When Left to Their Own Devices

Report
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
BYOD & Cyber Risks
June 26, 2014
Presenter: Robert Listerman, CPA, CITRMS
© Business Technology Resources, LLC
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Robert Listerman (Bob) is a licensed Certified Public Accountant, State of Michigan and has over 30 years
of experience as a process improvement business consultant. He graduated from Michigan State
University and became a CPA while employed at Touche Ross & Co., Detroit, now known as a member
firm of Deloitte & Touche USA LLP
Bob added the Certified Identity Theft Risk Management Specialist (CITRMS) designation issued by The
Institute of Fraud Risk Management in 2007. The designation is in recognition of his knowledge and
experience in identity theft risk management. Today Bob focuses his practice on data security compliance.
Over 50% of identity theft can be traced back to unlawful or mishandling of non-public data within the
workplace.
Currently Bob serves his professional community as an active Board Member for the Institute of
Management Accountants (IMA), Mid Atlantic Council “IMA-MAC.” He is currently servicing as President
of IMA-MAC (2011-2013). He is a regular seminar presenter for the IMA, Pennsylvania Institute of CPAs
(PICPA), and the Michigan Association of CPAs (MACPA). Bob serves on, and is a past chair of the
MACPA’s Management Information & Business Show committee which enjoys serving over 1000 CPAs in
attendance each year. He is Continuing Education Chair of the PICPA’s IT Assurance Committee.
Bob serves his local community as a member of the Kennett Township, PA Planning Commission,
Communications, Business Advisory, and Safety Committees. He is an active board member of the
Longwood Rotary Club. He serves his Rotary District 7450 as their Interact Club Chair (Rotary in High
School) since 2010.
Past professional and civic duties include serving on the Board of Directors for the Michigan Association of
Certified Public Accountants (1997-2000), past board member of the Delaware Chapter of the IMA and
past Chapter president for the IMA Oakland County, Michigan (1994-1995).
www.linkedin.com/in/boblistermanidriskmanager/
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
3 out 4 employees would
rather use their own device
to connect to work according
to Forester Research.
Convenience = Productivity
 Who wants to juggle more than one portable device?
 Who’s device are you going to know how to work better?
 Which device are you most likely to have with you when you
need it?
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
It makes sense for the employer:
 74 % of IT leaders believe “BYOD help our
employees be more productive”
 58 % of those surveyed cite employee
satisfaction is a prime benefit of BYOD.
Source: Intel Corporation Survey
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
 The operating systems and form factors of consumer
technology are rapidly changing
 The lines between “on the clock” and “off the clock” have
been irrevocably blurred
 Having your device 24/7 allows balancing “work life” with
“home life”
 Don’t need a company-issued device on top of the one
they already own (which they really want to use in the
first place)
 Nobody wants to be that person with two smartphones
stuffed in his or her pocket.
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
 BYOD isn’t just coming, it’s already here.
– Just as employers had to deal with the challenges of social
media like Facebook, LinkedIn and Twitter, just to name a few in
recent years now BYOD is also the reality that needs to be
addressed.
– Just saying “no” is not the best solution. When it’s enviable
according to Gartner Research that “by 2018, 70% of mobile
users will conduct all their work on personal smart devices.”
?
How many here, in this room, use a personal device,
whether it be a laptop or “smartphone” to connect to their
work email, shared data files, or other internally available
processes?
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
10 Reasons BYOD May Be A Bad Fit
1. Staff resent paying for their own phones, laptops, or tablets
2. It won’t cut your costs after analysis of your requirements
3. It can make life harder for the IT department – i.e. bad fit
4. Corporate-issue IT makes sense for the same reason
schools have uniforms
5. Too many security issues to manage
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
10 Reasons BYOD May Be A Bad Fit
6. Data loss—yours and theirs
7. Short-term gain, long-term pain?
8. It’s a licensing—and legal—minefield
9. Consumer devices will hurt productivity
10. Your staff doesn’t care about gadgets
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Security Concerns
 Malware infects the network when employee logs in
 Employees unknowingly installing:
 Rogue applications or
 Unlicensed software, which can violate copyright compliance laws
 Using unsecured wireless connections to send and receive
company data
 IT staff compromise employee’s personal security on device
 Unknown third-party accesses via mobile apps
 Stolen, lost mobile devices leak data
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Cyber Security Risks for BYOD
 “51 percent *of the organizations surveyed experienced data loss
resulting from employee use of insecure mobile devices.”
