We live in the cyberspace but nobody talked us about cybersecurity. The web , deep web and the dark web. The different vectors of cyberattacks. Recommendations to stay protected.
Unveiling the dark web. The importance of your cybersecurity posture
1. Unveiling The Dark-Web & Crypto-Mining
The importance of your Cybersecurity Posture to protect your Business
By Lourdes
Gimenez
2. I have a Bachelors Degree in Electronic Engineering.
Master Degree in Innovation Management.
+25 years of experience in Telecommunications & IT;
working in complex and Multinational projects
Leading Cybersecurity Services at Mobility Global
Lourdes Gimenez
3. Business Operations
are based in
Digital Technologies
We live in the Digital Transformation Era
• Big Data
• Artificial Intelligence
• Huge computing power
• IoT
• Connectivity & Collaboration
All this innovation come with a cost
• A growing surface of vulnerabilities.
You need to know the risks
• the dark web, crypto-mining
• dark market, sales of login & password data bases,
ransomware as a service
You need to be Prepare and on Guard to protect
your Business against the Cybercriminals
4. Unveiling
The Dark-Web
• The Web that we normally use is just around the 4%
of the Cyberspace, is like the tip of the Iceberg.
• The Deep-Web the part of the Web not indexed by
web search engines like Medical Records, Financial
records
• Dark-Web include small, friend-to-friend peer-to-peer
networks, as well as large, popular networks like Tor
(accessed trough the browser TOR, top-level domain
suffix .onion), Freenet, I2P, and Riffle.
• You can get Ransomware as a service and other illegal
services as data bases with personal information
Source Wikipedia
5. Cryptocurrency
• Cryptocurrency is a digital asset designed to
work as a medium of exchange that uses
strong cryptography to secure financial
transactions
• Cryptocurrencies use decentralized control.
• Decentralized cryptocurrency is produced
by the entire cryptocurrency system
collectively, at a rate which is defined when
the system is created and which is publicly
known.
Source Wikipedia
6. Cryptominig
There are more
than 1,400
cryptocurrencies
today
• Mining
• Cryptocurrencies are managed via a “blockchain”, a
peer-to-peer network that serves as a distributed ledger
of cryptocurrency transactions that will register and
validate the creation of these currencies.
• Cryptocurrencies are generated through “mining”, a
process of solving complex calculations.
• Mining need massive amounts of computing power to
process the algorithms necessary to generate
cryptocoins.
• Some miners will turn to malware to create an army of
cryptomining bots.
Source Best Practices for Protecting Against Phishing, Ransomware and Email Fraud An Osterman Research
White Paper Published April 2018
7. SOURCE :2019 Internet Security Threat Report (ISTR): The New Threat Landscape
Kevin Haley, Director Product Management, Security Technology & Response, Symantec
9. Cybersecurity
Landscape
Security threats are increasing in number and severity
• cryptojacking malware that is focused on mining coins
Organizations have been victimized by a wide range of threats
and exploits
• phishing attacks that have penetrated corporate defenses
• targeted email attacks launched from compromised
accounts
• sensitive or confidential information accidentally leaked
through email
Threats are becoming more sophisticated as well-financed
cybercriminal gangs develop improved variants of malware and
social engineering attacks.
Source Best Practices for Protecting Against Phishing, Ransomware and Email Fraud An Osterman Research
White Paper Published April 2018
10. Cybersecurity
Landscape
cont.
The main concern is about endpoints getting infected with
malware through email or web browsing,
user credentials being stolen through phishing
senior executives’ credentials being stolen through spearphishing.
Email as the primary threat vector for cybercriminal
activity
Attacks focused on account takeovers.
Many organizations are not exercising proper due diligence
on a number of fronts in the context of their security
posture
security awareness training
data backup processes
establishment of adequate processes & controls
Source Best Practices for Protecting Against Phishing, Ransomware and Email Fraud An Osterman Research
White Paper Published April 2018
11. The Main Vulnerability Vectors
11
Phishing
emails
Web navigator
Web
applications
Excessive user
rights
Untrained
users
Careless use
of passwords
Attack on
Networks
Hardware and
software not
updated
Non-
segmented
networks
12.
13. Email Attacks
• Deceptive phishing
• Spear phishing
• Business Email Compromise: CEO fraud
• Password Hash Theft
• Clickjacking
• Password Sprays
• Rogue Recoveries
• Bad Rules
• Web Beacons/Tracking
• Extreme Social Engineering
14. Email Attacks
Deceptive Phishing
• Phishing is a way for criminals to obtain confidential
information.
