Ransomware Threat: Keeping Your Network secure
Cyber Security Risks and Mitigation Strategies
Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC‐registered investment advisor. | ©2016 CliftonLarsonAllen LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING •Today’s Cyberattacks • 312 • •Over WEALTH that organizations approximately
ADVISORY 2017
◊ ◊ ◊
data to
| 4 http://blogs.rsa.com/best https://www.scmagazine.com/report http://www.zdnet.com/article/over OUTSOURCING
billion steal
cyber
breaches
National | AUDIT,
dollars
cost
‐ TAX, data ten
criminals $86K
AND ‐
CONSULTING advice
times small
records as ‐
digital
per ‐
Cyber four ‐ of finds ‐ citizens ‐ billion
to ‐ that prefer March more incident ‐
‐ data
stop ‐ medium than were
‐ ‐ records amount think Security ‐ 312
‐ to ‐ data connect/ 14, ‐
were
stolen
‐ and breaches target ‐
stolen
2017 business
‐ ‐ larger in this ‐
2016
‐ Trends in year/article/644421/
data, /
2016
rather
2 ©2016 CliftonLarsonAllen LLP Little • Landry's • Horizon • Holiday • •Highmark•HEI •E •Dun Cellebrite • •Blue 21st • WEALTH A East Delaware (ESEA) ‐
Sports
ADVISORY Few
Hotels
& Central Century Shield
Red
Bradstreet
|
Inn
Blue OUTSOURCING restaurants Entertainment
Door BlueCross Company
Indiana
Oncology Cross
| Cancer AUDIT,
TAX,
BlueShield
AND
Services
CONSULTING Association
Breaches
of of
elaeHealth WellCare • •VTech •Verity•University •Verizon Radiology • •Quest Neiman • Health MedStar • •Madison •Yahoo Florida
reported
Diagnotics Health
Enterprise Marcus
Square
Regional of
Central
Garden Plans
Solutions Center
in Florida
Inc.
2017
of
3 ©2016 CliftonLarsonAllen LLP Know The
your Threat
enemy
Landscape 4 ©2016©2015 CliftonLarsonAllen LLP •How Information • Overview WEALTH –Loss –Loss –Loss –Data –Data –Data –Data
ADVISORY
do | OUTSOURCING
of of of access leakage corruption loss
we
computing network network
–Threat |
AUDIT, secure
Security
TAX,
AND
security privacy CONSULTING
equipment systems?
Landscape
Risks 5 ©2016 CliftonLarsonAllen LLP What weexpect Definition WEALTH “A –Availability –Integrity –Confidentiality behave Source: by
ADVISORY
Simson secure
“Web
|
OUTSOURCING afne with Garfinkel
Security
as
system of
| we AUDIT,
and
a Gene
TAX,
Commerce” expect.”
AND Secure
Spafford
CONSULTING
is
one
we System
can
depend
on
to
6 ©2016 CliftonLarsonAllen LLP Why WEALTH
ADVISORY
are
| OUTSOURCING
we | AUDIT,
attacked?
