cyber security and michigan businesses
play

Cyber Security and Michigan Businesses February 7, 2019 Agenda US - PowerPoint PPT Presentation

Cyber Security and Michigan Businesses February 7, 2019 Agenda US Secret Service Jordan Johnston Special Agent with Detroit Field Office Fraud & Cybercrimes Division Member of Electronic Crimes Taskforce Member of Dark


  1. Cyber Security and Michigan Businesses February 7, 2019

  2. Agenda • US Secret Service • Jordan Johnston • Special Agent with Detroit Field Office – Fraud & Cybercrimes Division • Member of Electronic Crimes Taskforce • Member of Dark Web Taskforce with Homeland Security Investigations • Member of Cryptocurrency Taskforce with the FBI • MIMECAST • Rob Harvey • Commercial Account Manager • CloudSAFE • Michael Butz Sr. • Founder and CEO

  3. Current Cybercrime Trends Impacting our Financial Infrastructure and Your Financial Future Jordan Johnston Special Agent U.S. Secret Service Detroit Field Office U.S. Department of Homeland Security United States Secret Service

  4. MISSION STATEMENT “The mission of the United States Secret Service is to safeguard the nation’s financial infrastructure and payment systems to preserve the integrity of the economy, and To protect national leaders, visiting heads of government, designated sites and National Special Security Events.” U.S. Department of Homeland Security United States Secret Service

  5. Financial Crime Investigations: ▪ Identity Theft ▪ Access Device Fraud ▪ Network Intrusions U.S. Department of Homeland Security United States Secret Service

  6. Magnitude -2016- Received 298,728 cyber crime and fraud complaints Reported losses in excess of $1.4 billion BEC was the #1 cause of loss BEC global exposure, 2013-2016: Over $5 billion (reported) $5,302,890,449 Number of victims: 40,203 (the math)--$131,902.85/victim BEC from January 2016 - June 2017: Attempted $222.9 million Returned/Frozen $74,831,206 (34%) Unrecovered $148.1 million(66%) U.S. Department of Homeland Security United States Secret Service

  7. Identity Theft PII (personally identifiable information) – any data that either on its own or used with other information could potentially identify a specific individual, e.g., name, SSN, DL, and DOB. U.S. Department of Homeland Security United States Secret Service

  8. More sophisticated ways to obtain PII: ▪ Network Intrusions ▪ Dating schemes ▪ Employment schemes ▪ Recycling storage media ▪ “Geotagging” – BEWARE! U.S. Department of Homeland Security United States Secret Service

  9. Very basic uses for PII: ▪ Obtain credit in the victim’s name to… ▪ Purchase jewelry, electronics, stored-value cards ▪ Obtain utilities – cable TV, Internet ▪ Purchase/Lease automobiles ▪ Savings/Checking Account Takeovers U.S. Department of Homeland Security United States Secret Service

  10. Additional ways to obtain account numbers ▪ Phishing ▪ Network Intrusions / Data Breaches ▪ Collusive employees ▪ Malware, Trojans, Worms U.S. Department of Homeland Security United States Secret Service

  11. “Dumped” Card Information is Transmitted Overseas and Sold on the Internet – Carding Portals U.S. Department of Homeland Security United States Secret Service

  12. Retail Threat Vectors Sophisticated Botnets Point of Sale Malware Fraudulent Payment Methods Business Email Compromise Distributed Denial of Service Mobile Payment U.S. Department of Homeland Security United States Secret Service

  13. Point Of Sale Network Intrusions • Infiltration (malware/keyloggers/sniffers) • Aggregation • Exfiltration (email accts/servers ?….) Data Flow U.S. Department of Homeland Security United States Secret Service

  14. Network Intrusion Commonalities • Using the same admin password since installation • Failure to use/update AV software • POS system configured for remote management without two-factor authentication login • Computers in the PCI environment used to browse internet, play games, and check Facebook • Not changing default manufacturer passwords EVER • Running devices on administrator account U.S. Department of Homeland Security United States Secret Service

  15. Business Email Compromise (BEC) Email Account Compromise (EAC) U.S. Department of Homeland Security United States Secret Service

