how technology helps thieves steal your identityplansource.com/collateral/how technology...

NOT FOR DISTRIBUTION

PRESENTED TO:

How Technology Helps Thieves Steal Your Identity JUNE 2017

NOT FOR DISTRIBUTION 2

Intro: Joel Vander LeestDirector of Business Development


EVOLUTION OF CRIME ON THE INTERNET

3

Bitcoin introduced as a form of online

payment, giving cybercriminals

anonymity

More than 15M people will have their identities stolen this

year, the highest on record

Internet technology gains popularity for everyday financial

transactions, fueling a new type of theft

One of the first computer worms,

Morris Worm, distributed via

the Internet

First known computer virus, Creeper,

targeted a telephone company to make free

long distance calls


HACKING INTO YOUR LIFE

5


TODAY, ATTACKERS CAN HIDE IN PLAIN SIGHT

6

• Cybercriminals weaponize commonly

used software

• Two popular tools for spreading malware

are Microsoft Office files and PowerShell

(a scripting language)

• Tools initially created to provide

administrative privileges for IT people

are equally as useful for thieves

• Legitimate tools leave a lighter footprint

and are more difficult to detect


TECHNOLOGY HAS BECOME MUNDANE

7

• Phone

• Clock

• Camera

• Movie recorder

• Music player

• E-reader

• GPS

• Game console

• Television

• Calculator

You have in your pocket a single device that is a:


VIRTUAL OFFICE SERVICES

8

• An office location, and corresponding mailing

address, shared by many businesses

• Popular for businesses that are out of state,

want a prestigious street address, or for small

businesses that want to appear larger

• Can be rented over the phone or Internet,

without ever setting foot in the location

• For cybercriminals, a local address, telephone

number, mail forwarding and reception services

are quite useful in their scams


8 CURRENT CYBER THREATS YOU SHOULD KNOW ABOUT

9


1. SPAM

10

• Email is the primary delivery

method for malware, ransomware

and a host of other cyber threats

• Frighteningly, a growing proportion

of email-borne malware is driven

by professional or government-

sponsored organizations


2. RANSOMWARE

11

Arguably the most

dangerous cyberthreat

in 2016


HOW RANSOMWARE WORKS

12

Victims paid on average $1,077 in ransom in 2016, but only 47% of victims who pay get their files back.

2. RANSOMWARE


3. MALWARE

13

• Savvy criminals use social engineering

tactics to compel victims to open the

email and attachment

• Popular tactics for delivering email

malware are:

1. Fake invoices

2. Fake scans

3. Email delivery failure notices with an attachment


4. PHISHING

14

• Mass-distributed phishing declining as

consumers are increasingly aware of

the dangers of clicking unknown links

• 1 in 2,596 emails in 2016 as compared

to 1 in 1,846 emails in 2015

• “Spearfishing” a specific target for

subversive purposes is a new form

of attack

• Power stations in Ukraine

• DNC email breach


Here are just a few of the items for sale on the dark web:

15

• Identities including name, social

security number, and date of birth

• Scanned passports

• Scanned utility bills or

other documents

• Retail shopping accounts like

Amazon and Walmart

• Credit cards

• Bank accounts

• Paypal accounts

• Uber accounts

• Netflix and Spotify accounts

• Restaurant gift cards, hotel bookings, frequent flyer miles

• Money transfers like Bitcoin

Much of this trade is made possible by The Onion Router, or Tor, free software that masks a user’s identity by hiding the originating and destination IP addresses.

5. THE DARK WEB


• Using legitimate features and tools to

carry out attacks

• Difficult to detect as it is often mistaken

for day-to-day network activity

• Most common legitimate tool misused

by hackers is Mimikatz, which can:

• Change privileges

• Export security certificates

• Recover Windows passwords

6. LIVING OFF THE LAND

16


• Allow thieves to bypass security, exfiltrate

stolen data, and cause maximum disruption

• Growing vulnerability

• Organizations use on average 928 cloud apps,

but CIOs typically believe it’s less than 40

• Early 2016 example in California

• 4,000 cloud-based files locked by ransomware

• Began when an employee opened a malicious email and attachment

• Files were restored after one week, thanks to daily backups

7. CLOUD-BASED APPS

17


• EMV (Europay, MasterCard and Visa), or chip cards,

contain computer chips used to authenticate each

transaction with a unique code that can’t be used again

• Cybercriminals are rushing to steal

what they can before the EVM

transition in the U.S. is complete

• ATMs and POS terminals are under

attack from skimming devices

• Doesn’t protect against card-not-present

fraud, which is expected to rise to $7B by 2020

8. EMV TECHNOLOGY

18


DATA SUPPORT

19


DATA SUPPORT – BREACHES

20

• In the last 8 years, more than 7B online identities

have been stolen through data breaches, which

is almost equivalent to one for every person on

the planet (ISTR)

• Average number of identities stolen per breach

is 1M (ISTR)

• 15 mega breaches in 2016 – in which more than

10M identities are stolen (ISTR)

• 1 in 3 notified data breach victims experience fraud in the same year (Javelin)

• Breaches are a “practical guarantee that accounts and identities are

at risk” (Javelin)


DATA SUPPORT – MOBILE

21

• Mobile malware scams are financially motivated – sending

premium text messages, advertisement click fraud, and

ransomware (ISTR)

• Android operating system is the most targeted mobile

platform; attacks on the iOS are rare (ISTR)


DATA SUPPORT – WEB

23


• Time it takes for an IoT to be attacked – 2 minutes (ISTR)

• Fraudsters misused credit and bank accounts an average of 38 days in 2016; new accounts were misused for 131 days (Javelin)

• Many data breaches often go undetected for years. Yahoo didn’t detect or report its 2014 breach until 2016.

DATA SUPPORT – SPEED OF ATTACK


HOW TO PREVENT IT

25


TIPS TO PROTECT YOURSELF

26

• Use strong passwords and

regularly update them

• Don’t reuse passwords across

multiple sites or accounts

• Use two-factor authentication

whenever possible

Strengthen Your First Line of Defense Shop Safely Online

• Shop only on reputable

web sites

• Use credit over debit cards

• Look for the https URL and

the padlock icon

• Make purchases on a secure

network, not public wifi


MONITOR ONLINE ACTIVITY OF MINORS

27

• Enable parental controls

• Place childrens’ computers in a highly

trafficked area of your home

• Bookmark favorite web sites to help them

avoid inappropriate sites

• Teach children to ask permission before

clicking an ad or downloading

• Share an email or social media account with

your child so you can monitor messages

• Set limits on late-night use, when predators

know children may have less supervision


BEST PRACTICES

28

SOFTWARE UPDATES

INCOMING EMAILS

CLOUD SERVICEBACKUP MOBILE

• Keep your operating

system and software

up-to-date

• Use and frequently

update security

software

• Delete and

report suspicious-

looking emails

• When possible, type

web addresses into

your browser instead

of using links in

an email

• Be wary of any Office

attachment that

advises you to

enable macros

• Regularly back up any

files stored on

your computer or

any devices

• Ensure there is an

IT process to regularly

backup company

data stored on

cloud-based apps

• Install apps only from

trusted sources

• Pay close attention

to permissions

requested by apps


ADVANCED IDENTITY MONITORING

29

Backed by 100%

Resolution

Guarantee and

$1M in expense

reimbursement

insurance

Alerted in minutes

by phone, text,

email or mobile*

Certified Customer

Care Advocates

available 24/7

Continuously

monitors credit

activity through

the world’s largest

credit bureaus

Comprehensive

identity

monitoring

searches 279

billion public

records and

even the internet

black market /

dark web

CREDIT MONITORING

CYBER MONITORING

24/7 CALL CENTER

$1M EXPENSE REIMBURSEMENT

INSURANCE

RAPID CREDITALERTS

* Q3 2017


Thank Youwww.idwatchdog.com

[email protected]

blog.idwatchdog.com

twitter.com/ID_Watchdog

facebook.com/IDWatchdog1

30

Joel Vander LeestDirector of Business [email protected]

mailto:[email protected]



how technology helps thieves steal your identityplansource.com/collateral/how technology...

Documents