TAX,
AND
CONSULTING 7 ©2016 CliftonLarsonAllen LLP Trading • •Service•Markets Suppliers • Cybercrime Proliferation • WEALTH models (“cybercrime
ADVISORY
| OUTSOURCING
providers systems |
AUDIT, Industry
of as
TAX,
AND
business a
CONSULTING
service”)
8 ©2016 CliftonLarsonAllen LLP •Phishing •HackersCybercrime WEALTH fraud 89% – –Black–More –More
ADVISORY ◊
|
Verizon and OUTSOURCING
of
market
“hands sophisticated
have
is breaches
hacking
|
a 2016 AUDIT,
root
TAX, “monetized”
‐ economy on”
AND Data
CONSULTING
has cause
effort attacks
Breach
hacking
a
financial
behind
Investigations
including
their
or
the
espionage activity
Report
majority ransomware
(DBIR)
motive
of
cyber
9 ©2016 CliftonLarsonAllen LLP Cybercrime WEALTH
ADVISORY
| OUTSOURCING |
AUDIT, Motivation
TAX,
AND
CONSULTING 10 ©2016 CliftonLarsonAllen LLP Employees • •Social Poor • Malware • Email • How WEALTH ransomware – targeted – –“Spear
ADVISORY
do
Configuration |
OUTSOURCING Phishing Engineering
attackers
Phishing” | AUDIT,
TAX,
AND
CONSULTING
get
in? 11 ©2016 CliftonLarsonAllen LLP •It Most • How WEALTH message of Browsing – –Phishing
ADVISORY is
two
do important
| breaches OUTSOURCING
scenarios attackers
or
| to
AUDIT, the
a
TAX,
to
compromised/malicious
AND or website
CONSULTING
learn
malware
get
how
in are ‐
infections
to legitimate Protecting
identify
website
start
and if
the
Yourself
from safe
one
12 ©2016 CliftonLarsonAllen LLP Statics WEALTH
ADVISORY
| OUTSOURCING | AUDIT,
TAX,
AND
CONSULTING of 100,000 approximately Dataset were 2016 organization industry data Number incidents
which
breaches
Verizon confirmed
contained
incidents and of
3,141 by
security
victim size.
DBIR
13 ©2016 CliftonLarsonAllen LLP Statics WEALTH
ADVISORY
| OUTSOURCING | AUDIT,
TAX,
AND
CONSULTING of 100,000 approximately Dataset were confirmed data Number incidents and by 2016 size
which victim
organization
breaches
Verizon confirmed
contained
incidents of
3,141 industry with
data security
DBIR
loss
14 ©2016 CliftonLarsonAllen LLP Know EMAIL
the
primary
PHISHING
attack 15 ©2016©2015 CliftonLarsonAllen LLP •What •SimplyWhat WEALTH –Provide Download – Visit – Convince –
ADVISORY the ◊
is
|
(Password, OUTSOURCING is attacker
a put: Email
that malicious
confidential
| someone
AUDIT, and
action?
TAX,
Account Phishing?
AND open
CONSULTING website
to
Number, information a
perform malicious
etc.)
an
file
action
that
will
benefit
16 ©2016 CliftonLarsonAllen LLP Email •Traditional Spear • Whaling • WEALTH large specific specifically
ADVISORY
Phishing
|
OUTSOURCING amount
Phishing
target
–“C |
AUDIT, Attack targeted ‐
TAX,
level” of
AND Attack –A
CONSULTING users
(Spamming)
custom
executives
message
Attacker – or
management
is
built
targets
for
a
is
a
17 ©2016 CliftonLarsonAllen LLP The Spotting
link WEALTH
ADVISORY requests
| OUTSOURCING
a the
Malicious |
user AUDIT,
TAX,
to
AND
CONSULTING visit
a
website
Link
to
perform
account
maintenance. 18 ©2016 CliftonLarsonAllen LLP .This 2. .Hovering 1. Uncovering WEALTH
ADVISORY link
appears
| over OUTSOURCING
a
link
| to
AUDIT, a
go with
TAX, Malicious
to
AND
CONSULTING your Amazon
mouse
but
will is Link
actually
show
the
going
true
to
path
a
malicious
of
an
site.
link. 19 ©2016 CliftonLarsonAllen LLP Phishing WEALTH
ADVISORY
| OUTSOURCING
Example | AUDIT,
TAX,
AND
CONSULTING 20 ©2016 CliftonLarsonAllen LLP •HackersSpoofed •It WEALTH email source. message
ADVISORY is
becoming
|
OUTSOURCING phishing
Internal are
to |
AUDIT,
appear becoming
TAX,
more attacks
AND
CONSULTING
Source
to
common
come more everyday.