• It's a method of social engineering.
• This mail seems to come from a bank or other service
provider. Usually, it says that due to some change in the
system, users have to re-enter their
usernames/passwords to confirm it. Emails usually have
a link to a page that looks almost like the Real bank.
• Phishing allows criminals to gain access to bank accounts
or other accounts
15. Email Attacks: Spear phishing
A whopping 91% of cyberattacks and the resulting data breach
begin with a spear phishing email
This conclusively shows that users really are the weak link in IT
security.
Users without high-quality security awareness training are easy
targets for spear phishers. The attacker does research on their
targets, finds out who they regularly communicate with, and sends
a personalized email to to make the target click on a link or open
an attachment.
* According to research from security software firm Trend Micro.
* Source KnowBe4
17. Preventing Spear Phishing Attacks
• Do not have a list of all email addresses of all employees on your website,
use a web form instead.
• Regularly scan the Internet for exposed email addresses and/or credentials,
you would not be the first one to find one of your user’s username and
password on a crime or porn site.
• Never send out sensitive personal information via email. Be wary if you get
an email asking you for this info and when in doubt, go directly to the
source.
• Enlighten your users about the dangers of oversharing their personal
information on social media sites. The more the bad guys know, the more
convincing they can be when crafting spear phishing emails.
• Users are your last line of defense! They need to be trained using new-
school security awareness training and receive frequent simulated phishing
emails to keep them on their toes with security top of mind
... and ALWAYS remember to Think Before You Click!
18. Preventing Spear Phishing Attacks
Cont….
Think before opening any email . Especially those requesting some
sort of action:
• Reply with information
• Click on a link
• Open attachment
Use Two-Factor Authentication (2FA)
Use encryption for sensitive communications
• Password protected zip/7zip files
• PGP/GPG, web based encrypted email
Don’t attempt to “unsubscribe”
19. Social Engineering
• People are often the weakest link in a cybersecurity
system: all the technical controls in the world are
worth nothing if you share your password or have
the door open to confidential information or
credentials.
• Social engineering is the art of manipulating people
to give confidential information: passwords or bank
information, or access your computer to secretly
install malicious software
• Criminals use social engineering tactics, because
it's usually easier than discovering ways to hack
into your software.
20.
21. Identifying Security Compromises
Symptoms:
• Antivirus software detects a problem
• Disk space disappears unexpectedly
• Pop-ups suddenly appear, sometimes selling security software
• Files or transactions appear that should not be there
• The computer slows down to a crawl
• Unusual messages, sounds, or displays on your monitor
• Stolen laptop: 1 stolen every 53 seconds; 97% never recovered
• The mouse pointer moves by itself
• The computer spontaneously logs you out, shuts down, or reboots21
Source Cyber Security Awareness Training: End Users. By Bryan Barnhart. Infiltration Labs
22. Keep your phone under your constant supervision
Use the password instead of easy 4 digits PIN
Enable automatic screen lock, set a short waiting time period,
require password
Enable 2FA for all cloud access
Use random answers to restore security questions
"Maiden name of mothers?" Supercalifragilisticexpialidocious
Disable Wi-Fi when not actively used
Do not connect to open access "free-WiFi"
Source Cyber Security Awareness Training: End Users. By Bryan Barnhart. Infiltration Labs
Protect
Mobile
Devices
23. Passwords Authentication is the first line of defense against bad guys
Never share your password with others!
If someone using your login credentials does something illegal or
inappropriate, you will be held responsible
Never keep passwords stored in a file on your computer
Do not write passwords down on a Post-It note or piece of paper
The stronger the password, the less likely it will be cracked Use a pass
phrase:
Pass Phrase: I live very happy in Weston since 2004$
Password: Ilvhiws2004$
Source Cyber Security Awareness Training: End Users. By Bryan Barnhart. Infiltration Labs
Passwords
24.
