Social Engineering Ben Hayden IT & Risk Consultant Ben Hayden - - PowerPoint PPT Presentation

social engineering
SMART_READER_LITE
LIVE PREVIEW

Social Engineering Ben Hayden IT & Risk Consultant Ben Hayden - - PowerPoint PPT Presentation

Dec 12, 2023 341 likes •605 views

Cybersecurity and Social Engineering Ben Hayden IT & Risk Consultant Ben Hayden Background: US Marine Corps Law Enforcement Financial Institution IT Security/Fraud U of I BBA ISU MS @2016. Proprietary &

slide-1
SLIDE 1

Ben Hayden

IT & Risk Consultant

Cybersecurity and Social Engineering

slide-2
SLIDE 2

Ben Hayden

Background:

  • US Marine Corps
  • Law Enforcement
  • Financial Institution

– IT Security/Fraud

  • U of I – BBA
  • ISU – MS

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

slide-3
SLIDE 3

Disclaimers

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Disclaimers

  • SHAZAM vs Competitors
  • Hacking Tools
  • Federal Laws
  • Policies
  • I don’t know everything
  • No magic bullet
  • “Not if, but when”
slide-4
SLIDE 4

Question 1

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Question

Why do organizations/people “get hacked”?

  • Grudge
  • Ideology (“Hacktivism”)
  • Theft (Financial gain)
  • Fun
  • Espionage(State-sponsored)
  • Some other reason
slide-5
SLIDE 5

Question

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Answer

Why do organizations/people “get hacked”?

  • Theft (Financial Crime) – 80%
  • Espionage (State Sponsored) – 15%
  • Everything Else – 5%

Source: 2016 Verizon Data Breach Report

slide-6
SLIDE 6

Why are we here?

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

In 2015….

More than 169 million personal records were exposed with an average cost of $154 per stolen record (minus medical records - $363 per record).

Source: 2015 ITRC Data Breach Report

slide-7
SLIDE 7

Risks

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

What are some risks cities face?

  • Points of compromise – think WHY?
  • Customer payment systems
  • Employee records
  • Tax/property records
  • Traffic sensors
  • Water sensors
  • GPS systems
  • Phone/radio systems
slide-8
SLIDE 8

Risks

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Standards/Regulations

  • Financial Industry
  • GLBA
  • Health Care
  • HIPAA
  • HITECH
  • What does public sector have?
slide-9
SLIDE 9

Case Studies

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

San Francisco Municipal Transit

  • November 2016
  • Transit system’s payment network was encrypted, as was their email

server.

  • Payment machines wouldn’t accept payments.
  • 100 Bitcoin was demanded.
  • SF opened gates to transit system, riders allowed to ride for free for two

days until the system was restored.

slide-10
SLIDE 10

Attack Cycle

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Target Identification

Recon

Gaining Access Scanning the Network Exploits Exfiltration

slide-11
SLIDE 11

Target Identification

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Target Identification

  • Types of Hackers
  • Organized Crime
  • Nation States
  • Hacktivist
  • Insiders

Target Identification

slide-12
SLIDE 12

Attack Example

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Hypothetical Attack

  • Footprinting
  • Social Networks
  • Website
  • Maltego
  • Google

Recon

slide-13
SLIDE 13

Attack Example

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Social Engineering

  • Phishing
  • Client emails
  • Spear Phishing
  • Giving out passwords

Approximately 70% of attacks used a combination of phishing and hacking.

Source: 2016 Verizon Data Breach Report

Gaining Access

slide-14
SLIDE 14

Attack Example

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Maltego

slide-15
SLIDE 15

Attack Example

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Scanning the Network

Network is probed for vulnerabilities

Open ports Out-of-date patches Unlocked systems Administrator access

Multiple access points established

Scanning the Network

slide-16
SLIDE 16

Attack Example

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Tools

  • Network mapping tools
  • Zenmap, SoftPerfect
  • Packet Sniffers
  • WireShark
  • Keyloggers

What are they looking for?

  • Vulnerabilities
  • Outdated/unpatched systems/applications
  • Weak passwords with admin privileges

Scanning the Network

slide-17
SLIDE 17

Scanning

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

SoftPerfect

slide-18
SLIDE 18

Scanning

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Nmap

slide-19
SLIDE 19

Scanning

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Nmap (GUI)

slide-20
SLIDE 20

Scanning

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Nmap (GUI)

slide-21
SLIDE 21

Attack Example

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Passwords Encryption

What does it actually mean? Breaking/Circumvention Publically available rainbow tables

On average – 24 online accounts Only 6 passwords 73% of passwords are duplicates 47% of passwords are 5+ years old 77% of passwords are 1+ year old

Source: TeleSign Consumer Account Security Report

slide-22
SLIDE 22

Attack Example

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Types of Exploits

  • Two basic types:
  • Known
  • Unknown
  • What they do
  • Elevate privileges
  • Attack other applications
  • Exploit Kits
  • Dark Web (tor)

Exploits

slide-23
SLIDE 23

Attack Example

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Exfiltrating the data

  • Difficult to detect
  • Mimics “normal” behavior

What do they do with the data?

  • Sell it

Unless it’s Ransomware

  • Encrypt specific file types on device/server

Exfiltration

slide-24
SLIDE 24

What can you do?

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.

Best Practices

  • Think When not If
  • Follow IT policies/procedures
  • Don’t open unusual links/attachments
  • Trust through verification
  • Think before you click
  • Use strong passwords
slide-25
SLIDE 25

Thank you!

QUESTIONS?

@2016. Proprietary & Confidential. SHAZAM, Inc. information is of general applicability and current as of date of presentation.