Cyber Security and Michigan Businesses February 7, 2019 Agenda US - - PowerPoint PPT Presentation

Cyber Security and Michigan Businesses

February 7, 2019

Agenda

• US Secret Service
• Jordan Johnston
• Special Agent with Detroit Field Office – Fraud & Cybercrimes Division
• Member of Electronic Crimes Taskforce
• Member of Dark Web Taskforce with Homeland Security Investigations
• Member of Cryptocurrency Taskforce with the FBI
• MIMECAST
• Rob Harvey
• Commercial Account Manager
• CloudSAFE
• Michael Butz Sr.
• Founder and CEO

U.S. Department of Homeland Security

United States Secret Service

Jordan Johnston Special Agent U.S. Secret Service Detroit Field Office

Current Cybercrime Trends Impacting our Financial Infrastructure and Your Financial Future

U.S. Department of Homeland Security

United States Secret Service

“The mission of the United States Secret Service is to safeguard the nation’s financial infrastructure and payment systems to preserve the integrity of the economy, and To protect national leaders, visiting heads of government, designated sites and National Special Security Events.”

MISSION STATEMENT

U.S. Department of Homeland Security

United States Secret Service

Financial Crime Investigations:

▪ Identity Theft ▪ Access Device Fraud ▪ Network Intrusions

U.S. Department of Homeland Security

United States Secret Service

Magnitude

• 2016-

Received 298,728 cyber crime and fraud complaints Reported losses in excess of $1.4 billion BEC was the #1 cause of loss BEC global exposure, 2013-2016: Over $5 billion (reported) $5,302,890,449 Number of victims: 40,203 (the math)--$131,902.85/victim BEC from January 2016 - June 2017: Attempted $222.9 million Returned/Frozen $74,831,206 (34%) Unrecovered $148.1 million(66%)

U.S. Department of Homeland Security

United States Secret Service

PII (personally identifiable information) – any data that either on its

• wn or used with other information could potentially identify a

specific individual, e.g., name, SSN, DL, and DOB.

Identity Theft

U.S. Department of Homeland Security

United States Secret Service

More sophisticated ways to obtain PII: ▪Network Intrusions ▪Dating schemes ▪Employment schemes ▪Recycling storage media ▪“Geotagging” – BEWARE!

U.S. Department of Homeland Security

United States Secret Service

Very basic uses for PII:

▪Obtain credit in the victim’s name to… ▪Purchase jewelry, electronics, stored-value cards ▪Obtain utilities – cable TV, Internet ▪Purchase/Lease automobiles ▪Savings/Checking Account Takeovers

U.S. Department of Homeland Security

United States Secret Service

Additional ways to obtain account numbers

▪Phishing ▪Network Intrusions / Data Breaches ▪Collusive employees ▪Malware, Trojans, Worms

U.S. Department of Homeland Security

United States Secret Service

“Dumped” Card Information is Transmitted Overseas and Sold

• n the Internet – Carding Portals

U.S. Department of Homeland Security

United States Secret Service

Retail Threat Vectors

Sophisticated Botnets Point of Sale Malware Fraudulent Payment Methods Business Email Compromise Distributed Denial of Service Mobile Payment

U.S. Department of Homeland Security

United States Secret Service

Point Of Sale Network Intrusions

• Infiltration

(malware/keyloggers/sniffers)

• Aggregation
• Exfiltration (email accts/servers ?….)

Data Flow

U.S. Department of Homeland Security

United States Secret Service

Network Intrusion Commonalities

• Using the same admin password since installation
• Failure to use/update AV software
• POS system configured for remote management without two-factor

authentication login

• Computers in the PCI environment used to browse internet, play

games, and check Facebook

• Not changing default manufacturer passwords EVER
• Running devices on administrator account

U.S. Department of Homeland Security

United States Secret Service

Business Email Compromise (BEC) Email Account Compromise (EAC)

U.S. Department of Homeland Security

United States Secret Service

• Sophisticated scam targeting businesses working with foreign

suppliers and/or businesses that regularly perform wire transfer payments

• BOTH suppliers and their customers are victims of this scam
• Targets CFO, CTO, or some high-ranking executive
• Compromise via social engineering or computer intrusion

techniques

What is a Business Email Compromise?