from sophisticated
for
an a
trusted
phishing with
internal
their
21 ©2016 CliftonLarsonAllen LLP The Ransomware
next
great
threat? 22 ©2016©2015 CliftonLarsonAllen LLP •The Ransomware • Ransomware • Ransomware • Ransomware • Ransomware WEALTH hold attacked’ in dollars
ADVISORY 2017
FBI ‐ ups
| OUTSOURCING
says
last
| it
year, AUDIT, threat attacks spiked Damages
received
TAX, Impact
AND
costing
CONSULTING
on 752%
hit
Predicted the 2,453
over
the in
rise
new
700,000 complaints
victims
as
to
families 'almost
Reach
more users
about
40%
in $1
than in
2016
Billion
one of
ransomware
$24 businesses
year
Annually
million
23 ©2016 CliftonLarsonAllen LLP Ransomware http://www.trendmicro.com/vinfo/us/security/research WEALTH
ADVISORY
| OUTSOURCING | AUDIT, ‐
TAX,
AND Threat
CONSULTING
Landscape ‐ and ‐ analysis/threat ‐ reports/roundup 24 ©2016 CliftonLarsonAllen LLP Ransomware omware_and_Businesses.pdf http://www.symantec.com/content/e WEALTH
ADVISORY
| OUTSOURCING | AUDIT, ‐
TAX,
AND Threat
CONSULTING n/us/enterprise/media/security_r
Landscape esponse/whitepapers/ISTR2016_Rans 25 ©2016 CliftonLarsonAllen LLP What Most • Middle • •Low to A WEALTH
type
a
ADVISORY
system
◊ ◊ ◊
is
of Grade |
OUTSOURCING computer demand Justice ransom Pop Law Fake Dangerous
Ransomware?
malicious Grade ‐
enforcement up
antivirus until
|
messages
AUDIT, messages money
payment
for
TAX,
a AND
which
tools
CONSULTING sum be
software
to
say
scams to paid
pretend claim you
fix
your of
by them.
need use
money
they've
a files
deadline
to
fake designed
to
detect are
pay
FBI detected
encrypted is
a or in
malware
fine. paid.
order U.S.
to illegal
Department
to and block
issues
return
activity demand
and
access
them.
of on
your
26 ©2016 CliftonLarsonAllen LLP What •Not •Many •Some Attack • WEALTH that Encrypt – CryptoWall, –
ADVISORY
◊ ◊ ◊
just is
are | OUTSOURCING Payments Data Well
strains variants
Ransomware? on
customized Windows
over on
all the | AUDIT,
local
data,
400
are
TAX, CryptoLocker, have
Availability
AND and
machine
often and
CONSULTING
hold
operating
custom counting constant
in to
it
Bitcoin and
“ransom” their
on
Mamba, of
ransomware
network
evolution victim network systems,
for
etc.
$$
data also
web
Apple
pages
27 ©2016 CliftonLarsonAllen LLP What Traditionally • •FBI User • Cyber • Easier • •FBI WEALTH backups victim recover
ADVISORY
has stated is
| credentials OUTSOURCING
criminals to is Ransomware?
