cyber security and michigan businesses
play

Cyber Security and Michigan Businesses February 7, 2019 Agenda US - PowerPoint PPT Presentation

Oct 28, 2023 •254 likes •949 views

Cyber Security and Michigan Businesses February 7, 2019 Agenda US Secret Service Jordan Johnston Special Agent with Detroit Field Office Fraud & Cybercrimes Division Member of Electronic Crimes Taskforce Member of Dark

  1. Cyber Security and Michigan Businesses February 7, 2019

  2. Agenda • US Secret Service • Jordan Johnston • Special Agent with Detroit Field Office – Fraud & Cybercrimes Division • Member of Electronic Crimes Taskforce • Member of Dark Web Taskforce with Homeland Security Investigations • Member of Cryptocurrency Taskforce with the FBI • MIMECAST • Rob Harvey • Commercial Account Manager • CloudSAFE • Michael Butz Sr. • Founder and CEO

  3. Current Cybercrime Trends Impacting our Financial Infrastructure and Your Financial Future Jordan Johnston Special Agent U.S. Secret Service Detroit Field Office U.S. Department of Homeland Security United States Secret Service

  4. MISSION STATEMENT “The mission of the United States Secret Service is to safeguard the nation’s financial infrastructure and payment systems to preserve the integrity of the economy, and To protect national leaders, visiting heads of government, designated sites and National Special Security Events.” U.S. Department of Homeland Security United States Secret Service

  5. Financial Crime Investigations: ▪ Identity Theft ▪ Access Device Fraud ▪ Network Intrusions U.S. Department of Homeland Security United States Secret Service

  6. Magnitude -2016- Received 298,728 cyber crime and fraud complaints Reported losses in excess of $1.4 billion BEC was the #1 cause of loss BEC global exposure, 2013-2016: Over $5 billion (reported) $5,302,890,449 Number of victims: 40,203 (the math)--$131,902.85/victim BEC from January 2016 - June 2017: Attempted $222.9 million Returned/Frozen $74,831,206 (34%) Unrecovered $148.1 million(66%) U.S. Department of Homeland Security United States Secret Service

  7. Identity Theft PII (personally identifiable information) – any data that either on its own or used with other information could potentially identify a specific individual, e.g., name, SSN, DL, and DOB. U.S. Department of Homeland Security United States Secret Service

  8. More sophisticated ways to obtain PII: ▪ Network Intrusions ▪ Dating schemes ▪ Employment schemes ▪ Recycling storage media ▪ “Geotagging” – BEWARE! U.S. Department of Homeland Security United States Secret Service

  9. Very basic uses for PII: ▪ Obtain credit in the victim’s name to… ▪ Purchase jewelry, electronics, stored-value cards ▪ Obtain utilities – cable TV, Internet ▪ Purchase/Lease automobiles ▪ Savings/Checking Account Takeovers U.S. Department of Homeland Security United States Secret Service

  10. Additional ways to obtain account numbers ▪ Phishing ▪ Network Intrusions / Data Breaches ▪ Collusive employees ▪ Malware, Trojans, Worms U.S. Department of Homeland Security United States Secret Service

  11. “Dumped” Card Information is Transmitted Overseas and Sold on the Internet – Carding Portals U.S. Department of Homeland Security United States Secret Service

  12. Retail Threat Vectors Sophisticated Botnets Point of Sale Malware Fraudulent Payment Methods Business Email Compromise Distributed Denial of Service Mobile Payment U.S. Department of Homeland Security United States Secret Service

  13. Point Of Sale Network Intrusions • Infiltration (malware/keyloggers/sniffers) • Aggregation • Exfiltration (email accts/servers ?….) Data Flow U.S. Department of Homeland Security United States Secret Service

  14. Network Intrusion Commonalities • Using the same admin password since installation • Failure to use/update AV software • POS system configured for remote management without two-factor authentication login • Computers in the PCI environment used to browse internet, play games, and check Facebook • Not changing default manufacturer passwords EVER • Running devices on administrator account U.S. Department of Homeland Security United States Secret Service

  15. Business Email Compromise (BEC) Email Account Compromise (EAC) U.S. Department of Homeland Security United States Secret Service

  16. What is a Business Email Compromise? • Sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments • BOTH suppliers and their customers are victims of this scam • Targets CFO, CTO, or some high-ranking executive • Compromise via social engineering or computer intrusion techniques • Formerly known as the man-in-the-email scam, the BEC was renamed to focus on the business angle of this scam U.S. Department of Homeland Security United States Secret Service

  17. Business Email Compromise The Process 1. Vector is stolen credentials and/or malware, or email from a spoofed or similar domain 2. Compromised systems monitored and/or files scanned for invoices/accounts payable 3. Snooping or surveillance conducted on executives and/or their staff 4. Impersonation of executives executed by way of email, voice, call-forwarding, and/or fax U.S. Department of Homeland Security United States Secret Service