• Formerly known as the man-in-the-email

scam, the BEC was renamed to focus on the business angle of this scam

U.S. Department of Homeland Security

United States Secret Service

Business Email Compromise

The Process

1. Vector is stolen credentials and/or malware, or email from a spoofed or similar domain 2. Compromised systems monitored and/or files scanned for invoices/accounts payable 3. Snooping or surveillance conducted on executives and/or their staff 4. Impersonation of executives executed by way of email, voice, call-forwarding, and/or fax

U.S. Department of Homeland Security

United States Secret Service

“Money Mule” Facilitation

“Money Mule”—A witting or unwitting individual directed to open bank accounts to receive fraudulent money transfers, and then transfer funds to other (fraudulent) bank accounts

U.S. Department of Homeland Security

United States Secret Service

Often acquired online through social engineering and fake job postings on:

• Social Media
• Legitimate job boards
• Fake job boards
• Radio advertising
• Romance scams on dating sites
• Other social engineering

—Money Mules are a Challenge—

• They are not routinely held accountable in criminal and/or civil action
• Bank accounts can be closed, but funds are often returned to mules
• Many mules do not realize they are breaking the law

“Money Mule” Facilitation

U.S. Department of Homeland Security

United States Secret Service

Phishing Spear Phishing Whaling

U.S. Department of Homeland Security

United States Secret Service

Ransomware

U.S. Department of Homeland Security

United States Secret Service

Example

U.S. Department of Homeland Security

United States Secret Service

▪ Southern University contracted with a company for construction work at the university. ▪ D.M., the Assistant Director of Payment Services for Southern University, received an email directing him to change Company’s ACH payment account ▪ Email extension read “accts.receivable@companyinc.com” ▪ The email extension for (actual) Company should be “@company.com”

Example

U.S. Department of Homeland Security

United States Secret Service

▪ Attached to the fraudulent email was a blank Citibank check purportedly from Company Inc.—with a routing number, account number, and check number—and an Authorization Agreement for Automatic Deposit of Vendor Checks purportedly from “Company Inc.” and signed by a person purportedly named “Tim Stallings.” ▪ The next day, Southern University made three payments via wire transfer, totaling $1.3 million, to “Company Inc.” ▪ (Actual) Company Inc. never received payment from Southern University. ▪ Investigators reviewed the fraudulent account and discovered a $20,000 wire transfer into the bank account of “West Coast Designs,” belonging to Linda Lee.

Example

continued

U.S. Department of Homeland Security

United States Secret Service

▪ Linda Lee explains she co-owns the business with her fiancée, Dennis Rand, whom she has never met. Rand directed Lee to open three bank accounts. ▪ Lee states business is booming, with a recent $1.3 million design deal in Texas. ▪ Lee states Rand asked her to occasionally move money from one account into another. ▪ Investigators explained to Lee the $1.3 million was illegally obtained from Southern University, not a design deal. ▪ Lee agreed to forfeit the remaining money in the account and provided a detailed ledger of account activity. ▪ Investigators tracked the funds transferred Southern University's transaction to an account owned by Sam Smith.

