cyber threats views from the fbi
play

Cyber Threats Views from the FBI Special Agent Keith Custer Federal - PowerPoint PPT Presentation

Jun 18, 2023 •310 likes •796 views

Cyber Threats Views from the FBI Special Agent Keith Custer Federal Bureau of Investigation Baltimore Division Overview Cyber Threat Overview Cyber-enabled Fraud Types of Cyber-enabled Fraud Business Email Compromise

  1. Cyber Threats – Views from the FBI Special Agent Keith Custer Federal Bureau of Investigation – Baltimore Division

  2. Overview • Cyber Threat Overview • Cyber-enabled Fraud • Types of Cyber-enabled Fraud • Business Email Compromise (BEC) • Case Studies • Best Practices to Protect Against Cyber-enabled Fraud UNCLASSFIED 2

  3. Cyber Threats • Cyber Division (CyD) – Intrusions – Major Infrastructure Defense – Nation State Attacks • Criminal Investigative Division (CID) – Cyber-enabled Crime • Fraud • Drugs • Money Laundering • Identity Theft UNCLASSFIED 3

  4. UNCLASSIFIED The FBI’s Cybersecurity Mission To protect the United States against:  Terrorist attack  Foreign intelligence operations and espionage  Cyber-based attacks and high technology crimes As the only U.S. agency with the authority to investigate both criminal and national security cybersecurity threats, the FBI is following a number of emerging trends. 4 UNCLASSFIED

  5. 5 Cyber Threats and Motivations

  6. Cyber-Enabled Fraud • The advent of the Internet has made a lot of things easier for a lot of people • Unfortunately this includes fraudsters UNCLASSIFIED 6

  7. Common Types of Cyber-enabled Fraud Targeting Businesses • Counterfeit Check scam (multiple varieties) – Attorney/CPA – Employment-based • Account Takeover • Business Email Compromise (BEC) UNCLASSFIED 7

  8. Counterfeit Check Scam (Attorney/CPA) • Target is usually solicited by email – Often the fraudster “spoofs” the email of a real executive (e.g., jbsmith@acmefireworks.com vs. jbsmith@acmeflreworks.com ) • The fraudster requests assistance with an international business matter, such as an acquisition or contract dispute • If the target agrees the fraudster arranges for a high-quality counterfeit instrument to be delivered to the target as part of the engagement • The target is directed to deposit the check and immediately wire funds to a “drop account”, usually a shell corporation in a foreign country (China, Taiwan, Malaysia, Dubai, Japan, etc.) • The funds are immediately withdrawn or transferred out of the destination account • The check is eventually found to be fake and the target is sometimes on the hook for the loss. • Transactions are typically $100,000 to $500,000 UNCLASSFIED 8

  9. Account Takeover • Frequently targets individuals or businesses after a compromise of personal information (email hack or PII stolen) • Fraudster identifies high value accounts – Home Equity Line of Credit (HELOC) – Brokerage – Money Market Savings • Fraudster contacts financial institution call center or email and attempts to initiate a wire transfer to a “drop account” – Fraudster will attempt to socially engineer verification – Fraudster will attempt to have the targets home phone forwarded to his burner cell phone – If business has been done by email in past, sometimes no verification is required • Usually the financial institution will take the loss in account takeovers after reimbursing the victim for any unauthorized withdrawals UNCLASSIFIED 9

  10. Business Email Compromise (BEC) Definition BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising or spoofing legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. Most victims report using wire transfers as the common method of transferring funds for business purposes; however, some victims report using checks as the common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices. This definition was revised to emphasize the different techniques used to compromise victim e-mail accounts. 10

  11. Ubiquiti reported in August 2015 it was a BEC victim UNCLASSIFIED 11

  12. BEC Descriptions Version 1 : Fraudster impersonates CEO or CFO to initiate a wire transfer • The fraudster hacks or spoofs a business executive’s e-mail account. • A request, seemingly on behalf of this business executive, is then forwarded to a second employee requesting a wire transfer to a fraudster controlled bank account. • The second employee complies with the business executive’s request and sends the payment. • Sometimes the fraudster compromises a business executive’s e-mail account and contacts the bank directly, asking for an “urgent wire transfer.” • This process is repeated every few days until discovered. Typical transactions are $100,000 to $200,000. 12

  13. BEC Case Study: Version 1 • Victim A: A publicly traded, San Diego, CA-based educational resources firm with $638 million in revenues in 2014 • On April 7, 2014, Victim A’s corporate controller (Russell) was contacted by an individual purporting to be the CFO (Daniel) and directed to send an $85,050 wire, supposedly at the direction of the CEO (Andrew)

