2017 - Cibersecurity v1.0 (English version)

Rui Miguel FeioSharing knowledge with the world
Cybersecurity
Lisboa, Portugal (2017)

RUI MIGUEL FEIO
• Working with computers since 9 years old, back in 1984
• Worked for Citibank, IBM, Xerox
• Worked with many Blue Chip companies around the world
• Specialises in Cyber Security
• Experience in different systems(Mainframe, Linux, Windows, Unix,…)
• Works with RSM Partners as a Senior Technical Lead
• Gives lectures and presentations all over the world
Key facts:

The ”online world” is
worth trillions of British
Pounds and it’s being
targeted by the criminal
world.
But How Safe is It?
Almost every
business requires an
online presence
today
Online Presence
20
%
30
%
25
%
40
%
30
%
Contact people / institutions
Customers
Online Education
Social Media
Collaboration
E-commerce
Institutions
Increase Revenue
Security
Business Goals
World Wide Markets
New Ideas
Internet Search
YOUR BUSINESS ONLINE

VALUE OF ONLINE BUSINESS
* https://www.emarketer.com/Article/Worldwide-Retail-Ecommerce-Sales-Will-Reach-1915-Trillion-This-Year/1014369

CRIMINALS FROM THE PAST
Al Capone Pablo Escobar

CRIMINALS FROM THE PRESENT

01
HACKERS
The term hacker is used in popular
media to describe someone who
attempts to break into computer
systems. Typically, this kind of
hacker would be a proficient
programmer or engineer with
sufficient technical knowledge to
understand the weak points in a
security system.
02
CRIMINAL ORGS
Criminal activities carried out by
criminal organisations by means of
computers or the Internet.
03
HACKTIVISTS
Hacktivist is a person who gains
unauthorised access to computer
files or networks in order to further
social or political ends.
04
NATION STATES
The Nation State actor has a
'Licence to Hack'. They work for a
government to disrupt or
compromise target governments,
organisations or individuals to gain
access to valuable data or
intelligence, and can create
incidents that have international
significance.
05
CYBER TERRORISTS
A cyber-terrorist is a criminal who
uses computer technology and the
Internet, especially to cause fear
and disruption. Some cyber-
terrorists spread computer viruses,
and others threaten people,
organisations and nations
electronically.
‘ACTORS’ OF THE ONLINE THREATS

CYBER CRIME
• 80% of Hackers work with or are part of an organised crime
group *
• Traditional criminal organiSations have ‘opened’ cybercrime
divisions:
• Cosa Nostra (Italian Mafia)
• Japanese Yakuza
• Chinese Triads
• Russian Mafia
• Nigerian mobs
• Mexican cartels
• They have a “business oriented” mentality (Cybercrime Inc.)
* 2014 study by the Rand Corporation

TYPICAL BUSINESS ORGANISATION
CEO
CFO
Management
Sales People
CIO
Management
Researchers Developers Engineers QA Testers Tech Support
HR Director CMO
Management
Distributors Affiliates

“CYBERCRIME INC.” ORGANISATION
CEO
(Boss)
CFO
(Underboss)
Management
(Lieutenant)
Money Mules
(Soldiers &
Associates)
CIO (Underboss)
Management
(Lieutenant)
Researchers
(Soldiers)
Developers
(Soldiers)
Engineers
(Soldiers)
QA Testers
(Soldiers)
Tech Support
(Soldiers)
HR Director
(Underboss)
CMO (Underboss)
Management
(Lieutenant)
Distributors
(Soldiers)
Affiliates
(Associates)

Innovative Marketing Inc. (aka IMI)
• Founded by Sam Jain and Daniel Sundin (HQ in Ukraine)
• Developed scareware rogue security programs (WinFixer e
WinAntiVirus)
• Offices in 4 continents with hundreds of employees
• Support centres in Ohio, Argentina and India
• Marketed products under more than 1,000 different
brands and in 9 languages
• From 2002 to 2008 IMI generated hundreds of millions of
dollars in profit.
* https://www.wired.com/2011/09/mf_scareware/

Innovative Marketing Inc. (aka IMI)
Photograph taken in 2003
BJORN DANIEL SUNDIN
Wire Fraud; Conspiracy to Commit Computer Fraud; Computer Fraud
DESCRIPTION
Alias: David Sundin
Date(s) of Birth Used: August 7, 1978 Place of Birth: Sweden
Hair: Red Eyes: Hazel
Height: 5'10" Weight: 136 pounds
Sex: Male Race: White
Occupation: Internet Entrepreneur Nationality: Swedish
Languages: English, Swedish NCIC: W10511664
REWARD
The FBI is o6ering a reward of up to $20,000 for information leading to the arrest and conviction of Bjorn Daniel Sundin.
REMARKS