 “58 percent* of organizations surveyed have experienced an
increase in malware infections as a result of personally-owned
mobile devices used in the workplace.”
 “56 percent* say that more confidential data has been lost as a
result of these devices.”
The challenge is managing numerous fragmented operating systems
within the company network. Apart from general network configuration
issues, this fact could pose a real exposure for companies using
security software not designed with BYOD in mind.
* Ponemon Institute
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Challenges In Supporting BYOD
Managing numerous fragmented operating systems
General network configuration issues
 Real exposure for companies using security software not
designed with BYOD
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
BYOD Challenges
Challenge
Remarks
Device Provisioning
Need automated provisioning for device
Device Management Network tools can see who’s on board
Security
Tied to defined user privileges
Network Saturation
Network tools allocate bandwidth resources
Trouble Shooting
Network monitoring alerts (example follows)
User Privacy
Opening Personal Doorway to IT
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
BYOD - Impact on Infrastructure
Source: Cisco web lecture
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
BYOD Deployment Guidelines
 Plan for Implementing a BYOD Solution
 Develop, Write and Implement a BYOD Policy
 IT Capable of Provisioning Infrastructure and Devices
 Proactively Manage and Troubleshoot Mobile Devices
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Outlining a BYOD Policy
 Build an Internal Team
– A good approach is to draw together an interdisciplinary team of a
customer’s HR, finance, legal, security, privacy, and IT leaders
 Create a Customized Program
– Create a robust BYOD Policy Statement, and an accompanying
Employee Participation Agreement. The Agreement sets clear
expectations with employees, and promotes their voluntary compliance
with enterprise and security policies, while protecting employers.
 Implement a BYOD Program
– With BYOD policies in place, organizations can improve the productivity
of their mobile workforce as well as start saving money on phones, data
plans, and IT labor costs spent on support.
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Deliverable
 Complete Policy Statement Based On The Results Of A
Workshop Conducted Onsite with the Cross-Functional Team
 Employee Participation Agreement
 Policy Statements Can Be Incorporated Into Provisioning
Tools Used to Monitor Mobile Device Access
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Scope of BYOD Policy
 Regulatory Requirements and Constraints
 BYOD Program Eligibility
 Financial Parameters and Reimbursement Model
 Allowable Devices
 Carrier Plans
 Approved Uses
 Security and Enforcement
 End User Support Model
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Some BYOD Solution Vendors
(many many more)
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Future of BYOD
While security teams are getting a grip on smartphones
and tablets through basic mobile device management
(MDM), enterprise mobility requirements continue to
evolve. To address these advanced needs, better
integrated and more granular MDM tools are emerging.
Like any other technology, it will constantly improve and
change as devices change.
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
a.k.a: the “CLOUD”
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
The Internet “Web”
Topography
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Prize for first person who raises their hand AND can identify what these numbers are!
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
IP Tracer Source: http://www.ip-adress.com/ip_tracer/
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
THE PROBLEM YOU DIDN’T KNOW YOU HAVE
IT Administrators
harden their networks by building
walls with Anti-Virus software to keep
out the bad guys
The Problem
The Problem
is that 73% of online
banking users reuse
their passwords for nonfinancial websites
is that 76,000 new
malware strains are
released into the wild
every day
The Result
is that Anti-Virus software can’t keep
up and the bad guys are already
inside your walls
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
STOLEN CREDENTIALS EXPOSE YOU TO UNKNOWN RISK
30,000
The number of new malicious websites
created every day 1
80%
Of breaches that involved
hackers used stolen
credentials
14%
Of data breaches were due to
employees using personal email
accounts 2
76%
of network intrusions
exploited weak or stolen
credentials. 2
SOURCES: 1. Sophos, 2012; 2. Verizon Data Breach Investigations
Report, 2013
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
MALWARE EVADES TRADITIONAL ANTI-VIRUS SOFTWARE
200,000 – 300,000
The estimated number of new viruses
discovered each day 1
52%
Of malware in a recent study
focused on evading security 2
24.5%
Antivirus software’s average
detection rate for e-mail based
malware attacks 3
SOURCES: 1. Comodo Group, 2012; 2. Palo Alto Networks, 2013
3. Krebs on Security, 2012
40%
Of malware samples in a
recent study went
undetected by leading
antivirus software 2
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
DO YOU KNOW WHAT THESE ARE?
