Presentation is loading. Please wait.

Presentation is loading. Please wait.

January 21 st 2016 Intelligence Briefing NOT PROTECTIVELY MARKED.

Published byBetty Osborne Modified over 9 years ago

Similar presentations

Presentation on theme: "January 21 st 2016 Intelligence Briefing NOT PROTECTIVELY MARKED."— Presentation transcript:

1 January 21 st 2016 Intelligence Briefing NOT PROTECTIVELY MARKED

2 Current Threats  Investigation Update  Email Based Viruses – Protect Yourself  Incident Response Methodologies Action Fraud Reports from the South West Region  PBX Dial Through Miscellaneous  CiSP  New non-protectively marked briefing NOT PROTECTIVELY MARKED

3 Investigation Updates:  The South West Regional Cyber Crime Unit has recently completed an investigation into a series of extortion demands linked to the Ashley Madison website compromise. A number of victims from around the region came forward after receiving an email extortion message demanding bitcoins/ Western Union payments. No payments were made and no information was released  The SWRCCU has also seen a rise in reports of ‘sextortion’ offences where victims are persuaded to perform intimate acts over social media platforms like Skype and are then asked to make a payment to avoid the footage being distributed to family and friends.  Should you be the victim of an extortion demand, you are advised not to pay – it is unlikely that any footage will be released and it is highly likely that your details will be shared with other criminals and you will be targeted with further demands.  Report all incidents to NFIB and consider calling your local police force. NOT PROTECTIVELY MARKED

4 Investigation Updates continued.. Further steps you should follow to reduce the chances of becoming the next extortion victim online include:  Choose a username that doesn’t let everyone know who you are. Don't include your surname or any other identifying information such as your place of work either in your profile or when you first make contact.  Remember that overtly sexual, provocative or controversial usernames could attract the wrong kind of attention.  Keep contact details private. Stay in control when it comes to how and when you share information. Don't include your contact information such as your email address, home address, or phone number in your profile or initial communications. It is impossible to get back information once you have given it away.  Stop communicating with anyone who attempts to pressure you into engaging in sexual activity online or pressure you into providing personal or financial information or who seems to be trying to trick you into providing it.  Be wary of opening email attachments from someone you have only just met. NOT PROTECTIVELY MARKED

5 Email Based Viruses – How to Protect Yourself:  The main form of delivery for viruses and malware is via spam email.  Spam email, also known as junk email or Unsolicited Bulk Email (UBE), involves nearly identical messages being sent to numerous recipients. The emails contain disguised links or attachments that, when clicked on, download malware.  It is important to protect yourself and prevent any kind of infection.  Malware aims to steal your login credentials, personal and financial details and take over your computer.  It is not only your Windows PC that can be infected. Your smart phone, tablet computer, Apple Mac OSX, Linux and any other computer-based device is susceptible to infection.  Be cautious of files attached to emails. In particular: Word documents (.doc,.docx), Excel documents (.xls,.xlsx), Powerpoint documents (.ppt,.pptx), RTF documents (.rtf), PDF files (.pdf), Visual Basic files (.vbs,.vbe). NOT PROTECTIVELY MARKED

6 Email Based Viruses – How to Protect Yourself:  Fake emails can be very persuasive and even contain your real name. Some will offer money or other advantage. If it sounds too good to be true, question it.  If you rarely use macros within Microsoft Word, Excel and PowerPoint, it may be worth disabling macros in the options. This would prevent malicious macros automatically executing in an Office document.  Have anti-virus software installed and updated to the latest version.  If you suspect a fake email, try searching the subject line or some content from the body of the email in Google. If it is a known phishing campaign then many forums and security websites will already have it listed.  Delete the email and attachment. If you suspect that you have been specifically targeted by malicious emails then report it to Action Fraud. NOT PROTECTIVELY MARKED

