cyber threats to law firm finance teams
TRANSCRIPT
YOUR SPEAKER – • 2016 CHIEF SECURITY OFFICER – PRAETORIAN CONSULTING INTERNATIONAL (CYBER SECURITY AUTOMATION)
• 2014 HEAD OF INFORMATION SECURITY – WORLDLINE (ATOS GROUP) (LEVEL ONE SERVICE PROVIDER)
• 2014 CISO LEVEL SECURITY, RISK & COMPLIANCE CONSULTANCY ACROSS EUROPE – DVV SOLUTIONS
• 2013 INFORMATION SECURITY & PCIDSS ASDA & GEORGE (LEVEL ONE MERCHANT)
• 2011 - 2013 INFORMATION SECURITY & PCIDSS MANCHESTER AIRPORTS GROUP (LEVEL THREE MERCHANT)
• 2006-2011 INFORMATION SECURITY & PCIDSS HOMELOAN MANAGEMENT LIMITED (LEVEL ONE SERVICE PROVIDER)
• 2006 ECOMMERCE SECURITY– THOMAS COOK SCHEDULED BUSINESS
SUMMARY– • QUICK LOOK AT BUSINESS FRAUD ‘THE WHAT’
• WIRE TRANSFER
• CONVEYANCING
• QUICK LOOK AT WHAT HAPPENS ‘THE HOW’
• MALWARE
• MONEY MULES
• QUICK LOOK AT ‘THE FIGHT BACK’
• RIGHT PEOPLE
• RIGHT PROCESSES
• ANY REASONABLE TECHNOLOGY
In 2015, 62 per cent of law firms reported they had suffered from a security incident, up from 45 per cent in 2014, according to figures from accountants PwC.
Director of intelligence and investigations at the Solicitors Regulation Authority (SRA), reveals cyber criminals have caused substantial losses to 50 law firms this in 2015, ranging from £50,000 to £2 million, and a further 20 firms had fallen victim to e-mail redirection scams, involving very substantial amounts of money.
Over the last couple of years, Action Fraud said there have been 91 reports of the crime, which amounts to more than £10million of losses.
Quick look at
business fraud
CLASSIC – THE CEO WIRE TRANSFER • NOT A NEW FRAUD, BUT IN THE NEWS
• AS AN ATTACK, THE CEO EMAIL WIRE FRAUD ATTACK COULDN’T BE SIMPLER. THERE’S NO MALWARE TO WRITE AND NO MALICIOUS CODE OR LINKS TO IMPLANT. IT’S A TEXT ONLY EMAIL, PLAIN AND SIMPLE – BUT IT’S THE SOCIAL ENGINEERING THAT MAKES IT WORK.
THE RISING COST OF CEO WIREFRAUD • JAN 2016 – 54M USD
• FEB 2016 – 70M EURO
THE INDUSTRY SPECIAL – CONVEYANCING • EXAMPLE 1 – TARGET THE SELLER
• “HACKING INTO EMAIL ACCOUNTS AND IMPERSONATING THE OWNERS TO STEAL MONEY, INFORMATION OR BOTH IS A GROWING FORM OF CRIME THAT ALMOST COST THIS FAMILY THE ENTIRE PROCEEDS OF THEIR PROPERTY SALE.”
• NICOLE BLACKMORE, DAILY TELEGRAPH
THE INDUSTRY SPECIAL – CONVEYANCING • FIRST EXAMPLE
• TAKEOVER THE SELLERS EMAIL ACCOUNT.
• WAIT FOR BANK INSTRUCTIONS TO GO TO CONVEYANCING FIRM
• SEND NEW EMAIL SAYING THERE HAS BEEN A MISTAKE AND THAT THE PROCEEDS FROM THE SALE NEED TO GO TO A DIFFERENT ACCOUNT
• FIRST EXAMPLE ISSUES
• SELLER RESPONSIBLE FOR THEIR MAILBOX SECURITY
• BANK ONLY USES SORT CODES AND ACCOUNT NUMBERS TO SET UP FUNDS TRANSFER
• THERE IS A VERY SMALL WINDOW OF TIME TO FREEZE A BANK ACCOUNT AND RESTORE FUNDS ON DISCOVERING THIS TYPE OF ATTACK. (<72HRS)
THE INDUSTRY SPECIAL – CONVEYANCING • EXAMPLE 2 – TARGET THE BUYER
• “SOLICITORS ARE CONTINUING TO EXPOSE HOME BUYERS AND SELLERS TO THE RISK OF A GROWING FORM OF FRAUD, EMAIL HACKING. THE PROCEEDS OF PROPERTY TRANSACTIONS ARE AT RISK, IN MANY CASES RUNNING TO HUNDREDS OF THOUSANDS OF POUNDS.”
