©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential.

Slides:



Advertisements
Similar presentations
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Advertisements

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security, Privacy, and Ethics Online Computer Crimes.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Cyber X-Force-SMS alert system for threats.
Microsoft Ignite /16/2017 4:54 PM
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Wonga example Register Question- What risks do you think businesses face due to IT developments?
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Risks and Revenues Virtual Business Copyright © Texas Education Agency, All rights reserved.
Computer Crime and Information Technology Security
Cyber Crimes.
PART THREE E-commerce in Action Norton University E-commerce in Action.
©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential.
Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
1 ©2013 Experian Information Solutions, Inc. All rights reserved. Experian Public ©2013 Experian Information Solutions, Inc. All rights reserved. Experian.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Management Information Systems Chapter Eight Securing Information Systems Md. Golam Kibria Lecturer, Southeast University.
10/14/2015 Introducing Worry-Free SecureSite. Copyright Trend Micro Inc. Agenda Problem –SQL injection –XSS Solution Market opportunity Target.
By: Lukas Touder Cortney Warrick Jennifer Wehner Zachary Westpy Nicholas Whelan Cybercrime.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
1 Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Topic 5: Basic Security.
Deconstructing API Security
Cybercrime What is it, what does it cost, & how is it regulated?
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
MANAGING RISK. CYBER CRIME The use of the internet and developments in IT bring with it a risk of cyber crime. Credit card details are stolen, hackers.
Computer crimes.
Computer Security By Duncan Hall.
Matt Broman Kodiac Gamble Devin Nichol SECTION 4.2 INFORMATION SECURITY.
Computer threats, Attacks and Assets upasana pandit T.E comp.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
Cybersecurity Test Review Introduction to Digital Technology.
Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
DEPARTMENT OF COMPUTER SCIENCE INTRODUCTION TO CYBER AND SECURITY.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
©2015 Experian Information Solutions, Inc. All rights reserved. Experian and the Experian marks used herein are trademarks or registered trademarks of.
Do you know who your employees are sharing their credentials with
Instructor Materials Chapter 7 Network Security
Real-time protection for web sites and web apps against ATTACKS
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Answer the questions to reveal the blocks and guess the picture.
ADVANCED PERSISTENT THREATS (APTs) - Simulation
Jon Peppler, Menlo Security Channels
Security in Networking
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Chapter 9 E-Commerce Security and Fraud Protection
Faculty of Science IT Department By Raz Dara MA.
Protecting Your Company’s Most Valuable Asset
Anatomy of a Large Scale Attack
Chapter # 3 COMPUTER AND INTERNET CRIME
Cybersecurity Simplified: Phishing
Presentation transcript:

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential.

©2014 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in any form or manner without the prior written permission of Experian. Experian Confidential. Things that go bump in the night Stephen Scharf Global Chief Information Security Officer

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential. 3  Adversaries  Attack scenarios – sample  Fraud we see  Products that don’t work  Products that work  Products that don’t exist  Conclusions Content

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential. 4 Adversaries Script kiddies MOTIVATION: Hacking for fun and respect Fame (either externally or internally) Hactavists MOTIVATION: Hacking to free the world and punish corporate greed and abuse Punish those that deserve punishing (whom they decide) Organized crime MOTIVATION: Hacking to support illegal criminal activities that generate profit Money, money, money Hostile nation states MOTIVATION: Hacking to steal intellectual property and empower themselves Power All things that make a country powerful – Improve yourself and weaken your enemies

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential. 5 Denial of service  Trying to disrupt services and revenue  These attacks can be via extortion events or through organized hacktavist activities  Tools provided for free  Times and targets broadcasted via underground channels Phishing  I wish this was limited to the Nigerian scam  Now attacks are highly sophisticated and targeted  Evolved into “spear phishing” and “whaling” and now a slight variation called “water-holing” Attack scenarios

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential. 6 SQL injection  Abuse client side data and manipulate fields used for dynamic SQL queries  Lack of server side validation creates exposures APTs (Advanced Persistent Threats)  Getting all the buzz lately  Highly targeted highly sophisticated attacks  Often leverage 0-day issues and operate “low and slow” Attack scenarios

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential. 7 Trusted insider  Authorized individuals doing unauthorized things  Higher risk around system administrators and genius product developers  This includes acts of malicious intent and acts of noble intent but done in an unsafe manner Social engineering  Pretending to be someone you are not in an attempt to gain access to something you should not have Abuse of products  Using stolen credentials, gaming system logic, hacking client PCs Attack scenarios

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential. 8 Submission of fake documents  Fake police reports  Fake court orders  Fake drivers license  Fake affirmations from legitimate creditor Submission of fake positive data  Data furnishers with fake data to bolster credit files  Paid offers to become delegated / authorized users on credit cards  Credit clinics that attempt to flood the system with bogus challenges Login abuse via B2B and B2C channels Fraud we see (and combat)

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential. 9 Entire societies exist off the grid and on the “dark Web”  These private channels are used for everything imaginable; hackers for hire, CC for sale, illegal pornography, identities for sale, illegal weapons, drugs, usernames / passwords, etc.  Some entities monitor this traffic (such as Garlk) and attempt to alert upon identifying concerning activities The “evil” underground

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential. 10  Systems like TOR (the onion router) make anonymous communication very easy to use and very difficult to track ► Only recently have we seen TOR node anonymity come under question. First developed by the U.S Naval Research Lab and DARPA  When you combine anonymous payment systems like bitcoin with anonymous communication systems like TOR, you create an opportunity for abuse  More and more companies are professing to have dark Web listeners and human capital for collecting threat intel The “evil” underground

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential. 11 Products / techniques that (usually) don’t work PasswordsAntivirus Intrusion detection systems Firewalls Knowledge-based Authentication (by itself)

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential. 12  Device identification – aka 41st Parameter ®  Adaptive authentication  Malware detection via controlled virtual exploitation  Password vaulting  Data loss prevention  Active scanning with indicators of compromise (IoCs)  System and application containerization / virtualization Products that work

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential. 13 Seamless flushing of device(s) upon attack detection  The ability to reset a device to a known good state upon the detection of malicious activity True security data intelligence  High volume data aggregation and interpretation to identify various attacks across the enterprise – also known as big security data  Bring together dissimilar data elements to discover previously undiscovered malicious patterns PC micro-virtualization with no impact to user experience  Systems that protect each component from every other component, but still allow legitimate user experience to flow unimpeded Products that don’t exist (because it’s hard to do)

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential. 14  We are targeted every day  Adversaries are very smart, very well-funded and very patient  We have to be right every time, they just have to be right one time  Products like 41 st Parameter ® actually make a difference  Some products have lost value over time  It is a continual arms race with both attackers and defenders constantly refining their arsenal  Have a nice day Conclusions

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential. #FOIC2014

©2014 Experian Information Solutions, Inc. All rights reserved. Experian Confidential. Name Title Company e: t: m: Stephen Scharf Chief Information Security Officer Experian t: m:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.