25. Use strong passwords and don’t reuse passwords
Change passwords frequently
Use Two-Factor Authentication (2FA) for all accounts
Don’t use open Wi-Fi or networks you cant vouch for
If you must, use a VPN
Think before you click:
Don’t click links or open attachments in suspicious emails
Source Cyber Security Awareness Training: End Users. By Bryan Barnhart. Infiltration Labs
Recommendations
for everybody
27. Best Practices
27
CONDUCT A THOROUGH AUDIT OF THE CURRENT SECURITY
INFRASTRUCTURE, TRAINING PRACTICES AND CORPORATE
AND COMPLIANCE POLICIES. PERFORM PENTEST
• Conduct a complete audit of current security infrastructure
• Security awareness training programs
• Security solutions
• Cybersecurity policies
• Processes to remediate
• Perform External & Internal Pent-Test
Identify deficiencies to prioritize the problems to be fix
Evaluate and
Audit
Vunerabilities
Source Best Practices for Protecting Against Phishing, Ransomware and Email Fraud An Osterman Research
White Paper Published April 2018
28. 28
ESTABLECER
DETALLADO Y
POLÍTICAS
EXHAUSTIVAS
Employees:
• Dissemination of security policies.
• Training Plan
• Basic security Procedures and controls:
• Workplace safety
• Allowed applications
• Correct use of resources
• Intellectual Property
• Personal data protection, etc.
• Employee awareness of the existence and
dangers of social engineering
• Personal responsibility for action or omission
• Periodicity of the training.
• To evaluate the learning obtained.
• To promote a culture of information security.
• Extend the awareness plan to most of our
suppliers and customers.
29. Training: Security awareness training is strongly recommended.
No matter how good your prevention steps are, breaches are inevitable.
But user education plays a big part in minimizing the danger.
Reminders to never to insert USB drives from outside devices into work
machines. It should also review password management, such as not
reusing work passwords on other sites or machines.
Normally human error like CEO fraud is NOT covered by cyber security
insurance. As it represents one of the biggest dangers, phishing demands
its own training and instruction.
Just because it says “Bank of America,” or “IT department” with all the
right logos doesn’t mean it’s from that source.
Add further instruction to not open unknown file types, click on links, and
open attachments from unknown people or entities. Coach them into a
suspicious frame of mind regarding requests to send in their passwords or
account details.
29
Source CEO FRAUD: Prevention Manual www.knowBe4.com
30. 30
• How sensitive data files are accessed and protected
• Dual-control procedures for accessing critical data assets
• Backup, restore, and testing for your sensitive data files
• The email
• WEB, collaboration, social networks
• Encrypt emails if they contain confidential or confidential data
• Control the use of personal property devices that access corporate
systems
• There must be pre-established procedures for the response in the
event of an attack, as well as a task force designated for it
ESTABLECER
DETALLADO Y
POLÍTICAS
EXHAUSTIVAS
Source Best Practices for Protecting Against Phishing, Ransomware and Email Fraud An Osterman Research
White Paper Published April 2018
Policies
&
Procedures
31. Policy:
Set security policy, review it regularly for gaps, publish it, and make sure employees
follow it: for example:
Users not opening attachments or clicking on links from an unknown source
Not using USB drives on office computers
Password management policy (not reusing passwords on other sites or machines,
no Post-it notes on screens as password reminders)
Completing specific types of security training including training on security policy,
and the many other details of employee and overall security diligence.
Policy on WiFi access. Include contractors and partners as part of this if they need
wireless access when on site.
Policy should also exist on wire transfers and the handling of confidential
information. Policy should limit such transactions to relatively small amounts.
Anything beyond that threshold must require further authorizations.
Similarly, with confidential information such as IP or employee records, policy should
determine a chain of approvals before such information is released.
31
Source CEO FRAUD: Prevention Manual www.knowBe4.com
32. Procedures:
Block sites known to spread ransomware
Keeping software patches and virus signature files up-to-date
Carry out vulnerability scanning and self-assessment using best practice
frameworks
Conducting regular penetration tests on WiFi and other networks to see
just how easy it is to gain entry.
Procedures must also be developed to prevent CEO fraud.
Wire transfer authorization is one scenario demanding careful attention.
Set it up that any wire transfer requires more than one authorization, as
well as a confirmation beyond email.
Phone, or ideally, face-to-face confirmation should be included.
If by phone, only use a pre-existing number for your contact, not one
given to you in an email, 24 hour waiting period before funds are
transferred.
Effective set of backup, restoration and testing procedures for their
sensitive data assets so that they can recover quickly from ransomware or
other malware infection.
.
32
Source CEO FRAUD: Prevention Manual www.knowBe4.com
33. Infraestructura y
sistemas de
ciberseguridad
`
33
Keep systems up to date; Keep recent backups and test
them periodically
Implement user-computer solutions — ability to detect,
isolate, and remediate
Phishing
Spearphishing
CEO Fraud/BEC
Ransomware threats.