told
from
not do
| they AUDIT,
victims than
provided
delivered
TAX, backups
AND
have attempt
CONSULTING are
exfiltration
to
used started
decryption
pay through
to
for
the
delete
seeing
of network
ransom
email the
key
host
data instances
phishing after
access
if and
they
paying network
cannot where
28 ©2016 CliftonLarsonAllen LLP attack.pdf?linkId=28575248 https://www.rsa.com/content/dam/rsa/PDF/2016/08/infographic Ransomware WEALTH
ADVISORY
| OUTSOURCING | AUDIT,
TAX, –Email
AND
CONSULTING
Phishing ‐ detecting
Attack ‐ and ‐ responding ‐ to ‐ a ‐ ransomware ‐ 29 ©2016 CliftonLarsonAllen LLP Malware • Ransomware WEALTH everything interact
ADVISORY
| OUTSOURCING
with
encrypts
| it AUDIT,
can
TAX, Attack –
AND
CONSULTING
30 ©2016 CliftonLarsonAllen LLP Ransomware
Attacks 31 ©2016 CliftonLarsonAllen LLP Ransomware https://www.aol.com/article/ •March WEALTH
ADVISORY
|
OUTSOURCING 3,
2017 Pennsylvania news/2017/03/03/pennsylvania | AUDIT,
‐ –Case
TAX, working
AND
CONSULTING
Studies
with
Senate ‐ senate
Microsoft ‐ democrats
Democrats ‐ fall
‐ victim to
restore ‐ to ‐ ransomware
the ‐ attack/21873178
system / 32 ©2016 CliftonLarsonAllen LLP Ransomware WEALTH Ransomware http://thehackernews.com/2017/01/ransomware
ADVISORY
| OUTSOURCING |
AUDIT,
Hackers –Case $28,000
TAX,
AND
CONSULTING
Blackmail
in Studies ‐
malware ransom ‐ attack.html
Los
was
Angeles
paid
Valley
College 33 ©2016 CliftonLarsonAllen LLP Ransomware (Paid Departments Sheriff Police Five Departments Police Blackmail Hackers Ransomware WEALTH
Maine Ransom http://www.nbcnews.com/news/us
ADVISORY and
U.S. |
OUTSOURCING )
| AUDIT,
–Case
TAX,
AND ‐ news/ransomware
CONSULTING
Studies ‐ hackers ‐ blackmail ‐ u ‐ s ‐ police ‐ departments ‐ n561746 34 ©2016 CliftonLarsonAllen LLP Ransomware IT http://money.cnn.com/2016/04/04/technology/ransomware
department WEALTH
ADVISORY
|
OUTSOURCING was
able | AUDIT,
to –Case
TAX, recover
AND
CONSULTING
most
Studies
of ‐ cybercrime/
the
files
and
had
the
system
back
up
within
a
day 35 ©2016 CliftonLarsonAllen LLP Know Key
defense Defensive
Strategies 36 ©2016 CliftonLarsonAllen LLP Strong WEALTH
Foundation • ADVISORY
|
OUTSOURCING Policies | AUDIT,
TAX,
for
AND –Define
CONSULTING
IT
governance
what
is
expected
37 ©2016 CliftonLarsonAllen LLP websites Learning Staff WEALTH –If –Don’t Ensure – –Don’t–Don’t
ADVISORY visiting
Security something
| OUTSOURCING
how is
browse trust trust
key you CHECK |
AUDIT, to
links attachments
are to
TAX,
looks
Awareness identify the
AND
protecting visiting
CONSULTING IT
web/check
odd… BEFORE
the phishing
website
yourself
YOU email
emails
CLICK you as
online: an
think
administrator and
IT!
you
malicious
are
38 ©2016 CliftonLarsonAllen LLP Where • Most • •Principal Defined WEALTH •This
ADVISORY
|
users OUTSOURCING
are user should
of
|
the
AUDIT, should minimum
access TAX,
backups include AND
CONSULTING
O have NOT
roles access
IT
stored?
staff
and
and administrator
also
least permissions
privilege
rights
39 ©2016 CliftonLarsonAllen LLP Hardened WEALTH • • • • •
ADVISORY Endpoint Turn Passwords Application Hardening • •
| OUTSOURCING • Software FTP,
off
https://technet.microsoft.com/en internal
| Telnet, AUDIT,
unneeded
TAX,
Protection Restriction
AND
checklists –NO
CONSULTING controls
NetBIOS
systems
default,
Policies
services
– Anti
(end
‐ Use us/library/cc759648(v=ws.10).aspx ‐ Malware,
passphrases points)
Anti ‐ Virus 40 ©2016 CliftonLarsonAllen LLP Vulnerability Centralized • •Operating •Testing Application • WEALTH Find –
ADVISORY
| OUTSOURCING
and
to |
AUDIT, address
validate
system
TAX, management
patch patches
AND
CONSULTING
the
management patches
exceptions effectiveness
process 41 ©2016 CliftonLarsonAllen LLP •Firewall Network • Well •Intrusion WEALTH AND Internet for Detection/Prevention traffic Proxy”
ADVISORY
defined network
| workstations OUTSOURCING
in
integration
and
facing AND
segments | AUDIT,
traffic, “Web
perimeter TAX,
out
AND
hosts,
CONSULTING
for
security
layers 42 ©2016 CliftonLarsonAllen LLP Centralized automated Archiving • Applications • •Servers•Routing Network • WEALTH
ADVISORY
| OUTSOURCING
infrastructure
|
vs.