• NICOLE BLACKMORE, DAILY TELEGRAPH
THE INDUSTRY SPECIAL – CONVEYANCING • SECOND EXAMPLE
• SHORTLY BEFORE COMPLETION THEY RECEIVED AN EMAIL FROM THE SOLICITORS SAYING THAT ITS LLOYDS BANK ACCOUNT WAS BEING AUDITED, SO THE COUPLE NEEDED TO TRANSFER THEIR FUNDS TO THE FIRM’S NATWEST ACCOUNT.
• WANTING TO MAKE SURE THE REQUEST WAS GENUINE, MR JOHN DOE REPLIED ASKING FOR CONFIRMATION OF THEIR UNIQUE CLIENT ID NUMBER. HE RECEIVED A REPLY WITH THE CORRECT DETAILS AND SO, ON THE THURSDAY BEFORE COMPLETION, THE COUPLE WENT TO THEIR LOCAL BARCLAYS BANK AND TRANSFERRED £299,000 TO THE NATWEST ACCOUNT.
• SECOND EXAMPLE ISSUES
• SOLICITORS REFUSED TO ADMIT EMAIL HAD BEEN HACKED AND DENIED ALL LIABILITY FOR THE EMAIL FROM THEIR DOMAIN ASKING FOR THE CHANGE OF BANK DETAILS
• EXTRA FEES INCURRED BY SELLERS TRYING TO GET FUNDS BACK
• WHERE INSURANCE PAYOUTS INCREASE, THEN SO DOES THE COST OF PROFESSIONAL INDEMNITY – WHICH IN TURN COULD INCREASE THE COSTS OF CONVEYANCING
Quick look at
‘The How’
HOW – • A SPOKESPERSON FOR THE GOVERNMENT AGENCY, ACTION FRAUD, SAID: "THROUGH MALWARE OR THROUGH INSECURE NETWORKS
THE FRAUDSTERS WILL BE ABLE TO VIEW A PERSON’S EMAIL EXCHANGES AND THEIR ACTIVITY ONLINE, THIS WILL ALLOW THEM TO FIND OUT INFORMATION ABOUT PEOPLE, READ THEIR EMAILS AND ASCERTAIN THAT THEY ARE IN THE PROCESS OF BUYING A HOUSE."
COFFESHOP WIFI • Q: HOW DO PEOPLES PERSONAL EMAIL ACCOUNTS GET COMPROMISED ?
• A: A CLASSIC WAY IS THROUGH INSECURE NETWORK CONNECTIONS, FOR EXAMPLE, FREE WIFI IN COFFEE SHOPS AND HOTELS
MALWARE BY EMAIL
MALWARE REMOTE ACCESS TROJAN
MONEY MULE –
‘Fighting Back’
TELEGRAPH REPORTER’S ADVICE– • USE A STRONG PASSWORD FOR YOUR EMAIL ACCOUNT THAT IS DIFFERENT FROM YOUR
OTHER ONLINE ACCOUNTS. CHANGE IT REGULARLY.
• PROTECT YOUR DEVICES WITH SECURITY SOFTWARE AND REGULARLY INSTALL UPDATES.
• CONSIDER USING ENCRYPTED EMAILS AND ASK YOUR CONVEYANCING SOLICITOR TO DO THE SAME.
• MAKE IT CLEAR TO YOUR SOLICITOR THAT YOU HAVE NO INTENTION OF CHANGING YOUR BANK ACCOUNT DETAILS. TELL THEM THAT ANY INSTRUCTIONS TO USE A DIFFERENT ACCOUNT – THEIRS OR YOURS – MUST BE GIVEN IN PERSON
PEOPLE AND PROCESSES • EDUCATED YOUR STAFF ON
• PHISHING IN GENERAL
• EMAIL FRAUD IN GENERAL
• WIRE FRAUD AND CONVEYANCING SCAMS
• HAVE EFFECTIVE INTERNAL PROCESSES THAT PREVENT
• USING CHANGES SUBMITTED BY EMAIL THAT HAVE NOT BEEN VERIFIED BY CONTACTING THE PEOPLE INVOLVED
• HAVE A TESTED “INCIDENT RESPONSE” PLAN FOR WHEN THINGS GO WRONG
• KNOW WHO TO CONTACT INTERNALLY AND EXTERNALLY