Carbanak Group (aka Anunak)
• “Found” early in 2015 by Kaspersky Lab
• Used an Advanced Persistent Threat (APT) campaign
targeting financial institutions
• Estimated $1 Billion US dollars have been stolen in an
attack against 100 banks and private customers
• Targeted primarily Russia, United States, Germany, China
and Ukraine
• Rumours of being associated with a computer security
company in Russia :
• https://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/
https://www.symantec.com/connect/blogs/carbanak-multi-million-dollar-cybercrime-gang-focuses-banks-rather-their-customers

COST OF CYBER CRIME IN THE UK
https://www.getsafeonline.org/news/fraud-cybercrime-cost-uk-nearly-11bn-in-past-year/

ONLINE SECURITY THREATS
Risks
Virus
X-Site
Scripting
Spoofing
Denial-of-Service attack is a cyber-attack
where the perpetrator seeks to make a
machine or network resource unavailable to
its intended users.
Malicious Software is a computer program
designed to infiltrate and damage computers
without the users consent. It’s the general term
covering all the different types of threats to your
computer such as viruses, spyware, worms,
trojans, rootkits and so on.
Virus is a program or piece of code that is loaded onto your
computer without your knowledge and runs against your wishes.
Phishing is the attempt to obtain sensitive information
such as usernames, passwords, and confidential data,
often for malicious reasons, by masquerading as a
trustworthy entity in an electronic communication.
Ransomware is a type of malicious software designed
to block access to a computer system until a sum of
money is paid.
Cross-site Scripting (XSS) refers to client-
side code injection attack wherein an
attacker can execute malicious scripts into a
legitimate website or web application.
Spoofing is the act of falsifying the origin of an
internet communication in order to mislead the
recipient. It's widely used to create bogus emails
or web pages in order to steal money, passwords
or banking credentials.

THE DARK WEB
Dark Web
Accessible only through special browsers like
TOR, that are designed for anonymity.
Website addresses are not in clear text (e.g.
http://3g2upl4pq6kufc4m.onion)
You can get access to drugs, weapons, illegal
information, hacking tools, hackers, criminals,
credit cards details, private confidential data,
login credentials, etc.
Internet
The visible internet that we see when
we browse. E.g. Google, Facebook,
BBC, company websites, etc.

CRYPTO CURRENCIES HELP CYBER CRIME

HACKING-AS-A-SERVICE
http://5eme2auqilcux2wq.onion/

HACKING-AS-A-SERVICE
http://hacker4hhjvre2qj.onion/

AVAILABLE TOOLS
SOFTWARE HARDWARE

AVAILABLE TOOLS
TRAINING AND TUTORIALS BOOKS AND ARTICLES

INTERESTING FACTS
• Approximately 3.2 billion people use the internet
• 30.000 web sites are hacked every day
• Approximately 204 million emails are sent every minute and 70% of them are spam
• The majority of internet traffic is not generated by humans, but by bots and
malware. According to a recent study conducted by Incapsula, 61.5% or nearly two-
thirds of all the website traffic is caused by Internet bots
* https://fossbytes.com/10-interesting-facts-internet-really-need-know/

THE VALUE OF DATA
• How much do you value your privacy?
• How about your friends and family’s privacy?
• What do you think could happen if your data was misused?
• Have you ever searched or visited an online website that you
would rather like to keep it a ‘secret’?
• Criminal organisations and hackers aim to access private and
confidential data
• But legitimate companies are also targeting for private
data…

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
DATA BREACHES ARE FREQUENT

The data breach cost per record
is in average of $154 (USD)
world wide. In the UK, the
average cost per record is of
$159 (USD) / £128 (GBP).
$154
COST PER RECORD
The most targeted sector by
attackers was the Healthcare,
followed by Education, Financial,
Services, Life Science, Retail,
Communications, Industrial,
Energy and Technology.
HEALTH
TARGETED SECTOR
The global average number of
breached records was 23,834. In
the UK, the average number was
of 22,759 breached records.
23,834
RECORDS BREACHED
Globally, malicious or criminal
attacks accounted for 48% of the
root cause of the data breach,
followed by 27% for system glitch
and 25% for human error. In the
UK these numbers were 51%, 24%,
and 25% respectively.
48%
ROOT CAUSE
2016 RESEARCH
* Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC June 2016

VALUE OF DATA TO HACKERS
• Allows for identity theft
• Blackmail:
• Financial gaining
• Access to private data
• Access to systems
• Access to privileged information that could lead to compromise
or access the data of another person or entity
• Selling of the data to third parties (including legitimate
companies)

VALUE OF DATA TO COMPANIES
• Have you ever wondered why Facebook or Google are worth billions of US dollars?
• A study published by the Wall Street Journal on Facebook:
• Each long-term user is worth $80.95
• Each friendship is worth $0.62
• Your profile page is worth $1,800
• A business page and associated ad revenues are worth $3.1 million
• Google in the other hand:
• Processes around 24 Petabytes of data each day
• Produces ”online profiles” of its users
• The data is then stored and sold for publicity