  14. BEC Case Study: Version 1

  15. BEC Case Study: Version 1 • On April 8, 2014, Victim A’s corporate controller (Russell) was again contacted by the same individual purporting to be the CFO (Daniel) and directed to send a $115,000 wire, again at the direction of the CEO (Andrew)

  16. BEC Case Study: Version 1

  17. BEC Case Study: Version 1 • On April 9, 2014, the fraud was discovered, but the funds could not be recalled • Contributing factors • Russell was a relatively new employee (4 months) • Wires had been done by email in the past infrequently (lack of controls) • Andrew and Dan were out of the office on April 7 th and 8 th • No evidence of malware • Source IP address had browsed company website on April 7, 2014

  18. BEC Case Study: Version 1 • Funds were transferred to an unwitting non-profit in San Diego, that was told they had been wired money accidentally and agreed to redirect the funds when contacted by the fraudsters • $95,000 of the funds were redirected by bank wire to a shell company in the United States opened by an unemployed 28 year old Liberian female and withdrawn in cashier’s check shortly after

  19. BEC Descriptions Version 2 : A business employee’s e-mail is hacked •An employee often in Accounts Receivable has their e-mail hacked, not spoofed. •Requests for invoice payments are sent from this employee’s e-mail to multiple vendors identified from this employee’s contact list. •These requests contain seemingly legitimate invoices with the payment instructions changed to fraudster controlled accounts. 19

  20. BEC Case Study: Version #2 • Victim B: A privately held, San Francisco, California- based international shipping and logistics firm • On May 8, 2014, Victim B’s corporate controller (Tim) was contacted by an individual purporting to be the CFO (James) and directed to send a $176,081.46 wire, supposedly at the direction of the CEO (George)

  21. BEC Case Study: Version #2 • Both wires were sent before the fraud was detected resulting in a loss of $343,613.38 • Wire 1 was sent to: XXXXXXXXX Entertainment Inc. Taichung Commercial Bank Taipei, Taiwan • Wire 2 was sent to: XXX LTD. Malayan Bank Kuala Lumpur, Malaysia

  22. BEC Case Study: Version #2 • Victim B continued to be targeted. • In December 2014, a Victim B employee in Accounts Receivable (Catherine) was found to have opened an infected email attachment that compromised her email • Victim B customers then began to receive correspondence from a spoofed email using Catherine’s name and an outlook.com email address. • The customers were asked to redirect payments to an account in Victim B’s name (but not controlled by Victim B) at NATIONAL WESTMINSTER BANK in the United Kingdom • These attempts were unsuccessful with the exception of a single payment of $36,779.85 on 2/11/2015

  23. BEC Case Study: Version #2 Malware Bytes Detection 1/16/15 ‐ Malware was detected ‐ � pidloc.txt (Malware.Trace.E) � Detecting Trace^ � The following symptoms signal that your computer is very likely to be infected with Trace: � PC is working very slowly � Trace can seriously slow down your computer. If your PC takes a lot longer than normal to restart or your Internet connection is extremely slow, your computer may well be infected with Trace. � New desktop shortcuts have appeared or the home page has changed � Trace can tamper with your Internet settings or redirect your default home page to unwanted web sites. Trace may even add new shortcuts to your PC desktop. � Annoying popups keep appearing on your PC � Trace may swamp your computer with pestering popup ads, even when you're not connected to the Internet, while secretly tracking your browsing habits and gathering your personal information. � E ‐ mails that you didn't write are being sent from your mailbox � Trace may gain complete control of your mailbox to generate and send e ‐ mail with virus attachments, e ‐ mail hoaxes, spam and other types of unsolicited e ‐ mail to other people.

  24. BEC Case Study: Version #2

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Do You See What I See? Navigating Human & Cyber Threats at the Workplace The views expressed

Do You See What I See? Navigating Human & Cyber Threats at the Workplace The views expressed

Do You See What I See? Navigating Human & Cyber Threats at the Workplace The views expressed by us are not representative of the City of Charlotte. OUTLINE INTRODUCTIONS HUMAN THREATS CYBER THREATS QUESTIONS INTRODUCTIONS

445 views • 25 slides
CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of the cyber world 2. Threats

CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of the cyber world 2. Threats

CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of the cyber world 2. Threats to small businesses 3. Cyber Recovery Insurance Y our presenters Anne Jackson Sarah Morton Gary Hibberd Sales Director, Lorega Sales and

342 views • 31 slides
Cyber Threats P R E S E N T E D T O C A S R E I N S U R A N C E S E M I N A R B O S T O N ,

Cyber Threats P R E S E N T E D T O C A S R E I N S U R A N C E S E M I N A R B O S T O N ,

