Industry sign banking minnesota presentation computer
hi there I hear this last guy is great so I know you took a line drive and through snow and I'll cat the horrible weather anyway so my name is Bob Weiss and I guess I'm going to enjoy this for myself on the next slide but subject we're going to talk about four in a couple minutes our cyber threats that happen to small business you might think you're too small to be a target I love using that phrase because of course we are all thinking about that target right it might too small to be like target no you're not okay you are not now I've got some really great scary stories here to tell you about it so I'm currently working at computer integration technologies an 85 person integrated IT services firm we provide computer stuff whatever you need in it to small businesses from two to two thousand employees all across minute the twin cities in central Minnesota I am a certified ethical hacker you got to keep aware of that little ethical part in the middle there is it sounds but I was getting myself when I say that I'm currently working on another security certification called the cissp which is really too hard remember what Diana what it means but I'm the middle of that one I've been a cybersecurity blogger for about seven years at wiseguys cyber security com I own my own business wise guys computer and network support for like 15 years and foolishly went to work and for Peyton point out just kidding been a great transitional will audit and ever think I'd go back to work for you know like a real company like doing when I was doing but anyway wise guys is the nice guys of me figure out why in a minute if you haven't already and wise guys cyber security com I also featured on the CIT company website they keep telling me they want to blog me more often but I blogged three times a week and I haven't picked up on my frequency yet so I'm still you can find me there anyway let's talk about what's happening out there small businesses are in the crosshairs they're being targeted by cybercriminals why because they have more money in the bank than grandma grandma is an easy mark you know get phone calls all the time grandma however from Microsoft we've detected terrible lot of happening to your computer and they trick gramma into signing up for a $300 worthless support contract and God knows what else they do with but you know businesses are fatter they have money in the bank they have less security than larger enterprise-class businesses in fact you've got yourself a nice little ten-year-old sonicwall grinding away on the rack back there and server closet do you think you have and you think that's good enough for you especially if its technical employers have little in our training about cybersecurity and they're easy to exploit you need to plan to be attacked because you will be hacked if you haven't been a little bit and you may be hacked now and not going most of the malware exploits are written to run quietly behind the scenes not doing too much dangerous until they've managed to make money on the deal okay you may be informed of your hack by your best customer like target got to inform little HVAC contractor who provided network access to the cyber criminals on that one a bad day to be that guy you may be informed by your credit card processor which usually means they're going to jack up your rates heartland wrong here somewhere right yeah you may hear from your bank or it might be a government regulator if you're in a regulated industry we may be getting a little knock on the door phone HIPAA or whoever you will be fine you may be sued you might end up in the news and you need to be prepared for those things when you know kare 11 shows up outside your building you need to have something to say there so go back to wherever you go to after a meeting like this and write that safe okay they'll be there if you really care hire a media person to write a statement but practice it a few times because it's gumby's you know you're going to look at me my mother my sonicwall it was working fine a minute ago that's not a good answer criminal groups started moving to the web about 2004 I mean they were certainly there before but let's just say that organized criminal groups who held up banks by running into a bank with masks and guns have moved on two kinds of crimes where they don't need guns and they don't need to worry about being shot this is a step up for them cyber crime is popular because it's very lucrative last year yeah I mean this is a guesstimate but like 10 billion dollar underground economy cyber time last year 10 billion dollars okay I can teach one of you which one you have to be a little smarter to make ridiculous amounts of money with a simple ex-wife okay and then you and I can retire to Brazil no extradition okay and really good thing no we're not doing that most computer exploits are about the money not all every now and again some group like anonymous is going in for political or social economic reasons or what have you but mostly it's about money most malware and malware is a malicious software we're not talking about viruses anymore we're talking about a really well written code to do something just like Microsoft Word does something right well malware is designed to do something and usually it's making money somewhere along the line these are typically larger and sophisticated aberrations they may be hiring college trained computer professionals they certainly have a talent people working for them although today i read a little headline and had a chance to read the article but i do a lot of reading on the subject and they're having trouble finding skilled talent just like we are in the cybersecurity world they're fourteen percent negative unemployment for cyber security professionals like me in other words they're fourteen percent of the jobs remain unfilled because there's nobody to take them okay so if you got kids here in college if don't know what to do I'm cold there's a huge and thriving underground market place I would call the dark web because it's scary but it's part of the internet it's just not part that Google searches because they're hiding out but it's you know that's never I can show you how to get there you don't want to go there they're not very kind to new people they will pants you remember those bad kids at school they're online now wait and enhance you there okay to type attack vectors this is why printer defenses you can't not have from inner defenses anybody here not lock their door at home a lot all we've got to double key devil thinking upgrading to something a little fancier we got time well you're not going to do away with that ten-year-old sonicwall other than maybe to upgrade it to something they're not coming in that way they're sending