Cybersecurity - A Clear and Present Danger
6/4/2015
Cybersecurity
A Clear and Present Danger
Thomas J. DeMayo, CISSP, CISA, CIPP, CEH, CHFI, MCSE Director IT Audit and Consulting Services TDeMayo@
Objectives
? Gain an understanding of current cyber security vulnerabilities, such as Ransomware, Mobile Devices and Electronic Fund Transfer Fraud.
? Visualize the "Dark Web" through an exploration of what it is and how it supports the cyber underground
? Identify the Federal and state privacy laws that are applicable to their business
? Leverage the disclosed techniques to perform a true cybersecurity risk assessment
? Utilize the key control considerations discussed in strengthening their own cybersecurity defenses.
? Establish the framework for Business Continuity/Disaster Recovery/Incident Response Plan
HFTP
2
1
The Many Faces of Cyber Fraud
6/4/2015
HFTP
3
Why Attack Hospitality?
? Why Not? ? Hospitality companies have:
? Bank accounts ? Employee payroll ? Employee personal information ? Customer personal information ? Perform EFT transactions ? Process credit card transactions
4
2
6/4/2015
Cyber Fraud is Big Business
? Malware is specifically written to target your bank accounts and sensitive information
? ZeuS ? SpyEye
? Malware is for sale on the web
? Crime gangs are hiring rogue programmers to create new and modify existing malware to evade detection from anti virus software
5
Cyber Fraud is Big Business
? The cyber underground has developed a business model of providing turnkey cyber crime solutions hosted by criminal organizations
? Malware as a Service ("MaaS") ? Fraud as a Service ("FaaS") ? Attacks as a Service ("AaaS")
HFTP
6
3
6/4/2015
Cyber Fraud is Big Business
Electronic Fund Transfers "EFT's" ? Commercial and Consumer EFT's are protected
differently under the law
? Consumers are protected by the Electronic Funds Transfer Act
? Consumers are allowed up to 60 Days to report fraudulent transactions
? Commercial EFT's are regulated by the Uniform Commercial Code Article 4A
? Businesses are allowed up to two days to report the fraudulent transaction depending if it was an ACH or Wire Transfer
7
Banking Malware In Action (Ex 1)
Initial Balance $5,000
Wire $500 to Acct # 12345 Bank: ABC
Wire $2,000 to Acct # 54321 Bank: XYZ
Wired $500 to Acct # 12345 Bank: ABC Balance: $4,500
Final Balance $3,000
8
Wired $2,000 to Acct # 54321 Bank: XYZ Balance: $3,000
4
Cyber Fraud is Big Business
6/4/2015
Standard Bank of America Login from a NON infected Machine
9
Cyber Fraud is Big Business
Same page from an infected machine (Part 1)
10
5
Cyber Fraud is Big Business
6/4/2015
Page Scrolled Down on Infected Machine
11
Cyber Fraud is Big Business
Img Source - Trusteer
HFTP
12
6
Web Layers
6/4/2015
HFTP
Img source:
13
Cyber Fraud is Big Business
Img Source - Trusteer
HFTP
14
7
Cyber Fraud is Big Business
6/4/2015
Img Source - Trusteer
HFTP
15
Cyber Fraud is Big Business
Img Source - Trusteer Img Source Krebs on security
16
8
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- past and present tense worksheets
- past and present tense games
- past and present tense list
- past and present verbs
- past and present word list
- past and present tense words
- past tense and present tense
- spanish past and present tense
- past and present tense quiz
- simple past and present perfect worksheet
- clear and delete today s history
- present and present continuous