Presentation is loading. Please wait.

Presentation is loading. Please wait.

September 19, 2016 Steve Konecny CFE, CIRA, CEH, CRISC Hands on Hacking.

Published byBeatrix Curtis Modified over 8 years ago

Similar presentations

Presentation on theme: "September 19, 2016 Steve Konecny CFE, CIRA, CEH, CRISC Hands on Hacking."— Presentation transcript:

1 September 19, 2016 Steve Konecny CFE, CIRA, CEH, CRISC Hands on Hacking

2 Who Has Been Hacked Lately? 2 650,000 145 Million 128 Million 6.5 Million

3 Who Else Has Been Hacked? 3 CPA firms hacked MAJOR FOUR 1 Hacker by

4 What Makes You So Special? Who would want to hack me? Too Small Low Profile Little Financial Gain 4

5 5

6 Top Cyber Crimes 1.Tax-Refund / Payment Fraud 2.Account Takeover 3.Identity Theft 4.Theft of Sensitive Data 5.Theft of Intellectual Property 6.Ran omware 6 $

7 Attack Cycle 7 Identify key individuals & create profiles Gather public info Google search data Scan Attack & Access Complete Mission Target Maintain & Escalate Cover Tracks

8 Attack Cycle 8 Assess, research, build tools Network scanning tools nmap/zmap Scan Nessus Scan Maltego Develop network profiles OS versions, models, etc Scan Attack & Access Complete Mission Target Maintain & Escalate Cover Tracks

9 Attack Cycle 9 Scan Attack & Access Complete Mission Target Maintain & Escalate Cover Tracks Phishing Database & password exploits Social engineering & networking Weak controls Default accounts & passwords Dated software & patch exploits APTs & zero-day

10 Attack Cycle 10 Backdoors, tunnels Remote admin software Modify registry Application exploitation User enumeration New processes when booting Scan Attack & Access Complete Mission Target Maintain & Escalate Cover Tracks

11 Attack Cycle 11 Compress data Download/exfiltrate data from system Encrypt/ransomware Zombie/bot Scan Attack & Access Complete Mission Target Maintain & Escalate Cover Tracks

12 Attack Cycle 12 Modify or delete logs Change file names Change process names Change file modification & creation time Delete artifacts Scan Attack & Access Complete Mission Target Maintain & Escalate Cover Tracks

13 Video 13

14 Internal vs. External Threats 14 2016 Data Breach Investigations Report. Verizon. http://www.verizonenterprise.com/DBIR/2016 Percent of breaches per threat actor over time Partner Internal Collusion External (n=8,158)

15 Detection of Breaches 15 2016 Data Breach Investigations Report. Verizon. http://www.verizonenterprise.com/DBIR/2016 (n=6,133) Breach discovery methods over time Law Enforcement Fraud Detection Third Party Internal

16 Dated Software & Patch Exploits Some Methods 16 Phishing Social Engineering & Networking Database & Password Exploits Weak Controls Default Accounts & Passwords Advanced Persistent Threat & Zero-Day

17 17

18 18

19 Phishing 19 30% Open messages 12% Open attachments PayPal, eBay, Battle.net, AOL, and Runescape are the most common phishing sites. 2016 Data Breach Investigations Report. Verizon. http://www.verizonenterprise.com/DBIR/2016

20 20 Spear Phishing Fake CEO asks Finance Dept “Send Me the Money” Change Payment Method Mid-Project HR Dept Sends Out 1,000+ W2s of Employees Fool me once, shame on you. Fool me twice, shame on me. Fool me thrice? Right Method – Wrong Account No need to file taxes this year – someone did it for you!

21 Example CEO Fraud 21

22 Some Methods 22 Phishing Social Engineering & Networking Database & Password Exploits Weak Controls Default Accounts & Passwords Dated Software & Patch Exploits Advanced Persistent Threat & Zero-Day

23 23

24 Top 25 Passwords | 2014 & 2015 24 (new) 91% of passwords are Top 1,000 95-98% of passwords are Top 10,000 Data Splash Most Popular Passwords of 2014, 2015 Datasplash.com 1. 123456 2. password 3. 12345678 4. qwerty 5. 12345 6. 123456789 7. football 8. 1234 9. 1234567 10. baseball 11. welcome 12. 1234567890 13. abc123 14. 111111 15. 1qaz2wsx 16. dragon 17. master 18. monkey 19. letmein 20. login 21. princess 22. qwertyuiop 23. solo 24. password 25. starwars 1. 123456 2. password 3. 12345 4. 12345678 5. qwerty 6. 123456789 7. 1234 8. baseball 9. dragon 10. football 11. 1234567 12. monkey 13. letmein 14. abc123 15. 111111 16. mustang 17. access 18. shadow 19. master 20. michael 21. superman 22. 696969 23. 123123 24. batman 25. trustno1

25 Passwords 25 Circumvent Reset Attack, brute force 2O ACCOUNTS MINUTES HACKED 1O in under

26 Encryption 26 Encrypt Outlook Files No need for passwords Backdoor opens all encrypted messages Encrypt Application Files Word, Excel, Compressed Files, etc Many have backdoors May 2012 Flash drive AND encryption code 27, 000 records lost in the mail

27 27

Download ppt "September 19, 2016 Steve Konecny CFE, CIRA, CEH, CRISC Hands on Hacking."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Lunker: The Advanced Phishing Framework

Lunker: The Advanced Phishing Framework
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
ECE-6612 Prof. John A. Copeland 404 894-5177 Advanced Persistent Threat Material.

ECE Prof. John A. Copeland Advanced Persistent Threat Material.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
13Computer Intrusions Dr. John P. Abraham Professor UTPA.

13Computer Intrusions Dr. John P. Abraham Professor UTPA.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.
An Insight into the Relationship Between Social Media and the Susceptibility to Malicious Intent Presented by Rebecca Morgan 15/05/2015 >>>>2.

An Insight into the Relationship Between Social Media and the Susceptibility to Malicious Intent Presented by Rebecca Morgan 15/05/2015 >>>>2.
Becoming More Secure Online: Passwords & Social networking Walid Al-Saqaf For the Workshop: Secure Information Gathering, Storing, and Sharing Istanbul,

Becoming More Secure Online: Passwords & Social networking Walid Al-Saqaf For the Workshop: Secure Information Gathering, Storing, and Sharing Istanbul,

Similar presentations

Ads by Google