an email with clickable links or with an attachment that when you open it install some kind of little software program the software program that gets installed off these emails is typically nothing more than a remote access program that sends out a little beacon to the bad guys that I'm here and they can connect back later on they can connect back later on through your firewall because they'll probably come back on the same fort that the web works on port 80 can't block port 80 because everybody needs to camp blackboard on 10 because they were going into email and so they use the ports that firewalls can't block because we need them open okay the other distribution system sometimes used in conjunction with email our website it might be a website they built so that your clickable link goes to their website that may be a website that actually is a legitimate website that they hacked and now they've installed code on the homepage so that when you get there to start review.com happen to know a few years ago not a bit but you know that the malware is downloaded while you're reading something on that page okay sometimes don't hack somebody site and build their own spoofed or its own pages so that you get an email looks like it's from fedex SS holy crap my package was destroyed click here to fill in a form and get your package replaced and you click there and you go to a very realistic-looking fedex page and give out all kinds of personal information that they let your cell or use the hacking and some others flow ok so it's email and web sites and mostly email about ninety-five percent of exploits start as an email in your inbox so if you're one of those people I can't resist clicking on links and opening attachments resist for God's sake you can check you can call the person who sent you the link and say what's this all about if they say I never sent you an email you know that you're being spoofed right question yes you didn't get an email yup and there is no link you don't know who it's from and you click on it can they still get into your system I'm thinking it is a layering yeah what you're asking is can I get infected just by opening my email yes and the answer is yes but that's not usually how they do it that kind of code writing is really really tough and doesn't send me those that if they're not trying to do that well they may just be spamming spamming is another sort of like tenuous underground economy where we're just advertising and hoping that people will buy something and that something maybe not genuine Gucci bags but made in China and knock out gucci bags you know I mean you'd have to send me the email id explain it you know take a card forward all your crap to me I'll tell you what it's about other than I've got it's okay and I'm not really joking i love that stuff okay i mean if it gets accessible talk while we talked about this so off we go yeah so for top targets I've got you know much longer material didn't have time so we're just going to talk about four top ones there are other things that they can do the list is quite long it's very interesting how you make money by being a criminal on well lots of ways but for top targets your email account your website your stuff your electus data on your computer has valuable all data can be sold no matter how stupid you think it is somebody will pay for it your banking analyst you okay with the right kind of software will tell me when you log on to your banking website so i can remote in and join your session this will defeat two-factor authentication because i'm just joining a session you completed with your two-factor authentication device and i'll watch you do your Lord transaction and when you're gone on to one for myself and you may not find out for a day or two and then the meanwhile out bounced it through about three other banks and it's gone okay email account what happens if you lose control of your email account well they used to change a password and use it for spam but not what they do is they leave it alone and they learn and they read your mail they read what you get and they read what you write where is the written stuff in the sent file so i can read all the email you something but i'm going to know every damn thing there is to know about you and then i'm going to design an exploit that is so realistic that you'll bite i'm going to send you an invoice from your own vendor with their logo and trade dress because why because i got one that i took off an email a PDF i'm gonna copy it and i'm going to change one little thing i'm going to change the bank information or they can intercept payments that you're making or payments that are being made to your company thinking watch you send out an invoice and then send an email to that customer sample by the way we change our bank the new routing number is this until they're like 60 days past due you're not going to buy your customer right and say hey what the heck hurry in and then put me paid you right away well am I in so long it's probably not even money in website okay why would I want your website if I can feel your website administrator credentials or buy them on the blog web I can login to your website as an administrator and add my own code I can create my own pages or I can bet embed act of coding a website that will install malicious software on people who visit my site I can go into the database there and steal any user customer credit card any kind of information that's in the database icandy face the site when i'm gone i'm going to put down in any boo boo you big dodo right I can use the site for a fishing exploit where I send an email off to other people and then click on a link and do something silly well create a page that's in your site structure doesn't have a link from your site it's actually sort of stand-alone like a landing page you might use for advertisement anybody know or you know almost replica pages and malware download data theft of data all data has value all that crap that's on your hard drive that you're wishing you didn't have so much of but they keep making the hard drive so cheap it's really hard to throw anything away because you can keep like 80 terabytes of personal information for a buck that's my phone 89 user credentials so usernames and passwords for anything have value but if it's for your Amazon and oh sweet Mother of mercy I can go shopping what can't not you buy on Amazon I mean the on like a lot of them and if you buy iPads in the united states for free because you know someone else is going to pay for them and ship them the China you can sell them for three times more money over there employed at a customer damn patient dad financial dad proprietary information trade secrets right the secret formula for coal / Kentucky Fried Chicken so how much is it worth