ECI: Anatomy of a Cyber Investigation Who Are

ECI: Anatomy of a Cyber Investigation Who Are

ECI: Anatomy of a Cyber Investigation Who Are the Actors Title 1 Who is Doing it? 70% of breaches involved External agents 48% of breaches involved Internal agents 11% of breaches involved Partner agents

Any breach can involve multiple individuals E.g. An employee of a subcontractors steals Credit Card numbers and delivers the Credit Card Numbers to an external 3rd party Title 2 Who is Doing it? External Agents (70% breaches, 98% of lost data) 24% Organized Criminal Group

21% Unaffiliated Person(s) 3%External Systems or Sites 5%Others (Former Employee, Partner, Competitor, Customer) 45% Unknown Title 3 Who is Doing it? Internal Agents (48% of Breaches, 3% of records) Demographics (90% Deliberate )

51% 12% Regular Employees / end user Finance / Accounting 12% System Admin 7%Upper management 8%Other ( Help desk, Software Dev, Auditor) 9%

Unknown Title 4 Who is Doing it? Partner Agent (11% of Breaches, 1% of records) 3rd party hijack Partner, Deliberate act of Partner Organization that outsource their IT management and support also outsource a

great deal of trust to these partners. poor governance, lax security, and too much trust is often the rule Verizon Data Breach Investigation Report (p. 19) Title 5 How Are They Doing it? Title

6 How did insiders do it? Inter-connected factors and events 48% of breaches included Misuse of privilege 40% of breaches were by Hackers 38% of breaches used of Malware 28% of breaches used Social Engineering 15% of breaches were Physical attacks A single attack can may combine multiple vulnerabilities. Title

7 How did Outsiders do it? Hackers methods Web Applications 54% Remote Access 34% Backdoors 23% Network file sharing 4% Others (physical access, Wireless Network, unk) Title

8 Top 5 Methods of Attack Webpage Access Un / Improperly Secured Access Trusted network connections Trojans / Malware / Spyware Employee Malfeasance Title 9

Top 5 Methods of Attack Web Pages Unsecured web pages access SQL Injection Improperly designed website Oops - errors Title

10 Top 5 Methods of Attack Un / Improperly Secured Access Abandoned / Unguarded computers. Computers with too many connections Brute Force Backdoors Title 11

Top 5 Methods of Attack Trusted network connections Sub contractor / Sister company or agency Title 12 Top 5 Methods of Attack Trojans / Malware / Spyware E-mail of a Trojan Social Engineering

Telephone Contact Email Contact Internet contact (Chat, IM, etc) Customized Malware (Largest attacks) Back doors Title 13 Top 5 Methods of Attack Employee Malfeasance

Abuse of system access Use of un-approved hardware / device Rogue networks Improperly handled data Title 14 Timelines facts How long To Compromise Data Most took days to months

31% took only Minutes Time to Discovery Most took weeks or months 5% took minutes Time to Containment Most took days to weeks *some even months Title 15 Some thoughts 98% came from servers (duh) 85% an not very difficult

61% Discovered by a 3rd party 86% had evidence in log files about attack Title 16

Recently Viewed Presentations

  • Hmm, Shakespeare, Why do I care for thee?

    Hmm, Shakespeare, Why do I care for thee?

    Before Romeo and Juliet, Romance was considered "unsuitable" for a tragedy. Use of soliloquys to reveal characters' minds. Music. 20,000 pieces of music have been linked to Shakespeare's work. ... Holman Hunt, "Claudio and Isabella" from Measure for Measure. Deverell,...
  • Derivatives - Matt Will

    Derivatives - Matt Will

    SWAPS. Birth 1981. Definition - An agreement between two firms, in which each firm agrees to exchange the "interest rate characteristics" of two different financial instruments of identical principal. Key points. Spread inefficiencies. Same notation principal. Only interest exchanged
  • Ch 4 - Physical Properties: Glass and Soil

    Ch 4 - Physical Properties: Glass and Soil

    Physical Properties: Glass and Soil and Impression Analysis Physical and chemical properties. Metric and British systems. Celsius (Centigrade) vs Fahrenheit. Mass vs weight. Density Refractive Index Crystalline vs amorphous solids. Double refraction and birefringes.
  • Code Example LD LD MULTI SUBD DIVD ADD

    Code Example LD LD MULTI SUBD DIVD ADD

    Iowa State University] Other titles: Arial Comic Sans MS Tahoma Wingdings SimSun Helvetica Courier New Times Blueprint Worksheet Microsoft Excel Worksheet Code Example Tomasulo Example Cycle 0 Tomasulo Example Cycle 1 Tomasulo Example Cycle 2 Tomasulo Example Cycle 3 Tomasulo...
  • Chapter—Issue of shares

    Chapter—Issue of shares

    Chapter—Issue of shares ... sources of capital reserve--- Profit on sale of a fixed asset Profit on revaluation of assets& liabilities Profit on forfeiture & reissue of forfeited shares Profit on redemption of debentures at a discount Profit earned by...
  • AFFIRMATIVE FORMAL COMMANDS Also plural commands STEPS FOR

    AFFIRMATIVE FORMAL COMMANDS Also plural commands STEPS FOR

    OR with an -a for -er and -ir verbs. 2. To make the plural (Uds.) command by adding the letter -n to the singular formal command. Verbs with changes in their stem in the present tense usually have the same...
  • Sports Medicine - PC\|MAC

    Sports Medicine - PC\|MAC

    Sports Medicine Technician. Aid therapists & trainers with basic job tasks (place pts in whirlpool, apply hot/cold packs) Monitor clients as they perform therapeutic exercises. They cannot change, add to, or delete exercises without checking with the therapist or ATC....
  • You will find all of the overheads used

    You will find all of the overheads used

    Quoted rate, nominal rate or APR (i) The interest rate. Assume interest rate is annual unless otherwise stated. Future Value (FV) Simple interest. Only one period interest in earned. Compound interest. Multi-period future value. 8/26/2013. Professor James Kuhle, Ph.D. Explain...