7 Incident Response Methodologies:  Many organisations will experience some form of cyber attack, whether it is an attempted phishing attack, denial-of-service (DDoS) attack or an infected network infrastructure.  But what steps do you take after an attack? It is important to have Incident Response Methodologies (IRM) in place, particularly for some of the most common attacks, such as DDoS.  By following a plan you can ensure that the attack is dealt with correctly, information is secured and the incident is reported to the right people.  The Cyber Emergency Response Team (CERT) publish very detailed IRMs which are highly rated. If your organisation does not have any IRMs in place, it is worth considering these to inform your plans and response.  All 15 are available to download securely from the following URL as PDF documents: https://cert.societegenerale.com/en/publications.html NOT PROTECTIVELY MARKED

8 Hacking PBX/ Dial Through We have received reports of two PBX/Dial through attacks on businesses based in Bridgwater and Plymouth. The telephone systems were compromised and premium rate numbers called resulting in financial losses of £1050.00 and £1,875.00 respectively. In order to prevent yourselves becoming the next victim:  Use strong pin/passwords for your voicemail system, ensuring they are changed regularly.  If you still have your voicemail on a default pin/ password change it immediately.  Disable access to your voice mail system from outside lines. If this is business critical, ensure the access is restricted to essential users and they regularly update their pin/ passwords.  If you do not need to call international/ premium rate numbers, ask your network provider to place a restriction on your line.  Consider asking your network provider to block outbound calls at certain times e.g. when your business is closed.  Ensure you regularly review available call logging and call reporting options.  Regularly monitor for increased or suspect call traffic.  Secure your exchange and communications system, use a strong PBX firewall and if you don’t need the function, close it down!  Speak to your maintenance provider to understand the threats and ask them to correct any identified security defects. NOT PROTECTIVELY MARKED

9 CiSP - Cyber Crime Threats Shared The Cyber Security Information Sharing Partnership (CiSP), which is run by Cert-UK, is an information sharing platform used to share and publish cyber crime threat information. The aim of the platform is to allow members to take remedial action and modify their organisations to prevent cyber attacks. If you would like to join the CiSP then please sign up at www.cert.gov.uk/cisp and contact us as we can sponsor you.www.cert.gov.uk/cisp A regional South West CiSP is in place and will formally launched in May 2016; more details will be shared in due course. NOT PROTECTIVELY MARKED

10 Additional Briefing Dissemination This document has been given the protective marking of NOT PROTECTIVELY MARKED and may be disseminated outside law enforcement with no restriction. If you know anyone else who would like to receive this, please send us their e-mail address and we will add them to the distribution list. Any comments or queries please email South West Regional Cyber Crime Unit at: swrccu@avonandsomerset.pnn.police.uk 0117 372 2446 NOT PROTECTIVELY MARKED

Download ppt "January 21 st 2016 Intelligence Briefing NOT PROTECTIVELY MARKED."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.

Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.
How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Cyber security refers to the technologies and processes designed to protect computers, networks and data from unauthorized access and attacks delivered.

Cyber security refers to the technologies and processes designed to protect computers, networks and data from unauthorized access and attacks delivered.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Victoria ISD Common Sense Media Grade 6: Scams and schemes

Victoria ISD Common Sense Media Grade 6: Scams and schemes
INTERNET SAFETY FOR EVERYONE A QUICK AND EASY CRASH COURSE.

INTERNET SAFETY FOR EVERYONE A QUICK AND EASY CRASH COURSE.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.

Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.
Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.

Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Computer Viruses.

Computer Viruses.
ONLINE SAFETY Online safety Money Works: Level 1 Topic 3.

ONLINE SAFETY Online safety Money Works: Level 1 Topic 3.
INTERNET SAFETY FOR EVERYONE

INTERNET SAFETY FOR EVERYONE
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Phishing on the Internet? Presented by Naveed Farooq Naveed Farooq Admin Nidokidos Network www.Nidokidos.org Make Money Online | Join Nidokidos Forum |

Phishing on the Internet? Presented by Naveed Farooq Naveed Farooq Admin Nidokidos Network Make Money Online | Join Nidokidos Forum |

Similar presentations

Ads by Google