Why do THEY want your digital devices?
Download as PPTX, PDF0 likes691 views
The document discusses the various ways cybercriminals exploit hacked devices, detailing 36 methods including phishing, malware, and credential theft. It emphasizes the importance of robust security measures, such as malware scanning and strong authentication, to protect against these threats. Citing a 2012 Verizon report, it highlights that the majority of breaches involve malware and hacking, necessitating comprehensive defenses.
Why do THEY want your digital devices?
- 1. Why THEY want your digital devices Stephen Cobb, CISSP Security Evangelist
- 3. 36 ways to abuse hacked devices • Phishing site • Spam zombie • Malware download site • DDoS extortion zombie • Warez piracy server Web Botnet • Click fraud zombie • Child porn server server activity • Anonymization proxy • Spam site • CAPTCHA solving zombie • Harvest email contacts • eBay/PayPal fake auctions • Harvest associated accounts • Online gaming credentials • Access to corporate email Email Account • Website FTP credentials • Webmail spam attacks credentials • Skype/VoIP credentials • Stranded abroad scams • Encryption certificates • Online gaming characters • Bank account data • Online gaming goods/$$$ Virtual Financial • Credit card data • PC game license keys goods credentials • Stock and 401K accounts • OS license key • Wire transfer data • Facebook • Fake antivirus • Twitter Reputation Hostage • Ransomware • LinkedIn hijacking attacks • Email account ransom • Google+ • Webcam image extortion Based on original work by Brian Krebs: krebsonsecurity.com
- 4. MONEY ADVANTAGE IMPACT CREDENTIALS
- 5. 720 breaches by size of organization (employees) Over 100,000 10,001 to 100,000 1,001 to 10,000 101 to 1,000 11 to 100 1 to 10 SMBs 0 100 200 300 400 500 600 Verizon 2012 Data Breach Investigations Report
- 6. The SMB sweet spot for the cyber- criminally inclined Big enterprise Assets SMB “sweet spot” worth looting Consumers Level of protection
- 7. How do they get to your devices? 1. Malware involved in 69% of breaches 2. Hacking* used in 81% of breaches Breaches combining malware and hacking: 61% *80% of hacking is passwords: default, missing, guessed, stolen, cracked Verizon 2012 Data Breach Investigations Report
- 8. Tools of the trade
- 10. Thriving markets for credentials
- 11. Hot markets for hacked devices
- 12. All driven by proven business strategies
- 13. So how do you defend your devices? Two main attacks…. …and defenses Malware Scanning Hacking Authentication
- 14. Scanning requires proper implementation Measures in use at a sample of healthcare facilities Require AV on mobile devices Scan devices prior to connection Scan devices while connected 0% 10% 20% 30% 40% Ponemon Institute Third Annual Benchmark Study on Patient Privacy & Data Security
- 15. Authentication requires more than passwords Passwords exposed in 2012: 75,000,000 And those are just the ones we know about Need to add a second factor to authentication
- 16. The defenses you need Malware SMART Scanning Hacking STRONG Authentication Plus polices and training to implement effectively
- 17. Thank you! Stephen Cobb [email protected] WeLiveSecurity.com
Editor's Notes
- #5: Money + Access + Kicks = Credentials