Consider deploying DLP systems
Consider deploying encryption systems
Consider implementing multifactor authentication
Consider implementing advanced threat protection
Consider using virtual Web browsers
Perform penetration tests at least once a year and
every time you make a change to your infrastructure
Best Practices
Technology
38. The Main Vulnerability Vectors
38
Phishing emails/
Training & Email
Security
Web navigator /
Web Isolation
Web applications
Excessive user rights
/ Policies
Untrained users /
Training
Careless use of
passwords/ Policies
& Multifactor
Authentication
Attack on Networks
Hardware and
software not
updated / Policies &
Procedures
Non-segmented
networks /
Segmentation
39. Mobility Global
Can help you to protect your Business
• We have experts to help you to do:
• Business Risk Assessment
• Cybersecurity Policies and Procedures
• Incident response procedures
• Perform Penetration Testing
• We represent the best products to protect your
devices, your network and your Data
• We can design and implement your backup system
39
Talking Points
Now that we’ve talked about the approach and key technologies behind Symantec DLP, I want to take you on a quick tour of our complete family of DLP products.
DLP ENFORCE PLATFORM
DLP Enforce is a single management console that provides broad, unified discovery, monitoring and protection across cloud, network, storage, endpoints and mobile devices.
As your data spreads across a wider range of applications and devices, this ability to consistently define and enforce policies becomes even more critical.
With the DLP Enforce Platform, you can write policies once and then enforce them everywhere.
All of the DLP products we’ll talk about leverage the Enforce platform.
DLP FOR CLOUD
DLP Cloud Service for Email, Cloud Prevent for Microsoft Office 365 and Cloud Storage for Box provide robust discovery, monitoring and protection for your cloud-based email and storage.
DLP FOR NETWORK
DLP Network Monitor, Network Prevent for Email, and Network Prevent for Web give you the ability to monitor a wide range of network protocols and prevent both authorized and unauthorized network users from mishandling confidential data.
DLP FOR STORAGE
DLP Network Discover, Network Protect, Data Insight and the Data Insight Self-Service Portal allow you to take control of all your unstructured data, so it never becomes vulnerable to careless employees and malicious attackers
DLP FOR ENDPOINT
DLP Endpoint Discover and Endpoint Prevent give you the ability to discover, monitor, and protect confidential data on traditional and virtual desktops, whether users are on or off your corporate network. With Symantec DLP, a single highly scalable agent enables both the Endpoint Discover and Endpoint Prevent modules.
DLP FOR MOBILE
DLP for Mobile gives you the visibility and control you need to embrace BYOD and provide the flexible mobile access users want—without putting your information at risk.
Talking Points
Now that we’ve talked about the approach and key technologies behind Symantec DLP, I want to take you on a quick tour of our complete family of DLP products.
DLP ENFORCE PLATFORM
DLP Enforce is a single management console that provides broad, unified discovery, monitoring and protection across cloud, network, storage, endpoints and mobile devices.
As your data spreads across a wider range of applications and devices, this ability to consistently define and enforce policies becomes even more critical.
With the DLP Enforce Platform, you can write policies once and then enforce them everywhere.
All of the DLP products we’ll talk about leverage the Enforce platform.
DLP FOR CLOUD
DLP Cloud Service for Email, Cloud Prevent for Microsoft Office 365 and Cloud Storage for Box provide robust discovery, monitoring and protection for your cloud-based email and storage.
DLP FOR NETWORK
DLP Network Monitor, Network Prevent for Email, and Network Prevent for Web give you the ability to monitor a wide range of network protocols and prevent both authorized and unauthorized network users from mishandling confidential data.
DLP FOR STORAGE
DLP Network Discover, Network Protect, Data Insight and the Data Insight Self-Service Portal allow you to take control of all your unstructured data, so it never becomes vulnerable to careless employees and malicious attackers
DLP FOR ENDPOINT
DLP Endpoint Discover and Endpoint Prevent give you the ability to discover, monitor, and protect confidential data on traditional and virtual desktops, whether users are on or off your corporate network. With Symantec DLP, a single highly scalable agent enables both the Endpoint Discover and Endpoint Prevent modules.
DLP FOR MOBILE
DLP for Mobile gives you the visibility and control you need to embrace BYOD and provide the flexible mobile access users want—without putting your information at risk.