when I'm going to spend a lot of time you know just soak it up with your eyeballs but paypal ebay account credentials 300 bucks medical records fifty bucks credit card you asked four bucks how come so much because of European credit cards have had to chip forever they're harder to you know they're worth more Social Security 250 bucks bank account information let's say I get your bank account information but I don't really want to rob your bank because that would be criminal I can sell that information to a real criminal kind of hands off for six percent of the compound so it makes what does that make me a little criminal I don't know it's good so don't give me that I don't want to be tempted ok BAC gmail account 50 bucks email accounts worth more in a quicker because I can know you had a very deep level by looking in your email cryptolocker this is the one where you get the little pop-up that says we've encrypted all your files for safety and please send us three thousand dollars and won't decrypt them Graham what's really great about that group that does the cryptolocker stuff okay so encryption this is a standard technology that many of us ought to start using to protect our own data okay so the bad guys protect it for us we've been protection racket anybody earlier with the protection racket okay so they protect it for you and then they'll send you a decryption key which is a very long string of gobbledygook and now magically unencrypted your file what's up of course everybody in the room here is going and how does that work they have tagged support they have tech support people that will help you recover your files a hospital in highwood California recently paid seventeen thousand dollars to get the key why because it was quicker than restoring from backups and they were desperately in need of giving things best so they've hid they hid the money they paid the money I said you know is it right to do that in some cases you don't have a truck if you don't have good backups that weren't affected by the thing if you have no choice but to pay the money or start over no amount of secret hackery stuff and hope that nobody is going to break that key in your lifetime bank account so there are special banking malware exploits called banking Trojan horses or Zeus never quest direwolf these are wonderful names direwolf timba that's a what's that like some cute little cartoon character in the dead 10 but I don't know this includes a remote access tool which lets me remote into your bank an alert function a keylogger a keylogger is a piece of software that keeps track of what you type and either sends a file automatically that can later be scanned by software and pull out the cool bits or yo
know might be sent on demand and then a database of being URLs all the banking websites on the planet come in this little tool when you type WWE Bank calm the keylogger talks to the database and says we gotta match their looks like we're banking and embed database goes yep got a match and the alerter says wow what the heck and sends a message off to the bad guys who remote access tool to join your session and help them tell us cure money it's the way that works it's really really slick and I know I shouldn't sound so enthusiastic this is really great kolob rating it's awesome so let's talk about cases 15 employee fuel distribution company monthly payroll thirty thousand dollars you've gained access to bank colonies and compromise password bankhead recently made changes to its security process to make online banking easier easier is not good okay it's like taking your door off so it's easier to go in and out easier not bad insurance covered only a portion California escrow company loses 1.5 million dollars and this is shame on the bank for this 19 person company three electronic transfers of above 500 k appease going to China two times and russia wants this is an escrow company they're holding real estate escrow funds this money should not be leaving the country okay one in december and two in january i'm going to accept that the one in december was a surprise but who the heck decided it was a good idea to let these two out the banker should be taken out in the parking lot and shot maybe not dead but in the way they provided two-factor authentication but it was broken and all this company had never transferred funds overseas the bank denied question once even on the second to company was put in receivership by regulators in California who don't like it when an escrow company loses had money construction company loses 500 ka same story again I don't think I'll go through all the details you guys can read faster and I can talk and we'll run a lot of time but you know here we go this is 27 fun transfer so it's not one big transfer is 27 little bitty transmission all over the place lots of different beings large the money through some in different bangs Slovenian gang target small business spoofed email sent to look like it came from a bank or a tax authority you know you get something from the Minnesota Department of Revenue you get a little like cringe rate got to go to a bathroom right now and you whack on them quick how did not click on that link and then you know so please watch from I'm banking saving two and a half million dollars and this one's a target horrify geomechanical okay so this is how it works we don't know exactly but it's really really sure it was an email and I might have been an email like this came from target nice little target which of course I copied off the target website and glued onto my faking it takes like about three seconds I can show you and says we're that target IT department and we know you have network access and we're trying to put this all together some sort of management database and could you send us are your user ID and password for your network access and then its from Target your biggest customer how did the criminals know that Fazio was doing business with target well I'm Fazio's website where they're talking about what a great Trudy they're our best customer is targeted so you do a little research on the web you go looking around and go target I want to get into target and sear cause some serious harm so you do a Google search on target and target corporation Target store target whatever and eventually he comes for a website for fazio mechanical and there's a lil brag and you go whoop Dee diddle they probably found a whole bunch of braggers and sent the email to a whole bunch of different likely victims and fazio they were the first to bite on the fishing so anyway got to be careful about that Friday Linden voice game this one's really cool CEO sends an email CEO is out of town he went to China he's looking at manufacturing facilities this is real and the criminals know this because there have been