  18. “Money Mule” Facilitation “Money Mule”— A witting or unwitting individual directed to open bank accounts to receive fraudulent money transfers, and then transfer funds to other (fraudulent) bank accounts U.S. Department of Homeland Security United States Secret Service

  19. “Money Mule” Facilitation Often acquired online through social engineering and fake job postings on: • Social Media • Legitimate job boards • Fake job boards • Radio advertising • Romance scams on dating sites • Other social engineering — Money Mules are a Challenge — • They are not routinely held accountable in criminal and/or civil action • Bank accounts can be closed, but funds are often returned to mules • Many mules do not realize they are breaking the law U.S. Department of Homeland Security United States Secret Service

  20. Phishing Spear Phishing Whaling U.S. Department of Homeland Security United States Secret Service

  21. Ransomware U.S. Department of Homeland Security United States Secret Service

  22. Example U.S. Department of Homeland Security United States Secret Service

  23. Example ▪ Southern University contracted with a company for construction work at the university. ▪ D.M., the Assistant Director of Payment Services for Southern University, received an email directing him to change Company’s ACH payment account ▪ Email extension read “ accts.receivable@companyinc.com ” ▪ The email extension for (actual) Company should be “@company.com ” U.S. Department of Homeland Security United States Secret Service

  24. Example continued ▪ Attached to the fraudulent email was a blank Citibank check purportedly from Inc. — with Company a routing number, account number, and check number — and an Authorization Agreement for Automatic Deposit of Vendor Checks purportedly from “Company Inc. ” and signed by a person purportedly named “Tim Stallings. ” ▪ The next day, Southern University made three payments via wire transfer, totaling $1.3 million, to “Company Inc. ” ▪ (Actual) Company Inc. never received payment from Southern University. ▪ Investigators reviewed the fraudulent account and discovered a $20,000 wire transfer into the bank account of “West Coast Designs,” belonging to Linda Lee. U.S. Department of Homeland Security United States Secret Service

  25. Example continued ▪ Linda Lee explains she co-owns the business with her fiancée, Dennis Rand, whom she has never met. Rand directed Lee to open three bank accounts. ▪ Lee states business is booming, with a recent $1.3 million design deal in Texas. ▪ Lee states Rand asked her to occasionally move money from one account into another. ▪ Investigators explained to Lee the $1.3 million was illegally obtained from Southern University, not a design deal. ▪ Lee agreed to forfeit the remaining money in the account and provided a detailed ledger of account activity. ▪ Investigators tracked the funds transferred Southern University's transaction to an account owned by Sam Smith. U.S. Department of Homeland Security United States Secret Service

  26. The Rapid Growth of Cybercrime U.S. Department of Homeland Security United States Secret Service

  27. Hacking Made Easy U.S. Department of Homeland Security United States Secret Service

  28. Personal Information is Cheap U.S. Department of Homeland Security United States Secret Service

  29. Target Lists are Free Experian.com/small business/mailing lists InfoUSA.com DatabaseUSA.com ReferYes.com Dark Web Marketplaces eGrabber.com — “Capture leads & prospects from any webpage, find & add any missing field (email/phone/...), update, de- dupe, merge & segment any prospect list” U.S. Department of Homeland Security United States Secret Service

  30. Prevention • Do not click unknown attachments • Select computer settings to view entire link extension • Verify any requests for: – Change in payment type or location – Speedy or secret transfers • Be wary of free web-based e-mail accounts • Multiple-factor authentication • Use “forward” instead of “reply to” • Awareness training of front-line employees U.S. Department of Homeland Security United States Secret Service

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Cyber Security User Overview Martin Dinham Martin.Dinham@cfsystems.co.uk 01209 340030 Some

Cyber Security User Overview Martin Dinham Martin.Dinham@cfsystems.co.uk 01209 340030 Some

Cyber Security User Overview Martin Dinham Martin.Dinham@cfsystems.co.uk 01209 340030 Some context Daily Mail online, April 2017 52 % the number of small businesses that had a security breach in 2016 UK Government Cyber Security

619 views • 39 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, MidAtlantic Region National Cyber Security Division (NCSD) Office of Cybersecurity and Communications

443 views • 20 slides
Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs ! 3 properties ... Confidentiality (including personal data) Integrity Availability 2 -Sminaire LIRIMA: Cyber security: current

876 views • 64 slides
2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor, Region VII Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD) FOUO / UNCLASS Cyber Security

333 views • 12 slides
Evolving Cyber Risks for Small Businesses Sponsored By: Evolving Cyber Risks for Small

Evolving Cyber Risks for Small Businesses Sponsored By: Evolving Cyber Risks for Small

Evolving Cyber Risks for Small Businesses Sponsored By: Evolving Cyber Risks for Small Businesses Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides Recording of todays webinar Corresponding

515 views • 19 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
Vajra Cyber Threat Mitigation Service (Vajra CTMS) A Military Grade Cyber Threat Mitigation