"automatedtest",
"automatedtester",
"bagle-cb",
"c_conficker",
"c_confickerab",
"c_confickerc",
"c_pushdo
",
"c_trafficconverter",
"c_zeroaccess",
"childpredator",
"citadel",
"condo",
"cutwail",
"d_tdss",
"darkmailer",
"darkmailer2",
"darkmailer3",
"darkmailer4",
"darkmailer5",
"deai",
"esxvaql",
"fakesendsafe",
"festi",
"fraud",
"gamut",
"gheg",
"grum",
"hc",
"kelihos",
"lethic",
"maazben",
"malware",
"manual",
"mip",
"misc",
"netsky",
"ogee",
"pony",
"relayspammer",
"s_kelihos",
"s_worm_dorkbot",
"sendsafe",
"sendsafespewage",
"slenfbot",
"snowshoe",
"spamaslot",
"spamlink",
"spamsalot",
"special",
"spyeye",
"ss",
"synch",
"w_commentspammer",
"xxxx",
"zapchast",
"zeus"
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
ANATOMY OF A SPEARPHISHING ATTACK
1
Target
Victim
5
Breach
Event
2
Install
Malware
4
Collect &
Transmit
Data
Access
Network
3
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CASE STUDY:
Target Corporation
Nov. 27 – Dec. 15 2013
Dec. 18, 2013
• Hacker execute extended
attach against Target’s
point-of-sale system
• News of the breach is
reported by data and
security blog
KrebsOnSecurity
Dec. 21, 2013
Dec. 20, 2013
• JP Morgan announces it is
placing daily spending caps
on affected customer debit
cards
• Target acknowledges the
breach, saying it is under
investigation
Dec. 22, 2013
Jan. 10, 2014
• Customer traffic drops
over the holiday season,
resulting in a 3-4% drop in
customer transactions
• Target lowers its fourthquarter financial
projections, saying sales
were “meaningfully
weaker-than-expected”
Current estimates of the
total financial impact to
Target is $200 million
Target provided affected
individuals with 12 months
of identity theft protection
and insurance coverage
110M user accounts
compromised , exposing
credit and debit card
numbers, CVN numbers,
names, home addresses, email addresses and or
phone numbers
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
“Ongoing forensic investigation
has indicated that the intruder
stole a vendor's credentials which
were used to access our system.”
Molly Snyder, Target
Corporation
January 2014
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Email Attack on Vendor Set Up Breach at Target*
The breach at Target Corp. that exposed credit card and personal data on
more than 110 million consumers appears to have begun with a malwarelaced email phishing attack sent to employees at an HVAC firm that did
business with the nationwide retailer, according to sources close to the
investigation.
Last week, KrebsOnSecurity reported that investigators believe the source of
the Target intrusion traces back to network credentials that Target had issued
to Fazio Mechanical, a heating, air conditioning and refrigeration firm in
Sharpsburg, Pa.