living in the CEOs inbox for months and so they send an email from the CEOs email account to the c-fos and send me two million dollars I'm buying something over here here's the bank routing information this is like huge right now and it's worked at the great so if I was going to pick any of these scams for my personal favorite one to do before I go to Brazil it'd be this one boom because it's really slick and it's not so how do you defend against something like this you pick up the freaking phone and you call the CEO and you say two million dollars any goes what well you want with two million dollars I don't want to and it's over do you send them a reply by email no cuz the bad guys are reading the email i know some one man says what did I tell you put the head you want to be fired or you want to send me two million dollars and you'll just send them for called put and there was another one that we're in tax season so there's all kinds of like taxi scams out there one of the one that I just read about is that the CEO is sending an email to the HR departments and could you send me everybody's w2's at seagate just got hit by that can you send me everybody's deputy tues and then they can go and of course do tax filing fraud get the big be fun before you get your taxes done best thing you can do with your income tax by the way is file final quick because these guys are right on here you know you don't want to be the last one over to finish line okay so where can you go on a little bit more energizing for the brand here CIT cyber security services I started up here with cyber security awareness training because we can do presentations like this that are much longer and much more boring okay not the blind part but we can do presentations like this for your staff and help them understand what they're up against awareness is important because the front has moved to the inbox and Jane back there and my little flyer is your worst enemy go take a look it's kind of cute should have a picture right here Jane yeah they're yeah thank you moving cute little pigtails yeah and you know the captain you know is that so security audits occasionally you will be required to have one pci compliance which is doing credit cards comes up annually we help people with the big lawn tools using questionnaire where they ask questions you don't even know what the words be pretty sure this is English I think well I've done I've done more in a few of them so you know we'll get that done then we can do the network assessment stuff too although usually that's provided and we can help remediate any shortcomings or deficiencies so that you are in compliant vulnerability assessments in the wake of the target breach we started to see companies coming to us as said my biggest most important customer wants me to provide a network assessment they want me to provide a network assessment because we talk over the internet and I'm going to be sure that I'm not Fazio mechanical can you help me with that yes so if you get that big scary letter is a really big problem is that you're going to get six of them in about two months time you can't pay for that open over again so you need it done one so documented so as you can just say yeah we did it thanks for asking we've been proactive we're like super tool I got a cave you know from the guy he's wonderful penetration testing penetration testing can happen on computers and networks and saw from what have you this is where we go crazy on your stuff like the bad guys would to see what we can find out about what's soft we want do an online reconnaissance thing where we look to see how much information is about you in public and I'll do all sorts of sneaky stuff like try to sneak in the front row a shirt and a tool belt can I get to the server room we got a problem back there came with some stuff I gotta put some alligator clips and rotate that day bag there are things are going to start burning computer forensics every now and again you want to figure out who did what to who we have the ability to go in and at least take a look at the box of transfer now and then Incident Response management okay remember I said you should plan to be hacked and have like be prepared this is what we're talking about we'll put all that good stuff together it's as part of your dr you know business continuity and disaster recovery and stuff this is just another piece of that some of the services we can offer we have a product called zix which provides an encrypted email so you can you know if you're like a lawyer or medical or whatever this is the way you should be communicating with the world let's get it going to encrypt it we data backup and recovery solutions is that really security it is when you lose it you should have three copies should they have the original copy you should have a local backup copy on some sort of a hard drive that you can access it like this and then you should have another copy in the cloud somewhere that you can't access so that if things go really bad like the tornado comes through you can go get your dad computer use and cyber security policy development business continuity disaster incident response planning talk about that one additional thing I've done in training a week on a new product that we're taking into our managed services portfolio called alienvault you can check them out on the web okay so people are sneaking onto your network what you're going to do about it you need to monitor what's going on in there and you're not going to do that with a person you're going to do that with software so this is a very very robust software based tool set that allows us to watch everything that's going on in your network and detect weird stuff when its young because the way it happens is you get the remote access piece and it might be a few days or a week or a couple of months before they come back to do more we want to get the early stuff we want to get the little hello I'm ready that's going off to Belarus because traffic from YouTube Belarus would be and we can see that later you've gotten died the new battery but anyway we can fix it while it's still kind of not a problem before kare 11 news okay or you can call kare 11 and say we shot it and I got it right here if you want to take a picture anyway we're going to be lurking about the rest of you I want to dash away it as quick as possible without trading business cards with anybody but you should write that is welcome to stay and you got the room paid for already it's all on that I've got a business card back there you can take a picture with Jane and then see who matches go wrong I'm dusting off and then you know you can give me a call and we can talk about this stuff for like hours so it got to be really careful but anyway there we have thank you so much for coming