AUDIT, alerting audit
TAX, Reviewing
AND
CONSULTING
logging,
capabilities
include –
analysis,
remote
and
access
43 ©2016 CliftonLarsonAllen LLP •Prevent Flag • Flag • •BlockEmail WEALTH HTA, –E.g. –Custom –Use
ADVISORY
emails Office
JAR)
filtering
potentially |
Modify ”whitelist” OUTSOURCING
your
rule
documents that
|
subject
AUDIT, organization’s to
evaluate TAX, approach originate
malicious capabilities
AND
line CONSULTING
that to
Envelope
–only
say from
file contain
domain ‘External’
allow
attachments the
and
specific
Internet Letter Macros
from
FROM
being types
as (e.g.
suspicious field
spoofed
ZIP,
RAR,
44 ©2016 CliftonLarsonAllen LLP Validation •Pre •A Penetration • Vulnerability • •(IT) WEALTH
ADVISORY
combination
‐
Control implementation | OUTSOURCING
that | AUDIT,
Audits Testing
TAX,
Assessments
AND
of it
CONSULTING
all internal
and works
post
and
the ‐
implementation external
way
resources you
expect 45 ©2016 CliftonLarsonAllen LLP Vendor Require • •For WEALTH •Right Incident • Secure • Vulnerability • Understand • your operate
ADVISORY
managed |
OUTSOURCING own…
Management
to
vendor up
communication
|
audit response AUDIT,
to
TAX,
your
services,
AND management your
CONSULTING systems
contracts
capabilities
standards
require protocols
be
and
at
SLAs
least vendors
as
secure
to
agree
as
to
46 ©2016 CliftonLarsonAllen LLP •CreatePlan Intelligently • Defense • Establish • WEALTH
ADVISORY
–Not
| OUTSOURCING
an
in
incident
incident
IF | Depth AUDIT,
protect
but
TAX,
AND
CONSULTING
response
WHEN response
your
“crown
policies
plan
jewels ” 47 ©2016 CliftonLarsonAllen LLP environments? What
is
wrong
with
these
48 ©2016 CliftonLarsonAllen LLP •SQL NEVER • Vendor • •Loss Publicly • Illustration WEALTH Vendor’s –
ADVISORY
Injection of
| OUTSOURCING
tested
data
managed accessible
–It
| responded AUDIT, ‐
vulnerability is unknown TAX, for
AND
the
CONSULTING
vulnerabilities
website
vendor’s
that
access
responsibility,
was
read ‐ only
right? 49 ©2016 CliftonLarsonAllen LLP •Loss •Active •Could Illustration •Had •Firewall WEALTH
ADVISORY
local of
|
OUTSOURCING
access monitoring
data
rules
admin
| –CFO AUDIT,
unknown –
personal
TAX, allowed
AND
access
CONSULTING
on is
not
internal
any email
to (possibly
immune
work outbound
from
network
computer
PII, work
traffic PHI)
not
computer
in
place 50 ©2016 CliftonLarsonAllen LLP WEALTH
ADVISORY
| OUTSOURCING | AUDIT, Questions?
