By Paul Hager, CEO Information Technology Professionals

Home , CryptoLocker

By Paul Hager, CEO Information Technology Professionals Your Questions Answered Today • Who is that is writing all these viruses? • Why do they do it? • I have Anti Virus and a Firewall so my company is safe, right? • What do you do to keep our company data safe? Vocabulary: – Rootkit – Virus that provides unauthorized access to a remote system – Trojan - a piece of software that looks like it is doing what the user thought, but in reality it is malware designed to infect the user's PC. It is named after the horse that the Greeks used in the Trojan War, as detailed in Virgil's Latin epic poem The Aeneid. – Ransomeware – virus used to demand payment – BOTNET – Network of infected computers used to send SPAM or DDoS attacks – DDoS – Denial of Service. Volumes of junk traffic to prevent the good traffic from getting through • The first SPAM email in 1978 A Brief History of Security • Name does come from Monty Python • Grows in the 90’s and early 2000’s • SPAM exists to sell: – Adult Content – Pharma • Major Botnet and ISP take downs in 2008 but they strive on A Brief History of Security • Only stopped by…. – VISA and MASTERCARD • Now what? • Viruses • Ransomware • BOTNETS A Brief History of Security

• New Currency in a new modern black market Bitcoins • Bit mining is the new money laundering • The Onion Router Network • The Darknet Where is it sold? State of the State of Security • 65 Adversaries, 36 most active • Increase in Ransomware • Increase in sophistication • POS Targeting Credit Card Track Data in memory • Phone scams on the rise (https://www.youtube.com/watch?v=sz0cEo2h3f8) • More Damage Than Ever • XP EOL and Server 2003 EOL • http://map.ipviking.com Review of Recent Noteable Breaches

• Target • Sony • Home Depot • 477 million identities/accounts have been compromised in the last 12 months.

http://www.informationisbeautiful.net /visualizations/worlds-biggest-data- breaches-hacks/ Sony Sony Part 2 • DDoS • Lizard Squad • DDoS for hire for $40 take down a competitor • Average cost for DDoS event defense is $40,000 • Believed to be captured The Adversary The Adversary • Criminal • Hacktivist • State-sponsored • Nationalist Countries Most Attacked Most Active Malware PlugX

• Commonly delivered via a spear phishing attack. • Comes from zero day from last March, CVE-2014-1761, which exploits vulnerable Microsoft RTF or Word documents. • Others make use of well-worm holes like CVE-2012-0158 in PowerPoint and Excel, that were also used by the IceFog, Red October, and Cloud Atlas attacks. • While some of the groups using PlugX have gone out of their way to register new domains for leveraging the malware’s C+C, many domains from the last several years remain active

Cryptolocker aka Cryptowall • First version taken down in June of 2014 with the ZeusBot Net going down • No longer uses BOTNETS uses P2P • Polymorhpic and self registering Domain names • Locking Computer Screens • AV won’t prevent it Anatomy of a Hack

Footprinting Scanning Enumeration Gaining Access Escalating Pilfering Covering Create DDoS privilege Tracks Backdoors

• DNS WHOIS • NAMP Scan • Probe open • Password • Known • Gather • Delete log • Website ports phish Sniffing, Exploits information files for data Penatration, and use it to • Hide tools Brute Force re- enumerate and steal data

Steps 1-4 take less than a week on average Other Security Statistics that Will Scare You

• The Average time to detection is 271 days • https://databreachcalculator.com • Average is around $200 per record

Source: Crowdstrike.com Just an Enterprise Problem Right? • No • As a percentage of revenue a single HIPPA or PCI fine could be worse than the Target breach for small to midsized company Example: Dental Practice in Madison • Virus Leads to Customer Database being compromised • Patient Information Breach • HIPPA fines total $130,000 for a 11 person office Example: Commercial Business in Madison • Virus keylogged CFO’s machine for months • Executed valid wire transfer from his PC to offshore account • Only stopped because of the bank Example: Importance of Security With mobile Employees • In 2009, the FBI told Coca-Cola executives that hackers had broken into their computer systems and spent a month "pilfering sensitive files" about Coke's "attempted $2.4 billion acquisition of China Huiyuan Juice Group,” • The subject line on the email was "Save power is save money! (from CEO) • Gave hackers full access to Etchells's computer • Once in control of the computer, the hackers installed various other programs, gaining access to the company's corporate network and using Etchells's machine as a staging point to store and download data taken from other computers.” http://www.networkworld.com/article/2223443/microsoft-subnet/coca- cola-hacked-by-chinese-and-kept-it-a-secret.html Firewall and AV is Not • Need threat intelligence Enough • You will be breached its how quickly you respond ITP Your Outsourced CISO ITP Offerings • Yes we do Strategic, Support & Project • We have a security practice • Assessment • Remediation • Ongoing Protection Solutions • ITP Managed Security Service Packages • ITP Managed Security products • Assessments – PCI DSS – HIPPA – SOX – NIST – FISMA Step 1 CATEGORIZE Information Assessment Process (NIST) System

Step 6 Step 2 SELECT MONITOR Security Security Controls Controls

Step 5 Step 3 AUTHORIZE IMPLEMENT Information Security System Controls

Step 4 ASSESS Security Controls Parting Personal Security Tips • Credit monitoring for your kids • Use DuckDuckGo.com for your search engine • IP Vanish as a personal VPN solution if you don’t have a corporate network • Enable Privacy Protections on your devices and in your browsers • Don’t use public wifi especially when travelling

• Bill Henry, VP of Sales Contact Info • [email protected] • 414-453-7100