Cyber Threats P R E S E N T E D T O C A S R E I N S U R A N C E S E M I N A R B O S T O N , M A S S A C H U S E T T S J U N E 4 , 2 0 12 Antitrust Notice 2 The Casualty Actuarial Society is committed to adhering strictly to the

577 views • 26 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber

The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber

The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber Crime Growth Number of mobile 200M devices affected IBM 11.6M Number of accounts hacked CNN Money 432M Number of malware samples collected Intel

652 views • 30 slides
The New Era of Cyber Threats The Shift to Self-Learning, Self-Defending Networks Georgiana

The New Era of Cyber Threats The Shift to Self-Learning, Self-Defending Networks Georgiana

The New Era of Cyber Threats The Shift to Self-Learning, Self-Defending Networks Georgiana Wagemann Director of Sales, Darktrace Evolving Threats in a New Business Landscape Outsourced IT, SaaS, cloud, virtual, supply chain, IoT Not just data

412 views • 15 slides
Introduction to Cyber Threats: current status, perspectives and reflects in Brazil Adriano Mauro

Introduction to Cyber Threats: current status, perspectives and reflects in Brazil Adriano Mauro

Introduction to Cyber Threats: current status, perspectives and reflects in Brazil Adriano Mauro Cansian Agenda New Cybernetic Global Order Cyber threats. The present and future threat scenarios. The scenario in Brazil. Final

617 views • 46 slides
Preparing to Fail Changing the way we think about cyber threats Oil Rig Pic Flaming Oil Rig

Preparing to Fail Changing the way we think about cyber threats Oil Rig Pic Flaming Oil Rig

Preparing to Fail Changing the way we think about cyber threats Oil Rig Pic Flaming Oil Rig picture The asymmetric nature of the Internet The current state of cyber underground Our current approach UNCLASSIFIED 7 Software Integrity Denial

388 views • 18 slides
Commonwealth of Virginia Cyber Commission First Year Report Threats and Opportunities

Commonwealth of Virginia Cyber Commission First Year Report Threats and Opportunities

Commonwealth of Virginia Cyber Commission First Year Report Threats and Opportunities Executive Order Number 8 Identify high risk cyber security issues facing COV. Provide advice and recommendations to secure COV networks,

449 views • 20 slides
Bot BotNets Nets- Cy Cyber ber To Torr rriris irism Battling Battling the the threats

Bot BotNets Nets- Cy Cyber ber To Torr rriris irism Battling Battling the the threats

Bot BotNets Nets- Cy Cyber ber To Torr rriris irism Battling Battling the the threats threats of of interne internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets? Because Bot

379 views • 27 slides
Cyber Threats and Federally-funded Cyber Resources Eugene Kipniss State, Local, Tribal, or

Cyber Threats and Federally-funded Cyber Resources Eugene Kipniss State, Local, Tribal, or

Cyber Threats and Federally-funded Cyber Resources Eugene Kipniss State, Local, Tribal, or Territorial Government Entity 2 Why SLTT Governments? Criminals look for data... and governments have a lot of it! 3 TLP: WHITE 3 CBA 6 CBA 4

911 views • 35 slides
Cyber Threats Incident Response Model for CNII Organizations Dr. Aswami Ariffin Megat Mutalib

Cyber Threats Incident Response Model for CNII Organizations Dr. Aswami Ariffin Megat Mutalib

Cyber Threats Incident Response Model for CNII Organizations Dr. Aswami Ariffin Megat Mutalib Dr. Zahri Yunos Presentation Outline 1. Our Service: CyberDEF (Cyber Defence) 2. Our R&D Product: CMERP (Coordinated Malware Eradication &

605 views • 25 slides
Seminar Series Industrial Cyber Threats and Future Planning Robert M. Lee Twitter: @RobertMLee

Seminar Series Industrial Cyber Threats and Future Planning Robert M. Lee Twitter: @RobertMLee

Seminar Series Industrial Cyber Threats and Future Planning Robert M. Lee Twitter: @RobertMLee Email: rlee@dragos.com Web: www.dragos.com Agenda Where We Are Selected Case Studies in Cyber Attacks Where Were Heading

424 views • 24 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
Minimizing Business Disruption After a Cyberattack Cyber Security Challenges, Threats and

Minimizing Business Disruption After a Cyberattack Cyber Security Challenges, Threats and

1 Minimizing Business Disruption After a Cyberattack Cyber Security Challenges, Threats and Strategies Symposium University of Bahrain 21 st September 2016 By: Ahmed Albalooshi, CISA, CISM, CGEIT. First Vice President IT Al Baraka Banking