Example

continued

U.S. Department of Homeland Security

United States Secret Service

The Rapid Growth of Cybercrime

U.S. Department of Homeland Security

United States Secret Service

Hacking Made Easy

U.S. Department of Homeland Security

United States Secret Service

Personal Information is Cheap

U.S. Department of Homeland Security

United States Secret Service

Experian.com/small business/mailing lists InfoUSA.com DatabaseUSA.com ReferYes.com Dark Web Marketplaces eGrabber.com—“Capture leads & prospects from any webpage, find & add any missing field (email/phone/...), update, de-dupe, merge & segment any prospect list”

Target Lists are Free

U.S. Department of Homeland Security

United States Secret Service

Prevention

• Do not click unknown attachments
• Select computer settings to view entire link extension
• Verify any requests for:

– Change in payment type or location – Speedy or secret transfers

• Be wary of free web-based e-mail accounts
• Multiple-factor authentication
• Use “forward” instead of “reply to”
• Awareness training of front-line employees

U.S. Department of Homeland Security

United States Secret Service

Revisit Policies and Procedures

• Ensure policies provide for verification of any changes to:

– Existing invoices – Bank deposit information and/or contact information

• Contact requestors via telephone before complying with

email requests for payments or personnel records transfers

• Consider requiring two parties sign off on payments

U.S. Department of Homeland Security

United States Secret Service

IT Security and Staff

• Allow IT staff to attend conferences and training to stay

current with industry trends

• Consider penetration testing services
• If IT needs are outsourced, ask your provider how they

are protecting your organization from cyber attacks

U.S. Department of Homeland Security

United States Secret Service

Social Media

• Posting business/vacation travel of company staff

could let BEC/EAC scammers know when executives are out-of-reach

• Social media can provide scammers with information

about friends, family, and business deals

U.S. Department of Homeland Security

United States Secret Service

Information Technology Safety

• Patch and update immediately
• Use Antivirus and AntiSpyWare
• Consider establishing a stand-alone network for

employees to use for personal email and web activity

U.S. Department of Homeland Security

United States Secret Service

Email Tips

• If you suspect suspicious activity with your email:

– Immediately change your password and log out of all – Check for new “rules” within your account

• Look for Webmail that monitors logins to your account

and provides you the ability to log out others

U.S. Department of Homeland Security

United States Secret Service

Password Discipline

• Use long passwords
• Don’t re-use passwords for more than one

account

• Consider changing passwords frequently
• Consider using a password manager

U.S. Department of Homeland Security

United States Secret Service

Additional Resources

Internet Crime Complaint Center www.ic3.gov Electronic Crimes Task Force www.secretservice.gov/investigation /#field

U.S. Department of Homeland Security

United States Secret Service

Jordan Johnston Special Agent Detroit Field Office 313-226-6400 Jordan.johnston@usss.dhs.gov

39

CloudSAFE Luncheon w/ Mimecast| February 7, 2019

Mimecast Solutions Overview

40

The Challenge & Opportunity

1 2 3 4

Dynamic global threat landscape. Cybersecurity skills gap. Persistent human error. Complex IT environments.

41

Staying Safe in a Modern World

allow block bad good

people places things

42

68% of Breaches

Take months or longer to discover*

$3.86 Million

Average cost of a breach **

* Verizon DBIR 2018 Report ** IBM 2014, Willis Watson 2017 *** Mimecast 2018

The Case for Cyber Resilience

3 Days

Average downtime after ransomware attack ***

43

1.

• 1. Global im

immunity 2.

• 2. Sustainable re

resilience 3.

• 3. Simplifi

fied compliance 4.

• 4. Le

Less complexity 5.

• 5. Im

Improved vis isibility

Mimecast’s Goals for You

Protection before, during, and after

44

Key Communications Tools, Greatest Risk

Email Web 99.9% Human Error

➢ 92% of attacks originate with email ➢ 91% of malware accesses the web ➢ 95% of breaches involve human error

45

Why Mimecast?