TAX,
AND
CONSULTING 51 ©2016 CliftonLarsonAllen LLP LLPLLP
CliftonLarsonAllen CliftonLarsonAllen
©2016©2016
Jim Barton, CISA, PCI‐QSA, CCSFP Manager Information Security Services [email protected] 888‐529‐2648
CLAconnect.com
linkedin.com/company/ facebook.com/ twitter.com/CLAconnect cliftonlarsonallen cliftonlarsonallen • • • • • • Resources WEALTH users/ 40 id/1326960?_mc=sm_dr&hootPostID=ae3132b2e7b0a6b042f8fd08d2a9df55 ransomware utm_campaign=blogpost 2016/?utm_source=twitter&utm_medium=social&utm_content=ransomware%20damages& http://money.cnn.com/2016/04/04/technology/ransomware https://www.helpnetsecurity.com/2016/09/15/cyberattacks https://www.helpnetsecurity.com/2016/06/24/crypto https://www.theguardian.com/technology/2016/aug/03/ransomware http://www.darkreading.com/attacks https://www.herjavecgroup.com/ransomware ‐
of ADVISORY ‐ businesses
| OUTSOURCING ‐ attacks ‐ ‐ attacked | AUDIT, ‐ Impact /d/d
TAX, ‐
AND
CONSULTING ‐ breaches/education ‐ damages ‐ ransomware ‐ predicted ‐ now ‐ ‐ cost cybercrime/ ‐ suffers ‐ smbs ‐ 1 ‐ attacks ‐ billion ‐ threat ‐ ‐ the 86500/ ‐ ‐ ‐ most annually hit ‐ on ‐ 700000 ‐ ‐ the ‐ ‐ rise ‐ ‐ as ‐ 53 ©2016 CliftonLarsonAllen LLP Resources WEALTH Holiday – Blue – Health WellCare – University – Highmark – –Verizon Dun –
ADVISORY breach es_affect_nj_residents.html so 336m https://www.identityforce.com/blog/recent http://www.nj.com/news/index.ssf/2017/02/emails_credit_cards_biggest_data_breach Hotels https://www.identityforce.com/blog/recent Cellebrite, http://www.careersinfosecurity.com/sizing https://www.identityforce.com/blog/recent ‐ far
| & Shield, OUTSOURCING ‐ ‐
‐ files a Bradstreet ‐
at ‐ Inn Enterprise 9673 ‐
BlueCross
nearly ‐ of Little vulnerable/article/644419/ ‐
Quest
http://bankingjournal.aba.com/2017/04/holiday Central Breached – | AUDIT,
Red ‐ Plans 1200 ‐
Diagnotics,
Solutions, TAX, https://www.scmagazine.com/dun
BlueShield Door Florida,
AND
‐ Inc. hotels/
CONSULTING
Cancer of
Radiology Florida, eSa Health, MedStar
Madison
of
Services Delaware,
Verity Companies
Regional Square
of ‐
up Health ‐ ‐ ‐
data data data E East
‐ 21st
‐ Sports Garden, health
Center,
‐ ‐ ‐ Central breach breach breach ‐
Century
‐ Entertainment ‐ data bradstreet
Landry's
Neiman ‐ ‐ ‐
Indiana roundup roundup roundup ‐
breaches Oncology, ‐ inn
restaurants, Marcus, ‐ ‐ ‐ parent database ‐ ‐ ‐ january february march
‐ Association reported
Law ‐
‐ VTech confirms 2016
‐ Firms 2017 ‐ ‐ breached 2016
Yahoo, ‐ in ‐
‐
(ESEA), ‐ 2017 ‐ data
HEI ‐ ‐ ‐
54 ©2016 CliftonLarsonAllen LLP Cyber WEALTH
ADVISORY
Kill | OUTSOURCING
Chain | AUDIT,
TAX,
AND ‐
CONSULTING Attack
Stages 55 ©2016 CliftonLarsonAllen LLP SANS/CIS https://www.sans.org/media/critical WEALTH
ADVISORY
| OUTSOURCING
Critical | AUDIT,
TAX,
AND
CONSULTING
Controls ‐ security ‐ controls/critical ‐ controls ‐ poster ‐ 2016.pdf 56 ©2016 CliftonLarsonAllen LLP