Vajra Cyber Threat Mitigation Service (Vajra CTMS) A Military Grade Cyber Threat Mitigation

Vajra Cyber Threat Mitigation Service (Vajra CTMS) A Military Grade Cyber Threat Mitigation Service for Businesses and Governments Cyber Security & Privacy Foundation Pte. Ltd., Singapore Cyber Security & Privacy Foundation (CSPF)

369 views • 21 slides
CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview 1. What is at risk? 2. Global industry trends 3. BDO/AusCERT survey 4. Recent cyber case studies 5. Cyber risk mitigation strategies Page

481 views • 35 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
MobiDesk: Mobile Virtual Desktop Computing Ricardo A. Baratto, Shaya Potter, Gong Su, Jason Nieh

MobiDesk: Mobile Virtual Desktop Computing Ricardo A. Baratto, Shaya Potter, Gong Su, Jason Nieh

MobiDesk: Mobile Virtual Desktop Computing Ricardo A. Baratto, Shaya Potter, Gong Su, Jason Nieh Network Computing Laboratory Columbia University September 28, 2004 Problem: Growing PC management complexity Solution: MobiDesk Issue:

392 views • 35 slides
Preparing to Fail Changing the way we think about cyber threats Oil Rig Pic Flaming Oil Rig

Preparing to Fail Changing the way we think about cyber threats Oil Rig Pic Flaming Oil Rig

Preparing to Fail Changing the way we think about cyber threats Oil Rig Pic Flaming Oil Rig picture The asymmetric nature of the Internet The current state of cyber underground Our current approach UNCLASSIFIED 7 Software Integrity Denial

388 views • 18 slides
MARYLAND ELECTRONIC CRIMES TASK FORCE A Look at Fraud, Counterfeiting, and Cyber Crimes United

MARYLAND ELECTRONIC CRIMES TASK FORCE A Look at Fraud, Counterfeiting, and Cyber Crimes United

MARYLAND ELECTRONIC CRIMES TASK FORCE A Look at Fraud, Counterfeiting, and Cyber Crimes United States Secret Service History Legislation passed on April 14, 1865 to create Secret Service to suppress counterfeiting (was formed under the

420 views • 27 slides
Investor presentation May 2015 DIRECTION DE LA COMMUNICATION 1 Disclaimer This document has

Investor presentation May 2015 DIRECTION DE LA COMMUNICATION 1 Disclaimer This document has

Investor presentation May 2015 DIRECTION DE LA COMMUNICATION 1 Disclaimer This document has been prepared by La Poste solely for use for general investor presentations. This document is not to be reproduced by any person, nor be distributed

1.01k views • 46 slides
The Federal Circuit Last month at PRE-CRITICAL DATE COMMERCIALIZATION DEEMED NOT A Month at a

The Federal Circuit Last month at PRE-CRITICAL DATE COMMERCIALIZATION DEEMED NOT A Month at a

J A N U A R Y 2 0 0 2 The Federal Circuit Last month at PRE-CRITICAL DATE COMMERCIALIZATION DEEMED NOT A Month at a Glance COMMERCIAL OFFER FOR SALE An offer is the manifestation of willingness to enter into a bargain, so made as to justify

208 views • 8 slides
T18 September 30, 2004 11:30 AM R EFINING R EQUIREMENTS WITH T EST C ASES Tanya Martin-McClellan

T18 September 30, 2004 11:30 AM R EFINING R EQUIREMENTS WITH T EST C ASES Tanya Martin-McClellan

BIO PRESENTATION PAPER T18 September 30, 2004 11:30 AM R EFINING R EQUIREMENTS WITH T EST C ASES Tanya Martin-McClellan Texas Mutual Insurance Company Better Software Conference & EXPO September 27-30, 2004 San Jose, CA USA Tanya

454 views • 33 slides
Recommendations Requirements and Challenges Regarding Provision and Consumption of Cloud

Recommendations Requirements and Challenges Regarding Provision and Consumption of Cloud

Sixth SG13 Regional Workshop for Africa on Standardization of future networks: What opportunities for Africa? ( Abidjan, Cte dIvoire, 26 -27 March 2018) Supplement No. 146 to Y Series of Recommendations Requirements and Challenges

371 views • 14 slides
WITSIESHOEK PROPOSED PROTECTED ENVIRONMENT LESSONS LEARNT LAND REFORM & BIODIVERSITY

WITSIESHOEK PROPOSED PROTECTED ENVIRONMENT LESSONS LEARNT LAND REFORM & BIODIVERSITY

WITSIESHOEK PROPOSED PROTECTED ENVIRONMENT LESSONS LEARNT LAND REFORM & BIODIVERSITY STEWARDSHIP INITIATIVE UCPP 11 MARCH 2015 1 EPWP WHAT IS IT THAT WE WANT TO DO? Assist communities to wisely use and protect land entrusted to

311 views • 14 slides

More recommend