EVERYONE WANTS DATA
• Data broker company Acxiom Corporation:
• Has more than 23,000 servers
• These servers collect, collate and analyse more than 50 trillion unique data transactions per year
• 96% of American households are in its databases
• Has more than 700 million user profiles from around the world
• Each profile has more than 1,500 specific traits
• One quote stated ‘This is the age of the stalker economy’…

THE IMPORTANCE OF AN EMAIL

https://www.wired.com/2016/12/yahoo-hack-billion-users/
• According to Yahoo the data included:
• Names
• Email addresses
• Contacts
• Date of Birth details
• Hashed passwords
• A mix of questions and answers encrypted and not
encrypted
• Also, according to Yahoo, the data did not include:
• Unencrypted passwords
• Credit card details
• Bank account details
• Are we to trust what Yahoo says?...

http://www.fraud-magazine.com/article.aspx?id=4294987206

SYSTEM Z – IBM’S MAINFRAME
• There’s this idea that the mainframe is an old and obsolete
technology
• IBM keeps releasing new mainframes every few years.
Recently they have released the z13 that cost IBM more than
US $1 billion in R&D
• Who uses the mainframe?
• 96 of the 100 largest banks in the world
• 23 of the 25 largest retail companies in the US
• 9 of the 10 largest insurance companies in the world
• Government agencies
• Military
• Universities

MAINFRAME – THE CROWN JEWELS
• The mainframe processes and stores larges volumes of
data
• It’s considered the most secure platform in the world
that cannot be hacked
• As such, it does not require big investments in
security…
• Unfortunately, it’s not quite so. The truth is:
• The mainframe is a platform that is highly
securable but not secured by default. Investment
and resources are required to secure it

HACKING THE MAINFRAME

INTERNET OF THINGS
IoT
Manufacturers of the IoT
devies are under
pressure to release new
gadgets with new
functionalities to an ever
more demanding
customer. However,
security is not greatly
taken in consideration
which creates security
risks to individuals,
organisations and
governments.
Security Risk
There are currently
6.4 billion IoT
devices connected to
the internet. It’s
estimated that by
2020, there will be
20 to 50 billion IoT
devices connected to
the internet.
Internet of Things

MOBILITY
• Mobile devices are moving targets
• Most mobile devices are easy to hack
and compromise
• Mobile devices may contain private
and business data
• Hackers ‘love’ mobile devices
• If compromised, they can become entry
points to your home or business IT
network
The Downside
• Being able to access data and do
business wherever you are is a major
advantage and a requirement in the
modern world.
Mobility is Good
• Old devices
• Operating system not up-to-date
• Apps can leak and collect personal
data
• Connected to ‘dubious’ free WiFi spots
• Devices not protected with access
credentials
Risks and Threats

THERE ARE NO
PERFECT SYSTEMS

WHAT’S THE SOLUTION?

CYBERSECURITY MUST BE
A PRIORITY AND TAKEN
SERIOUSLY

SOLUTION
• More legislation and regulation is required. For example: General Data
Protection Regulation (GDPR).
• https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
• Investment is a must!
• Hire experient and qualified staff
• Training and education
• Review the IT systems, processes and procedures
• Regularly implement:
• Penetration tests
• Security audits
• Vulnerability scanning
• Data classification
• Recertification

BUT WE ALSO NEED
• Companies, governments and individuals need to change their mindset
and attitude in regards to security risks and threats:
• It’s important to keep the systems updated
• Question the origin of documents, links, emails, etc
• Be aware and mindful of the data they share online
• Default userids/passwords
• Security must be always in your mind!
• Security is not only at work
• Think about the IoT devices
• Don’t forget security at home
• Remember:
• Free can be very expensive!
• Blind trust can be fatal!

ON A BUSINESS TRIP

ON A LARGE CLIENT

BE PROACTIVEBE AWAREBE MINDFUL
THREE Bs TO BE SECUREDThese are the 3 Bs to help you be secured in the cyber world. Be mindful of what you do; always question if you
should click on a link, on an option, if you should open a document, the source of the document or email. Be aware
of the security risks; keep informed, ask questions. Don’t put yourself and your business at risk. Be proactive. Don’t
wait until your systems are compromised. Keep them up-to-date with the latest versions of the operating system,
and software. Apply the security fixes. Have a firewall and an anti-virus and keep them updated. Ask for professional,
experienced help. In the long run this can save you a lot of money!!
WHAT TO DO

CONTACTS
ruif@rmfconsulting.com
+44 (0)7570 911459
+351 96 2211 564
www.RuiFeio.com
t
f g
l
EMAIL + CONTACTS SOCIAL MEDIA (for the latest news on Cybersecurity)
twitter.com/rfeio
facebook.com/RuiMiguelFeio
linkedin.com/in/rfeio
google.com/+RuiMiguelFeio

2017 - Cibersecurity v1.0 (English version)

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie 2017 - Cibersecurity v1.0 (English version)

Ähnlich wie 2017 - Cibersecurity v1.0 (English version) (20)

Mehr von Rui Miguel Feio

Mehr von Rui Miguel Feio (17)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

2017 - Cibersecurity v1.0 (English version)