O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Cyber Crime - "Who, What and How"

1.307 visualizações

Publicada em

Presentation from the Jisc security conference 2016

www.jisc.ac.uk

Publicada em: Tecnologia
  • Seja o primeiro a comentar

Cyber Crime - "Who, What and How"

  1. 1. Cyber Crime – “Who, What and How” Charlie McMurdie – Senior Cyber CrimeAdvisor PWC 1/11/2016
  2. 2. Cyber Crime “Who, What and How" Charlie McMurdie – Senior Cyber Crime Advisor PWC 1 November 2016
  3. 3. Cyber statistics - Information Security Breaches Survey More sophisticated Longer discovery time UK top target in Europe Human failures 50% of worst breaches due to human error despite increase in staff training
  4. 4. Who is attacking?
  5. 5. PwC Accidental Malware non-targeted Cyber Terrorist Organised Cyber Criminal State- Sponsored Attacks Disgruntled Customer Competitor Disgruntled ex-Employee 3rd Party Provider Threatactorsophistication Hacker Hobbyist Threat actor motivation Hacktivist Insider ££££££££££ Mitigation cost Risk Appetite? 110 million credit card details stolen (Nov 2013) 465,000 prepaid cash cards holder PII breached (July 2013) Nation States Cyber Regimes (e.g. Equation Group) World’s largest DDoS attack impacting Internet from Netherlands ISP - Cyberbunker (March 2013) Lulzsec & Anonymous targeted hacktivists (2012- 2013) Malware wipes 10,000 desktop hard drives (August 2012) £2.3m FSA fine for data loss (August 2010) Edward Snowden discloses NSA and GCHQ spying programmes (June 2013) Employee copies 35,000 client details to personal computer (August 2012) Threats are rapidly increasing and evolving
  6. 6. What’s the impact of a cyber attack? Direct costs Indirect costs Intangible costs Investigation and remediation Regulatory sanction Customer redress Increased cyber insurance premium Customer fraud Class action law suit Damage to brand Heads roll Competitive disadvantage
  7. 7. OPM hack: 21 million people’s personal information stolen, federal agency says 36 million email accounts Extortion : Paranoia: Suicide
  8. 8. UK Top Target for Ddos Attacks 2016 “Record” year for Ransomware 71% increase
  9. 9. Organised crime on an industrial scale
  10. 10. Cyber threats: organised crime PwC
  11. 11. Tango Down!!! UK Subjects Arrested. DDoS on numerous organisations including the Ministry of Sound, Paypal, Mastercard, Amazon. The attacks by Anonymous were under the banner of Operation PAYBACK. The group used Facebook, Twitter and IRC channels to organise LOIC attacks
  12. 12. Cyber crime in the news 12 The Sun Essex geek ‘is Sony hacker’ Ryan, 19, arrested over global cyber attacks Urercilla feu feugiam, quissed elisi eum velit praessequisi exero conse do dunt wisi er summolobor ad do od modip eu feuisl ing et, vel et iriuscinit, venit augiam irillaor amconum quat, conum iure exero dolutem amconum quat la facipis nibh et accummo dionull aorper si. Urercilla feu feugiam, quissed elisi eum velit praessequisi exero conse do dunt wisi er summolobor ad do od modip eu feuisl ing et, vel et iriuscinit, venit augiam irillaor
  13. 13. Major companies and institutions hacked 13 • The Sun • The X Factor • Arizona Department of Public Safety • Sony • The Central Intelligence Agency • SOCA • United States Senate Mastercard
  14. 14. Cyber crime in the news 14 BBC News Man admits hacking abortion provider BPAS’s website James Jeffery, 27, has been remanded in custody after admitting to breaking into the British Pregnancy Advisory Service website on Thursday Urercilla feu feugiam, quissed elisi eum velit praessequisi exero conse do dunt wisi er summolobor ad do od modip eu feuisl ing et, vel et iriuscinit, venit augiam irillaor amconum quat, conum iure exero dolutem amconum quat la facipis nibh et accummo
  15. 15. Cyber crime in the news • Confirmed involvement with Anonymous, LulzSec and AntiSec. • Within seven hours suspect arrested. • Subject was logged into the twitter account of ‘PabloEscobarSec’, and on another computer was in the process of deleting previously stolen data. • Full admissions made to the BPAS offence and further historic hacking, phishing and site defacements, including the US Navy, Arizona State Police, FBI and Facebook. 15
  16. 16. Did Hackers put the London Stock Exchange Website out of commission? (Source:Getty) Cyber Criminals reportedly shut down the London Stock Exchange website last week, keeping it out of action for more than two hours. According to the Mail on Sunday, hacker group Anonymous carried out the attack on Thursday morning. The group claims the attack on the London Stock Exchange was the latest in a series that has also seen it target the websites of NYSE Euronext and the Turkey Stock Exchange as part of a campaign called Op Icarus.
  17. 17. PwC Financial Virtual Task Force
  18. 18. Cyber crime in the news 18 The Guardian Teenagers jailed for running £16m internet crime forum Court told that Ghostmarket website was the ‘criminal equivalent of Facebook’, with links to huge losses from credit card details Urercilla feu feugiam, quissed elisi eum velit praessequisi exero conse do dunt wisi er summolobor ad do od modip eu feuisl ing et, vel et iriuscinit, venit augiam irillaorquissed elisi eum velit praessequisi exero conse do dunt wisi er summolobor ad
  19. 19. GhostMarket Meth Lab £84million n 5 YEARS 8000 users
  20. 20. PwC
  21. 21. PwC “It takes a network to defeat a network”
  22. 22. Cyber threats: protecting what matters Threat intelligence IG Crown jewels What do you have? How is it managed? Who wants it? Who has access to it?
  23. 23. PwC • © 2013Achilleon Consultancy Ltd.. All rights reserved. In this document, Thank you Any Questions? This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. © 2015 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers LLP (a limited liability partnership in the United Kingdom) which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity. Images sourced via Google.

×