Sophistication:

• Advanced threat

intelligence

• Continuous innovation
• Best-in-class solutions

Simplicity:

• Reduced complexity
• Fewer resources
• Lower costs

Scalability:

• 31K customers
• Multi-tenant cloud

infrastructure

• Rapid innovation

46

The Power of Community Defense

31,000+ customers and millions of users

Advanced Intelligence

• 3rd party feeds
• Analytics
• Artificial Intelligence

Visibility

• Global grid
• Millions of users
• 24x7x365

Rapid Evolution

• Global updates
• Continuous adaptation

Protecting one means protecting all

47

Mime|OS Platform

Unified Administration

Threat Intelligence

Email Security & Mailbox Continuity Archive & Data Protection Web Security Awareness Training

Mimecast Cyber Resilience Platform

48

A Comprehensive, Single Solution

Email security Web security Awareness training Data recovery & archive

Continuous cycle

• f prevention,

detection, recovery, & improvement

49

Email Security

✓ Phishing attacks ✓ Ransomware ✓ Malware ✓ Malicious URLs ✓ Anti-spam & virus ✓ Inbound, Internal and Outbound

Secure Email Gateway Targeted Threat Protection

URL Protect Attachment Protect Impersonation Protect Internal Email Protect

Data Leak Protection & Content Control

Expanded Security Options

Email Continuity Sync & Recover Large File Send Secure Messaging

50

Web Security

✓ Real-time URL blocking ✓ Appropriate use policy enforcement ✓ Anytime, anywhere, any device protection ✓ 60-minute implementation

Web Security

Web Security Agent

Malicious URLs File Downloads Appropriate Access

51

Awareness Training

➢ Engaging, proven training ➢ Phish testing ➢ Predictive risk scoring ➢ Individualized training

Awareness Training Engaging Training

Phish Testing Risk Scoring Targeted Remediation

Awareness Training Introduction

52

Cloud Archive

➢ Multi-purpose solution ➢ Data archive, backup and recovery ➢ E-Discovery, compliance, end user search ➢ Leader in Gartner MQ, four years' running

Cloud Archive

E-Discovery Compliance End User Search Expanded Archiving Options

Supervision Sync & Recover Long Term Retention

53

Mimecast: Leading Innovation

URL Protect

June October

Graymail Control Australia Datacenter

July November

Attachment Protect

May

Impersonation Protect Internal Email Protect

February November

Integration

• f Solebit

for static file analysis GDPR Compliance

February

Ataata Acquisition

July August

Acquisition

• f Solebit

Launched Web Security Product

September February

Continuity Event Management

2014

Sync & Recover

July

Launch Cyber Resilience Coalition

August

Data logging API and Splunk application

October September

Mimecaster Central Customer Portal Gartner Magic Quadrant Leader

November June

German Datacenter

2015 2016 2017 2018

HIPAA Compliance Assessment

April

54

70+ CUSTOMER INTEGRATIONS ALLIANCES API ALLIANCES

Open API Integrations

Integrations are limited only by your imagination

55

Tradit itio ional l perim rimeter-based se securit ity has proven in ineffectiv ive at preventin ing breaches and data lo loss ss

A New Approach to Information Security is Needed You must:

• Protect your organization’s apps and data
• Maintain productivity

CloudSAFE Confidential 57

What is Virtual Desktop Infrastructure (VDI)?

• The process of running a user

desktop inside a virtual machine that lives on a server in the datacenter

• A powerful form of desktop

virtualization

• Enables fully personalized desktops for each

user

• Has all the security and simplicity of

centralized management

Application Security

• Centralized patch management
• Centralized config management
• Secure access to resources even

from employee-owned devices

• Protection against zero-day &

denial of service attacks

Contextual Access

Ensure appropriate levels of access for every individual – inside & outside your

• rganization - based on:
• User
• Endpoint
• Network
• Security profile

Data Security

• Keep data in the data center, not on

the endpoint

• Address insecure mobile data storage

via containerization & encryption

• Ensure secure file sharing

Network Security

• Encrypted delivery of applications and

desktops

• Enforce network access control
• Segment networks for compliance & security
• Deliver highest level of uptime &

performance

Analytics and Insights

• Triage user performance degradation
• Rapidly detect misconfigurations & attacks
• Better comply with regulations & reduce scope of

audits

• Ensure uptime & performance

Cyber Resilience for Email

• Security
• Archiving
• Business Continuity
• Mailbox Sync & Recovery

Essential Elements of a Security Solution

Lower the Risk of Ransomware

Virtualization can:

• Shield users of web apps from infection and

keep sensitive data off the endpoint

• Prevent email-borne ransomware from

compromising the endpoint

• Protect mobile devices against attack with

measures including containerization, encryption, blacklists and whitelists, and device compliance checks

• Ensure the rapid recovery of ransomware-

encrypted data with a secure and robust data backup and disaster recovery solution

Four Ways to Kidnap-proof Your Data

Browsers

Publish virtualized, sandboxed and hardened browsers

Email

Publish a virtualized, sandboxed, and hardened email client

Mobile

Protect mobile devices against attack with containerization

Collaboration

Provide a secure and robust content collaboration platform

Security & Compliance Benefits

Virtual Desktops and Workspaces - Dynamically created from compliant copies of

• perating systems, applications and user profiles
• Users execute only the latest approved software when conducting business on the network
• Readily validate end-user activity within the data center and easily evaluate the effectiveness of security controls

for regulatory compliance

• Control configuration drift within endpoints, even to the point of refreshing a virtual desktop that is exhibiting

signs of an infection

Virtualized Desktops help lower the costs of disaster recovery and business continuity

• Eliminate significant business disruptions due to office infrastructure unavailability, security incidents, or even

the event of a flu outbreak

• Dynamically host desktops to support users in offices and remote locations to meet user needs during a disaster

Security & Compliance Benefits

Sensitive data remains in the data center where security can protect against leaks

• Centralizing desktop execution in the data center reduces the number of data paths that security must

inspect

• Virtualization streamlines compliance - data never appears on the endpoint other than being rendered on

the screen so the need for endpoint data protection is lessened

Virtual workspaces secure remote user access to the network by isolating VPN clients and browsers on the endpoint

• Ensure remote users run an IT-configured browser and VPN client while conducting business from their

home computer

• Virtual workspaces layer on top of the local operating system, but use sandbox techniques to protect

against threats like keystroke loggers and memory mappers, application and operating system infections, and end-user reconfiguration of security settings

Virtualization Features

Resource Centralization

• Apps and Data are managed and protected

in the data center

• Accessed securely from anywhere
• Don’t reside on endpoint devices
• Full visibility and control over centrally

managed Windows apps and desktops

• Easily defined and enforced access policies

Policy-based Access Control

• Leverage preconfigured policies to

determine appropriate user access

• Support multi-level security practices by

delivering the right level of access for:

• User profile
• Device
• Network or location

Any-device Access

• Enable secure access and collaboration for

every employee, contractor or partner from any personal or corporate-owned device they choose to use

• Evaluate every device and user according to

administrator-defined criteria

Built-in Data Compliance

• Full activity logging
• Reporting
• Auditing

Virtualization Features

Unique User Identifier Each authorized user is allocated a unique user identifier which they must use whenever logging in Identifier is centrally issued, so that admins have the ability to PIN- lock the user´s access to data if necessary Automatic Log Offs An essential security feature for many compliance standards Ensures that if a device is left unattended, the user will be disconnected to prevent unauthorized access

Take Action to Protect Yourself

Educate and Support your Most Vulnerable Point of Entry

End Users

Prevent Threats and Mistakes

• Email Security
• Desktop Virtualization

Safeguard

Ensure Recovery if an Attack Does Get Through

• Data Backup
• Disaster Recovery

Recover

TALK TO THE EXPERTS

• US Secret Service 313-226-6400 Jordan.johnston@usss.dhs.gov
• MIMECAST
• Rob Harvey

617-393-7198 rharvey@mimecast.com

• Jim Robson 215-262-2501 jrobison@mimecast.com
• CloudSAFE
• Michael Butz Sr. 248-864-5501 mbutz@cloudsafe.com