ECI: Anatomy of a Cyber Investigation Who Are

ECI: Anatomy of a Cyber Investigation Who Are

ECI: Anatomy of a Cyber Investigation Who Are the Actors Title 1 Who is Doing it? 70% of breaches involved External agents 48% of breaches involved Internal agents 11% of breaches involved Partner agents

Any breach can involve multiple individuals E.g. An employee of a subcontractors steals Credit Card numbers and delivers the Credit Card Numbers to an external 3rd party Title 2 Who is Doing it? External Agents (70% breaches, 98% of lost data) 24% Organized Criminal Group

21% Unaffiliated Person(s) 3%External Systems or Sites 5%Others (Former Employee, Partner, Competitor, Customer) 45% Unknown Title 3 Who is Doing it? Internal Agents (48% of Breaches, 3% of records) Demographics (90% Deliberate )

51% 12% Regular Employees / end user Finance / Accounting 12% System Admin 7%Upper management 8%Other ( Help desk, Software Dev, Auditor) 9%

Unknown Title 4 Who is Doing it? Partner Agent (11% of Breaches, 1% of records) 3rd party hijack Partner, Deliberate act of Partner Organization that outsource their IT management and support also outsource a

great deal of trust to these partners. poor governance, lax security, and too much trust is often the rule Verizon Data Breach Investigation Report (p. 19) Title 5 How Are They Doing it? Title

6 How did insiders do it? Inter-connected factors and events 48% of breaches included Misuse of privilege 40% of breaches were by Hackers 38% of breaches used of Malware 28% of breaches used Social Engineering 15% of breaches were Physical attacks A single attack can may combine multiple vulnerabilities. Title

7 How did Outsiders do it? Hackers methods Web Applications 54% Remote Access 34% Backdoors 23% Network file sharing 4% Others (physical access, Wireless Network, unk) Title

8 Top 5 Methods of Attack Webpage Access Un / Improperly Secured Access Trusted network connections Trojans / Malware / Spyware Employee Malfeasance Title 9

Top 5 Methods of Attack Web Pages Unsecured web pages access SQL Injection Improperly designed website Oops - errors Title

10 Top 5 Methods of Attack Un / Improperly Secured Access Abandoned / Unguarded computers. Computers with too many connections Brute Force Backdoors Title 11

Top 5 Methods of Attack Trusted network connections Sub contractor / Sister company or agency Title 12 Top 5 Methods of Attack Trojans / Malware / Spyware E-mail of a Trojan Social Engineering

Telephone Contact Email Contact Internet contact (Chat, IM, etc) Customized Malware (Largest attacks) Back doors Title 13 Top 5 Methods of Attack Employee Malfeasance

Abuse of system access Use of un-approved hardware / device Rogue networks Improperly handled data Title 14 Timelines facts How long To Compromise Data Most took days to months

31% took only Minutes Time to Discovery Most took weeks or months 5% took minutes Time to Containment Most took days to weeks *some even months Title 15 Some thoughts 98% came from servers (duh) 85% an not very difficult

61% Discovered by a 3rd party 86% had evidence in log files about attack Title 16

Recently Viewed Presentations

  • MATH 3286 Mathematics of Finance Alex Karassev COURSE

    MATH 3286 Mathematics of Finance Alex Karassev COURSE

    46) (Loan) John borrows 1500 and wishes to pay it back with equal annual payments at the end of each of the next ten years. If i = 17% determine the size of annual payment (Mortgage) Jacinta takes out 50,000...
  • UNSWide Timetabling An Overview for Academic Staff Objective

    UNSWide Timetabling An Overview for Academic Staff Objective

    UNSWide Timetabling An Overview for Academic Staff Objective To provide staff with an understanding of the background and context for University-wide timetabling Provide staff with an understanding of how the changes may impact them and their academic unit To provide...
  • Rainer_6e_Chapter6_Slides - City University of New York

    Rainer_6e_Chapter6_Slides - City University of New York

    Portal: offers a personalized, single point of access through a Web browser to critical business information located inside and outside an organization. These portals are also known as enterprise portals, information portals, and enterprise information portals.
  • Chapter 13- Characters and Setting: Who, What, Where and When ...

    Chapter 13- Characters and Setting: Who, What, Where and When ...

    Auditory imagery is the language of sound- auditory images trigger our experiences with sound. Olfactory, gustatory, and tactile imagery refers to smell, taste, and touch- in addition to sight and sound, you will find images from the other senses.
  • VSD Sigrur Bra Fjalldal lknanemi Flokkar hjartagalla  Non-cyanotic

    VSD Sigrur Bra Fjalldal lknanemi Flokkar hjartagalla Non-cyanotic

    VSD Sigríður Bára Fjalldal læknanemi Flokkar hjartagalla Non-cyanotic VSD 32 % PDA 12% Pulmonary stenosa 8% ASD 6% Aorta coarctation 6% Aorta stenosa 5% Cyanotic Tetralogy of Fallot 6% Transposition á stóru æðunum 5% VSD 2-6/1000 32% allra meðfæddra hjartagalla...
  • Introduction to Basic Digital Project Planning

    Introduction to Basic Digital Project Planning

    A Digital Project… Society for Florida Archivists (5/2012) Nemmers and Sullivan. The project is temporary but may lead to ongoing activities. A project has a definite beginning and an ending date. It is temporary; the project ends once the objectives...
  • Labour rights as human rights I: Freedom of association

    Labour rights as human rights I: Freedom of association

    Collective labour rights. Freedom of association and right to organise: Forming and joining trade unions (for the protection of one's interests) / trade unions participate in political arena;
  • PETERLEE TC PUBLIC No password required, you just

    PETERLEE TC PUBLIC No password required, you just

    The Children's Commissioner for England, Anne Longfield OBE, visited County Durham in September 2017 and presented the Children and Families Partnership with a Gold Award in recognition of its outstanding work during the 2016 Takeover Challenge.