ransomware – first appeared late September 2012 36 AVG Confidential
  • 37. Scams – Fake Telstra emails 37 AVG Confidential
  • 38. Scams – Fake Facebook emails * Received by AVG on 7 August 2012 38 AVG Confidential
  • 39. Social engineering – Getting you to click 39 AVG Confidential
  • 40. Big events – London 2012 games on YouTube 40 AVG Confidential
  • 41. Mobile security – Rogue apps • • Malicious functionality can communicate with remote servers, install additional malware, botnet functions • 41 Trojan-infected version of „Angry Birds Space‟ appeared in January 2012 Only download from official app stores AVG Confidential
  • 42. SMS scams & extortion attempts 42 AVG Confidential
  • 43. “Microsoft” acam – How the call starts • • …a Partner of Microsoft and Microsoft R&D, given information by your ISP that you are infected… • • …viruses being tracked back to your IP number… • 43 …Microsoft had told them of the failure and that your system was in danger of crashing… …My ID Number is XXX. We have been notified that your system is infected… …have been commissioned by Microsoft to help people remove malware from infected systems… AVG Confidential
  • 45. Mobile security - What are the risks? • • 45 AVG Confidential Physical loss of the device, still the biggest risk Infection from malware and possible fraud
  • 46. Mobile security – Physical risks • Device locks • • Can you locate your lost/stolen phone? • • 46 AVG Confidential PIN numbers and/or passwords “Find My iPhone/iPad” Android solutions as well
  • 47. Mobile Security - Protecting Mobile Data • What data do you have on your devices? • • • • 47 AVG Confidential Do an audit to find out! Classify your data and think about the consequences Does it need to be mobile? Device encryption available in latest mobile devices
  • 48. Mobile security - Preventing mobile malware • Use anti-malware on your mobile • Don‟t install apps from outside trusted marketplaces • • When installing apps always check permissions • 48 AVG Confidential Never, ever hack your phone • i.e. iPhone/iPad “Jailbreak” or Android “root” Limit/consider implications of clicking on links on a mobile device, especially via social networking sites
  • 50. Identify and classify your data • • • • Top secret (if obtained could shut your business down) • 50 Consider classifying all the data in your business into three areas: Your strategies around protecting your information will be much easier. AVG Confidential Classified (if obtained would cause embarrassment) Unclassified (everything else, brochures, publicly available)
  • 51. Summary • • • Use strong two-factor authentication whenever you can. • If you didn’t ask for it, don’t click the link. But if you do, make sure you‟ve got software to detect and correct. • 51 Change default passwords, and use strong and long passwords, and separate them. And communicate this advice to your colleagues and staff and even customers! You‟re only as secure as your weakest link. Always update your computers and mobile devices (use auto-update where possible). AVG Confidential
  • 52. Thank you! For more information please visit our website: www.avg.com.au/business facebook.com/avgaunz twitter.com/avgaunz resources.avg.com.au