The Third Wave of Hacking Cyber-Crime as a Service

Slides:



Advertisements
Similar presentations
Economic and Social Impact of Digital Security Eng. Qusai AlShatti Deputy Director for Information Technology.
Advertisements

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Internet as a Military-Free Zone: The Kaspersky Vision Eugene Kaspersky Chairman & CEO, Kaspersky Lab.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Security, Privacy, and Ethics Online Computer Crimes.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.
Cyber-Warfare: The Future is Now!
Joel Maloff Phone.com February, 2012.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Cyber Crimes.
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
7 Information Security.
Cyber Security Nevada Businesses Overview June, 2014.
NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.
Computer Crimes 8 8 Chapter. The act of using a computer to commit an illegal act Authorized and unauthorized computer access. Examples- o Stealing time.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
Custom Corporate Consulting and Training Fraud: Detecting and Preventing Presented October 30, 2010 To University of Texas at Arlington Executive MBA Students.
Grants Management Training 200 Cyber Security There are two kinds of people in America today: Those who have experienced a cyber-attack and know it, and.
The First Step in Cybersecurity. Past Threats and Incident of Cybersecurity 76 % of organizations polled by CompTIA said they experienced them [a cybersecurity.
Have the Time? Steps to Deal with Cybercrime HFTP Annual Conference Bellevue, Washington October 23, 2015 Presented by: John D. Daum, CPA Scott Perry (Just.
AVAR 2004, Japan, Tokyo Today’s Threats and the Evolution of the Computer Underground Today’s Threats and the Evolution of the Computer Underground Eugene.
Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
NATIONAL CYBER SECURITY GOVERNANCE & EMERGING CYBER SECURITY THREATS
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Friday 22nd April 2016 DS Chris Greatorex SEROCU
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
Zeus Virus By: Chris Foley. Overview  What is Zeus  What Zeus Did  The FBI investigation  The virus for phones  Removal and detection  Conclusion.
Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
NewCo Logo Keystroke Guard The technology that everybody needs October 15 th, 2014.
Copyright © 2013, SAS Institute Inc. All rights reserved. INTRODUCTION A review of the key industry threats and responses ahead Survey of 250 respondents.
September 19, 2016 Steve Konecny CFE, CIRA, CEH, CRISC Hands on Hacking.
Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.
Actuarial Review of Emerging Risks
Cyber Insurance Risk Transfer Alternatives
Cybersecurity as a Business Differentiator
CYBERSECURITY SOLUTIONS
Seminar On Ethical Hacking Submitted To: Submitted By:
Cloud Firewall.
Cyber enabled crime The challenge for national and local police.
Information Security.
Dissecting the Cyber Security Threat Landscape
Office 365 with confidence: security features for Office 365
بهترین راهکار را انتخاب کنید...
5G Security Training
Get instant internet security | | Wire IT Solutions
Andy Hall – Cyber & Tech INSURANCE Specialist
Secure Browsing Because malware usually doesn’t identify itself.
Curating an Effective Security Culture
Cyber Trends and Market Update
What are they and how can you stop them? 24th March 2012
FAIR 2018 – Cyber Risks & Markets
Securing the Threats of Tomorrow, Today.
PGE Chris Nolke, Director of Cybersecurity
Chapter 12: Fraud Schemes & Fraud Detection
CRITICAL INFRASTRUCTURE CYBERSECURITY
Strategic threat assessment
Texas Assisted Living Association 2019 Conference
Solving the Ethics Puzzle: An Overview of the Code of Ethics
IASA Northeastern Annual Regional Conference Economic and Capital Markets Overview November 2018 The material contained in this presentation has been.
SECURITY IN THE DIGITAL AGE
Cybersecurity and its Relevance to CIT
Anatomy of a Common Cyber Attack
Presentation transcript:

The Third Wave of Hacking Cyber-Crime as a Service Thomas Bennett CEO, ThreatSTOP Inc. Board Director, Dragos Former Board Director, Cylance Former Executive Chairman, Veracity Security Lia 1

What Actually Happens Now Gain Access. Physical AND Logical– employees, vendors, or hackers for hire. Learn the Procedures. Eavesdrop to understand the business processes. Gain Privileges. Keylogging, Process Hijacking, and Entitlements. Steal. Old/static receiver accounts used, steal from correspondent accounts. Distract Responders. Mask activities with DDOS–to obfuscate the crime(s). Cover Their Tracks. Employ log filtering and/or wipe files or systems used. Launder. Transfer funds through varied routes from local to remote banks. Cash Out. Convert to cryptocurrencies, or direct transfers to payees. Malware is a Tool Distraction and Obfuscation are Tactics Fraud and Theft are Techniques

The Evolution of Cyber Threats “Cybercrime-for-hire business appears to be so lucrative and booming that hacker gangs can't keep their crews staffed” -Bank Info Security, September 14 2016

Phase of Cyber Threats PHASE 1: Business Interruption Disrupt continuity of business (technology) for competitive (social, economic, financial) purposes; also distract from efforts to probe and penetrate networks.  PHASE 2: APT (Advanced Persistent Threat) Activities Gain and maintain access in order to observe, document/record, and catalog access and information as a commodity service offering.  PHASE 3: Extortion/Fraud/Theft Subscribe to access that others have already gained (hackers for hire or MAAS/BAAS catalog operators –aka “CAAS”) to perpetrate financial and economic crimes. Utilize technology as tools to distract investigators.

Phase 1 3-Phase construct and content courtesy of Dr. Shane Shook

Phase 2 3-Phase construct and content courtesy of Dr. Shane Shook

Phase 3 3-Phase construct and content courtesy of Dr. Shane Shook

We are well into the Third Wave… Where’s it coming from? Portugal, Russia, Netherlands, the U.K. and Iceland

Think of it as Angie’s List for hacking services

Think of it as Angie’s List for hacking services This is a Growth Industry!

What a sophisticated CAAS attack looks like SWIFT (Global Payment Network) Content courtesy of Dr. Shane Shook

Cybersecurity Disclosure Act 0f 2017 First introduced in 2015 Requires companies to include in their SEC disclosures to investors whether anyone on the company's board is a cyber security expert. If such an expert does not exist, the company must disclose how it plans to mitigate the lack of expertise on the board.  Initially targeted at publicly traded companies, but… Realities of Government Regulations Regulations take a life of their own, and tend to be supported and given immortality by fines Witness General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679): 2-4% Gross Revenues Things of a certain kind flow downhill, and private companies will be in the cross-hairs

Thank You Thomas (Tom) Bennett e: tom@cyberdirector.org LinkedIn: https://www.linkedin.com/in/thomasbennett101

NACD Texas TriCities Chapter Thank you for attending! To download materials from past programs, please visit http://utah.NACDonline.org/Resources/meeting.cfm Register for our programs at utah.NACDonline.org Chapter Administrators: Julie Pitts, Regional Director, jpitts@NACDonline.org Heather May, Chapter Administrator, heather.may@NACD-Utah.org 5/14/13 Driving and Surviving with the Next Generation at Work | Houston, Texas

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.