Presentation is loading. Please wait.

Presentation is loading. Please wait.

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

Published byEsmond Pope Modified over 9 years ago

Similar presentations

Presentation on theme: "Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center."— Presentation transcript:

1 Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center

2 Overview  Industry Threat Data  Understanding an Attack  Recent Data Breaches  Sony  Anthem  White House

3 The U.S intelligence community regards cyber as the top threat facing the country, ahead of terrorism and weapons of mass destruction. - Financial Services Roundtable, citing James Clapper, Director of National Intelligence

4 Emerging Trends: 2015 Verizon Breach Report  Demographics  Public  Technology/Information  Financial Services  Secondary Victim  Less time to compromise than to discover the compromise  Information Sharing is Critical  Few Attack Patterns  Phishing  Vulnerabilities

5 Understanding an Attack: Setting the Stage  You work for a large financial services company, Jackson Financial, that has billions of dollars in assets and hundreds of employees.  The Black Knight has the motive to put your assets at risk, but are you safe?  In order to protect yourself, you need to understand the risks.

6 Vulnerability Impact Risk Threat Understanding an Attack: What Is My Risk

7 Understanding an Attack: Motivation ATTACK

8 Understanding an Attack: Reconnaissance The following information from all of these searches/ queries stands out to the Black Knight: - Jackson Financials web site is: www.jacksonfinancial.com - Two email addresses seem interesting:  JJames@jacksonfinancial.com  JJefferson@jacksonfinancial.com - After checking LinkedIn we know that John James is a developer and that Jill Jefferson is a finance manager at Jackson Financial - John James has posted several questions on a developer web site using his JJames@jacksonfinancial.com email address. Some of these questions include source code. - Including the following line, jdbc:mysql://wopr:3306/ - CEO, Austin Millbarge - amillbarge@jacksonfinancial.com - CTO, Carl Spackler - cspackler@jacksonfinancial.com

9 Understanding an Attack: Catching the Phish

10 Understanding an Attack: Catch of the Day Someone must be very unhappy with their job! One of the users must have attempted to open the attached Google Jobs.pdf. After only 30 minutes from sending the Phish our Black Knight gets a remote shell to a workstation!

11 Understanding an Attack: Going After the Big Phish

12 Understanding An Attack: Setting the Hook

13 Understanding an Attack: Reeling Them In Connects to https://vpn.jacksonfinancial.com User id: cspackler@jacksonfina ncinal.com cspackler@jacksonfina ncinal.com Password: Caddy_Shack Uses Score!

14 Understanding an Attack: Jackpot

15 Recent Data Breaches: Sony  What: Stolen company data and emails  Company systems rendered useless  How: Phishing  Insider  Malware: Wiper  Who: Guardians of Peace (North Korea)  Why: The Interview (a really bad movie)  Costs: $100 Million ($35 Million in IT repairs)

16 Recent Data Breaches: White House  What: Data breach of unclassified network  Sensitive Data was stolen  President’s schedule  How: Phishing  Not Hillary Clinton’s secret email  Who: Russia  Why: Putin doesn’t like us  Could their be other data?  Linked to Chase?  NATO Hack  Costs: Nothing monetary has been revealed, but what’s next?

17 Recent Data Breaches: Anthem  What: Data breach of up to 80 Million customer records  How: Phishing  The attacker hacked a public facing administrative website and obtained admin credentials.  The attacker queried the customer records database to download all its PII information, including SSNs, names, addresses etc.  The attacker then exfiltrated all of this sensitive data by uploading a file to a personal cloud storage service account.  Who: China?  Why: Not sure. Some of the data has been linked to tax fraud.  Identity theft  Costs: Still growing – Could it pass $100 Million?  Class action lawsuits in 3 states

18 Takeaways  Most Breaches are Preventable  Attacks continue to increase  Understand the Risks  Be Aware  Think Before You Click  Know Where Your Data Is  Google yourself  When in Doubt Don’t

19 Questions? Bryan Sheppard bryan.sheppard.hn4n@statefarm.com Twitter: @sithlordshep Cyber Security Defense Center

20

21

22

23

Download ppt "Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center."

Similar presentations

SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
New trends on cyber security - Cyber Espionage & Identity theft By K S Yash, CRO 1.

New trends on cyber security - Cyber Espionage & Identity theft By K S Yash, CRO 1.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Social media threats. Warning! May contain mild peril.

Social media threats. Warning! May contain mild peril.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Cyber Security—What you should know before it’s too late! T Jay Humphries and Trevor O’Donnal.

Cyber Security—What you should know before it’s too late! T Jay Humphries and Trevor O’Donnal.
Cyber Security AMSC FM Training Symposium Alex Roosma, 1st Lt, USAF

Cyber Security AMSC FM Training Symposium Alex Roosma, 1st Lt, USAF
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Personal Security on the Internet. Introduction What is InfoSec? Information Security (InfoSec) is: –Protection of information –Its critical elements.

Personal Security on the Internet. Introduction What is InfoSec? Information Security (InfoSec) is: –Protection of information –Its critical elements.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
SiteLock Internet Security: Big Threats for Small Business.

SiteLock Internet Security: Big Threats for Small Business.
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
KEEPING YOUR FAMILY SAFE ONLINE Tips from a Parent Who is Paid to be Paranoid Aaron Ades AVP Cybersecurity at MetLife and Parent of Two Children of the.

KEEPING YOUR FAMILY SAFE ONLINE Tips from a Parent Who is Paid to be Paranoid Aaron Ades AVP Cybersecurity at MetLife and Parent of Two Children of the.

Similar presentations

Ads by Google