  16. What is a Business Email Compromise? • Sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments • BOTH suppliers and their customers are victims of this scam • Targets CFO, CTO, or some high-ranking executive • Compromise via social engineering or computer intrusion techniques • Formerly known as the man-in-the-email scam, the BEC was renamed to focus on the business angle of this scam U.S. Department of Homeland Security United States Secret Service

  17. Business Email Compromise The Process 1. Vector is stolen credentials and/or malware, or email from a spoofed or similar domain 2. Compromised systems monitored and/or files scanned for invoices/accounts payable 3. Snooping or surveillance conducted on executives and/or their staff 4. Impersonation of executives executed by way of email, voice, call-forwarding, and/or fax U.S. Department of Homeland Security United States Secret Service

  18. “Money Mule” Facilitation “Money Mule”— A witting or unwitting individual directed to open bank accounts to receive fraudulent money transfers, and then transfer funds to other (fraudulent) bank accounts U.S. Department of Homeland Security United States Secret Service

  19. “Money Mule” Facilitation Often acquired online through social engineering and fake job postings on: • Social Media • Legitimate job boards • Fake job boards • Radio advertising • Romance scams on dating sites • Other social engineering — Money Mules are a Challenge — • They are not routinely held accountable in criminal and/or civil action • Bank accounts can be closed, but funds are often returned to mules • Many mules do not realize they are breaking the law U.S. Department of Homeland Security United States Secret Service

  20. Phishing Spear Phishing Whaling U.S. Department of Homeland Security United States Secret Service

  21. Ransomware U.S. Department of Homeland Security United States Secret Service

  22. Example U.S. Department of Homeland Security United States Secret Service

  23. Example ▪ Southern University contracted with a company for construction work at the university. ▪ D.M., the Assistant Director of Payment Services for Southern University, received an email directing him to change Company’s ACH payment account ▪ Email extension read “ accts.receivable@companyinc.com ” ▪ The email extension for (actual) Company should be “@company.com ” U.S. Department of Homeland Security United States Secret Service

  24. Example continued ▪ Attached to the fraudulent email was a blank Citibank check purportedly from Inc. — with Company a routing number, account number, and check number — and an Authorization Agreement for Automatic Deposit of Vendor Checks purportedly from “Company Inc. ” and signed by a person purportedly named “Tim Stallings. ” ▪ The next day, Southern University made three payments via wire transfer, totaling $1.3 million, to “Company Inc. ” ▪ (Actual) Company Inc. never received payment from Southern University. ▪ Investigators reviewed the fraudulent account and discovered a $20,000 wire transfer into the bank account of “West Coast Designs,” belonging to Linda Lee. U.S. Department of Homeland Security United States Secret Service

  25. Example continued ▪ Linda Lee explains she co-owns the business with her fiancée, Dennis Rand, whom she has never met. Rand directed Lee to open three bank accounts. ▪ Lee states business is booming, with a recent $1.3 million design deal in Texas. ▪ Lee states Rand asked her to occasionally move money from one account into another. ▪ Investigators explained to Lee the $1.3 million was illegally obtained from Southern University, not a design deal. ▪ Lee agreed to forfeit the remaining money in the account and provided a detailed ledger of account activity. ▪ Investigators tracked the funds transferred Southern University's transaction to an account owned by Sam Smith. U.S. Department of Homeland Security United States Secret Service

  26. The Rapid Growth of Cybercrime U.S. Department of Homeland Security United States Secret Service

  27. Hacking Made Easy U.S. Department of Homeland Security United States Secret Service

  28. Personal Information is Cheap U.S. Department of Homeland Security United States Secret Service

  29. Target Lists are Free Experian.com/small business/mailing lists InfoUSA.com DatabaseUSA.com ReferYes.com Dark Web Marketplaces eGrabber.com — “Capture leads & prospects from any webpage, find & add any missing field (email/phone/...), update, de- dupe, merge & segment any prospect list” U.S. Department of Homeland Security United States Secret Service

  30. Prevention • Do not click unknown attachments • Select computer settings to view entire link extension • Verify any requests for: – Change in payment type or location – Speedy or secret transfers • Be wary of free web-based e-mail accounts • Multiple-factor authentication • Use “forward” instead of “reply to” • Awareness training of front-line employees U.S. Department of Homeland Security United States Secret Service

Recommend


More recommend