200 views • 15 slides
Cyber@UC Meeting 68 Advanced Persistent Threats If Youre New! Join our Slack:

Cyber@UC Meeting 68 Advanced Persistent Threats If Youre New! Join our Slack:

Cyber@UC Meeting 68 Advanced Persistent Threats If Youre New! Join our Slack: cyberatuc.slack.com (URL changed!) SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees:

484 views • 13 slides
HABs Harrier Training 2018 Claire Weston Outreach Coordinator Community Science Institute

HABs Harrier Training 2018 Claire Weston Outreach Coordinator Community Science Institute

Cayuga Lake HABs Harrier Training 2018 Claire Weston Outreach Coordinator Community Science Institute First of all THANK YOU! NO BLOOM REPORT The No Bloom Report should be filled out every week that you survey your zone but

181 views • 15 slides
Senior Women Talent Pipeline for UN Peace Operations Call for nominations and applications Ms.

Senior Women Talent Pipeline for UN Peace Operations Call for nominations and applications Ms.

Senior Women Talent Pipeline for UN Peace Operations Call for nominations and applications Ms. Kristina Koch, Chief Recruitment Section Department of Field Support/Field Personnel Division Email: kochk@un.org, Tel: 917 367 3320 1 Overview 1.

169 views • 16 slides
WOMEN & MILLENNIALS IN THE SUPPLY CHAIN How Seasoned & Millennial Professionals Work

WOMEN & MILLENNIALS IN THE SUPPLY CHAIN How Seasoned & Millennial Professionals Work

WOMEN & MILLENNIALS IN THE SUPPLY CHAIN How Seasoned & Millennial Professionals Work Together in the Logistics Industry WOMEN IN LOGISTICS & SUPPLY CHAIN WOMEN IN LOGISTICS According to the World Economic Forum, itll be nearly

367 views • 21 slides
Verifying email security techniques for Dutch organizations Student: Vincent van Dongen

Verifying email security techniques for Dutch organizations Student: Vincent van Dongen

Verifying email security techniques for Dutch organizations Student: Vincent van Dongen Supervised by: Ralph Dolmans, George Thessalonikefs (NLnet Labs) Security and Network Engineering (UvA) Master Thesis, 3 July 2018 Vincent van Dongen (UvA)

187 views • 17 slides
INTERNET & FAMILY SAFETY 10 TH SYRO-MALANKARA CATHOLIC CONVENTION STAMFORD, CT 2018 AUGUST

INTERNET & FAMILY SAFETY 10 TH SYRO-MALANKARA CATHOLIC CONVENTION STAMFORD, CT 2018 AUGUST

INTERNET & FAMILY SAFETY 10 TH SYRO-MALANKARA CATHOLIC CONVENTION STAMFORD, CT 2018 AUGUST 2-5 PRESENTED BY: JOHN P VARGHESE AGENDA Cyber Threat Email Malicious Code Device Social Engineering Social Network

844 views • 20 slides
COMPARATIVE STUDY OF LEAN AND AGILE SUPPLY CHAIN MANAGEMENT ALONG WITH THE OPTIMAL MODEL

COMPARATIVE STUDY OF LEAN AND AGILE SUPPLY CHAIN MANAGEMENT ALONG WITH THE OPTIMAL MODEL

Kuwait Chapter of Arabian Journal of Business and M anagement Review Vol. 1, No.4; December 2011 COMPARATIVE STUDY OF LEAN AND AGILE SUPPLY CHAIN MANAGEMENT ALONG WITH THE OPTIMAL MODEL PRESENTATION OF AGILE SUPPLY CHAIN MANAGEMENT Shahram

233 views • 11 slides
I o T I N S U P P L Y C H A I N Key To Gaining Predictability Of Freight Movement GCC-

I o T I N S U P P L Y C H A I N Key To Gaining Predictability Of Freight Movement GCC-

I o T I N S U P P L Y C H A I N Key To Gaining Predictability Of Freight Movement GCC- Powerhouse For Logistics & Transportation Industry $66.3 Billion $9 billion Expected value of GCCs logistics market size of land transportation in

575 views • 39 slides
Barcelona Moscow Beijing Munich Boston New York Brussels Orange County Century City Paris

Barcelona Moscow Beijing Munich Boston New York Brussels Orange County Century City Paris

12670 High Bluff Drive San Diego, California 92130 Tel: +1.858.523.5400 Fax: +1.858.523.5450 www.lw.com FIRM / AFFILIATE OFFICES Barcelona Moscow Beijing Munich Boston New York Brussels Orange County Century City Paris December 1,

307 views • 4 slides

More recommend