• BANKING TEAM, LAW ENFORCEMENT, ACTION FRAUD, PUBLIC RELATIONS, RISK DIRECTOR, INSURANCE COMPANY
TECHNOLOGY – THE BASICS • THE BASICS
• ANTIVIRUS
• ANTIMALWARE/SPYWARE
• WEBPROXY
• REMOVE LOCAL ADMIN ACCESS WHERE POSSIBLE
• PATCH APPLICATIONS
• PATCH OPERATING SYSTEM
• NSA HACKER ADVICE
• HTTPS://WWW.YOUTUBE.COM/WATCH?V=BDJB8WOJYDA
TECHNOLOGY – WHEN THINGS GO WRONG • HAVE A TESTED “INCIDENT RESPONSE” PLAN FOR WHEN THINGS GO WRONG
• HTTPS://OTALLIANCE.ORG/SYSTEM/FILES/FILES/RESOURCE/DOCUMENTS/2016-OTA-BREACHGUIDE_UPDATE5-16.PDF
• HTTPS://OTALLIANCE.ORG/SYSTEM/FILES/FILES/INITIATIVE/DOCUMENTS/OTA-2014-EMAILINTEGRITYAUDIT.PDF
TECHNOLOGY – THE STANDARDS
• AUSDSD TOP 35 & CPNI TOP20 • HTTP://WWW.ASD.GOV.AU/INFOSEC/MITIGATIONSTRATEGIES.HTM
• HTTPS://WWW.CPNI.GOV.UK/ADVICE/CYBER/CRITICAL-CONTROLS/
WEB REFS– • HTTP://WWW.RAWSTORY.COM/2016/06/THIS-IS-HOW-HACKERS-CAN-STEAL-MILLIONS-FROM-YOUR-COMPANY-WITH-JUST-ONE-EMAIL/
• HTTP://WWW.TELEGRAPH.CO.UK/FINANCE/PERSONALFINANCE/BORROWING/MORTGAGES/11605010/FRAUDSTERS-HACKED-EMAILS-TO-MY-SOLICITOR-AND-STOLE-340000-FROM-MY-PROPERTY-SALE.HTML
• HTTP://WWW.TELEGRAPH.CO.UK/FINANCE/PERSONALFINANCE/BORROWING/MORTGAGES/11632304/EMAIL-HACKING-ANOTHER-HOME-SELLER-ROBBED-OF-270000.HTML
• HTTP://WWW.TELEGRAPH.CO.UK/FINANCE/PERSONALFINANCE/BORROWING/MORTGAGES/11715616/OUR-300000-HOUSE-BUYING-MONEY-WAS-STOLEN.HTML
• HTTP://WWW.EXPRESS.CO.UK/FINANCE/PERSONALFINANCE/632064/HOMEBUYERS-WARNED-OF-NEW-DEPOSIT-SCAM-AFTER-DEVASTATED-COUPLE-LOSE-45000
• HTTP://WWW.LANCASHIRETELEGRAPH.CO.UK/NEWS/14565802.JAIL_THREAT_TO_MAN_WHO_LAUNDERED_ALMOST___100K_INTO_BANK_ACCOUNT_IN_NATIONAL_SCAM/?REF=MR&LP=3
• HTTP://WWW.PROPERTYINDUSTRYEYE.COM/WARNING-NEW-CASES-COME-TO-LIGHT-ABOUT-EMAIL-HACKING-PROPERTY-SCAM/
• HTTP://WWW.THETIMES.CO.UK/TTO/NEWS/UK/CRIME/ARTICLE4521334.ECE
• HTTP://WWW.PCWORLD.COM/ARTICLE/3025391/AIRCRAFT-PART-MANUFACTURER-SAYS-CYBERCRIME-INCIDENT-COST-IT-54-MILLION.HTML
• HTTPS://WWW.BRUSSELSTIMES.COM/BELGIUM/4944/BELGIAN-BANK-CRELAN-HIT-BY-A-70-MILLION-EUR-FRAUD
• HTTP://LIFEHACKER.COM/5853483/A-GUIDE-TO-SNIFFING-OUT-PASSWORDS-AND-COOKIES-AND-HOW-TO-PROTECT-YOURSELF-AGAINST-IT
• HTTP://CODEBUTLER.COM/FIRESHEEP/
• HTTP://WWW.GLOCALVANTAGE.COM/PREVENT-REMOTE-ACCESS-TROJAN/
• HTTPS://WWW.PROOFPOINT.COM/US/IMPOSTOR-EMAIL-THREATS-INFOGRAPHIC
• HTTPS://WWW.IAD.GOV/IAD/CUSTOMCF/OPENATTACHMENT.CFM?FILEPATH=/IAD/LIBRARY/IA-GUIDANCE/ASSETS/PUBLIC/UPLOAD/TOP-10-IAD-MITIGATION-STRATEGIES-2015.PDF&WPKES=AF6WOL7FQP3DJIXDXWFBTC2AV9XHQLYTZ6CUUG
Time is precious, thank you for yours
https://uk.linkedin.com/in/jmck4cybersecurity
@CisoAdvisor