* Source: http://krebsonsecurity.com/
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
THE PROFILE OF AN ATTACKER
The malware used to hack Target’s POS system was
written by a Ukrainian teen
• Andrey Hodirevski from southwest Ukraine
carried out the attack from his home
• The card details that he stole were sold through
his own forum as well as other communities
• CyberID-Sleuth™ investigated the breach when
it occurred and was able to verify various
discussions and identifiers pointing to this
suspect
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CyberID-Sleuth™ PROVIDES MORE THAN AUTOMATED ALERTS
Identifying email addresses from a corporate domain
that have been hacked, phished, or breached
Identifying devices in a
corporate network connected
to a known malware command
and control server
Hacks, exploits
against networks,
glitches, leaks,
phishing/keylogging
monitoring
Credential
Monitoring
IP Address Scanning
Identification of communities targeting brands,
networks or IP addresses
Doxing awareness and
hacktivist activity monitoring
Identification of individuals posing
a risk to any IP address
Identification of intellectual property distribution
Locating the
individuals and
exchanges
involved in
intellectual
property theft
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CyberID-Sleuth™ IDENTIFIES PROVIDES EARLY WARNING AT TWO POINTS
CyberID-Sleuth™
scours botnets, criminal
chat rooms, blogs, websites and
bulletin boards, Peer-to-Peer
networks, forums, private
networks, and other black market
sites 24/7, 365 days a year
CyberID-Sleuth™
harvests 1.4 million
compromised credentials per
month
Dark
Web
CyberID-Sleuth™
identifies your data
as it accesses criminal commandand-control servers from multiple
geographies that national IP
addresses cannot access
CyberID-Sleuth™
harvests 7 million
compromised IP addresses every
two weeks
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
CyberID-Sleuth™
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
REMEMBER WHAT THESE ARE?
"automatedtest",
"automatedtester",
"bagle-cb",
"c_conficker",
"c_confickerab",
"c_confickerc",
"c_pushdo
",
"c_trafficconverter",
"c_zeroaccess",
"childpredator",
"citadel",
"condo",
"cutwail",
"d_tdss",
"darkmailer",
"darkmailer2",
"darkmailer3",
"darkmailer4",
"darkmailer5",
"deai",
"esxvaql",
"fakesendsafe",
"festi",
"fraud",
"gamut",
"gheg",
"grum",
"hc",
"kelihos",
"lethic",
"maazben",
"malware",
"manual",
"mip",
"misc",
"netsky",
"ogee",
"pony",
"relayspammer",
"s_kelihos",
"s_worm_dorkbot",
"sendsafe",
"sendsafespewage",
"slenfbot",
"snowshoe",
"spamaslot",
"spamlink",
"spamsalot",
"special",
"spyeye",
"ss",
"synch",
"w_commentspammer",
"xxxx",
"zapchast",
"zeus"
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CyberID-Sleuth™ CASE STUDY ACTUAL CREDENTIAL DATA
Zeus Infection targeted towards multiple entities within the Hotel Industry within India
CyberID-Sleuth™ identified a targeted Zeus campaign which appears to have been focused
and distributed to Hotel chains, mainly within the India region. The attack in question
caused active compromises against a number of systems.
CyberID-Sleuth™ ’s main focus is the type of data often held within Reservation and other
Hotel systems. Personal information such as credit card data, as well as passport scans or
copies, are often held on Hospitality systems and the data identified next highlights that
these same systems are compromised and under direct control of malicious actors.
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CyberID-Sleuth™ IDENTIFIES ACTUAL MALWARE VARIANT
Infection Type: Zeus Infection - V2.1
Payload: Theft of all credentials, Key logging of all data,
Remote access to devices
Total Infection Count: 487
Total Credential Count: 12894 ( including duplicates )
Command and Control (C2) Domain: matphlamzy.com
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CyberID-Sleuth™ IDENTIFIES ACTUAL CREDENTIAL DATA
Date extracted and listed below is related to valid and legitimate accounts which are still
active. These are not passwords taken from Breach events or other untrusted sources.
They are taken directly from devices that are still infected/compromised!
bwstarhotel.com - 111.68.31.202
,('92', 'RSV1_E532648A3D69E5DE', '-- default --',
'33619969', '', '', '1394590108', '7557047', '0', '±\0\0',
'1033', 'C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE',
'RSV1\\owner', '101',
'pop3:[email protected]:starrsv1
[email protected]:110/', '111.68.31.202', 'ID', '1394590104')
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CyberID-Sleuth™ IDENTIFIES ACTUAL CREDENTIAL DATA
bwmegakuningan.com - 139.0.16.90
('447', 'USER-PC_E532648A9824115F', '-- default --', '33619969', '', '',
'1394593039', '162643491', '0', '±\0\0', '1033',
'C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE',
'user-PC\\user', '101',
'pop3:[email protected]:
[email protected]:110/', '139.0.16.90', 'DE', '1394593037
')
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CyberID-Sleuth™ IDENTIFIES ACTUAL CREDENTIAL DATA
townsquare.co.id - '180.250.172.36
('453', 'RESERVATION_1F3D59E96522DF69',
'-- default --', '33619969', '', '', '1394592970', '14267024', '0', '±
\0', '1033',
'C:\\Program Files (x86)\\Microsoft Office\\Office12\\OUTLOOK.EXE',
'TSPDC\\vitha', '101',
'pop3:[email protected]:tsbali1234@
103.31.232.210:110/', '180.250.172.36', 'ID', '1394593095')
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CyberID-Sleuth™ CASE STUDY ANATOMY OF THE FINDINGS
Q. How many credit cards were captured?
Over 257 unique credit cards were stolen during the attack.
CyberID-Sleuth™ identified the botnet, which was made up of infected devices.
Q. Specifically what data did it steal and report back that you could see?
CyberID-Sleuth™ could see EVERYTHING that was entered on a user’s device
or saved as a password or credential.
Q. How much did this breach cost the client?
No “price” could be put on the damage caused to a victim after a fraudster has stolen
their credentials. The data stolen would allow the fraudster access to internal
systems, either via the stolen credentials or via backdoor access to affected systems.
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CyberID-Sleuth™ CASE STUDY ANATOMY OF THE FINDINGS
Q. What data about the attacker were we able to find?
Limited details. Any information about the attackers are not shared with clients
unless a directed attack, and is only shared with US and UK Law Enforcement.
Q. How did the authorities use the data to capture the intruders
The individual responsible for running the botnet in question is so far still at large.
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
Tier I
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
CyberID-Sleuth™ Credential Monitoring Demo *
* Let us see if your credentials are for sale, at no obligation
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
Remediation Efforts
Assessment Efforts
www.BTR-Security.com
A STANDARD RESPONSE TIMELINE SHOULD BE FOLLOWED
Initial Internal Reporting, notifications, and security triage of the “event”
Plan Ahead
By Forming
a Breach
Response
Plan
Activate technical / security focused breach response team processes
and procedures based on Data Breach Plan
Determine total scope of event, size of affected population, type of data lost or compromised, necessary legal and
industry specific guidelines
Determine Organization’s Public Response Plan (including
notification type, verbiage, and remediation offering if any)
Implement
Breach
Response
Plan
Prepare Internal and External Communication Plan & Copy
Contact and or activate contract with
Data Breach Remediation Vendor
CyberID-Sleuth
Tiers II & III
Establish internal or third
party communication
channel to affected
population
Coordinate Breach Notification Copy
and Distribution with Breach
Remediation Vendor
Notification Capabilities
Go Live
Internal and External Communication of Event, Reaction, and Remediation
Incident Detection / Discovery
Incident Notification & Resolution
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
RECOMMENDATIONS TO REDUCE DATA BREACH EXPOSURE & COSTs
• Promote Employee Data
Management Training & Education
• Utilize and maintain available data
loss prevention technologies such
as CyberID-Sleuth™
• Require GC / CISO and their teams
to understand industry, state,
federal, and event specific data
breach response guidelines and
recommendations
• Require advance encryption and
authentication solutions be in place
across the organization
• Establish an internal data breach
response plan and process flow
• Prior to a data breach event
contract with a data breach
remediation, notification, and or
forensics provider
• Contractually require notification
from vendors who manage data
from your organization to alert you of
they incur a breach of any data
• Support enactment of legislation that
clearly dictates rules and guidelines
for organizations to follow in
advance of, and following a data
breach event
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
Take this 20 Question Assessment to Score Your Risk Level
Data Security Compliance Advisors
Certified Identity Theft Risk Management Specialists
873 East Baltimore Pike #501
Kennett Square, PA 19348
610-444-5295
www.BTR-Security.com
1. Remember to ask us to do a no-obligation credential search for you
2. Allow us to give you the 20 Question Assessment Score on your risk level

similar documents