ECI: Anatomy of a Cyber Investigation Who Are

ECI: Anatomy of a Cyber Investigation Who Are

ECI: Anatomy of a Cyber Investigation Who Are the Actors Title 1 Who is Doing it? 70% of breaches involved External agents 48% of breaches involved Internal agents 11% of breaches involved Partner agents

Any breach can involve multiple individuals E.g. An employee of a subcontractors steals Credit Card numbers and delivers the Credit Card Numbers to an external 3rd party Title 2 Who is Doing it? External Agents (70% breaches, 98% of lost data) 24% Organized Criminal Group

21% Unaffiliated Person(s) 3%External Systems or Sites 5%Others (Former Employee, Partner, Competitor, Customer) 45% Unknown Title 3 Who is Doing it? Internal Agents (48% of Breaches, 3% of records) Demographics (90% Deliberate )

51% 12% Regular Employees / end user Finance / Accounting 12% System Admin 7%Upper management 8%Other ( Help desk, Software Dev, Auditor) 9%

Unknown Title 4 Who is Doing it? Partner Agent (11% of Breaches, 1% of records) 3rd party hijack Partner, Deliberate act of Partner Organization that outsource their IT management and support also outsource a

great deal of trust to these partners. poor governance, lax security, and too much trust is often the rule Verizon Data Breach Investigation Report (p. 19) Title 5 How Are They Doing it? Title

6 How did insiders do it? Inter-connected factors and events 48% of breaches included Misuse of privilege 40% of breaches were by Hackers 38% of breaches used of Malware 28% of breaches used Social Engineering 15% of breaches were Physical attacks A single attack can may combine multiple vulnerabilities. Title

7 How did Outsiders do it? Hackers methods Web Applications 54% Remote Access 34% Backdoors 23% Network file sharing 4% Others (physical access, Wireless Network, unk) Title

8 Top 5 Methods of Attack Webpage Access Un / Improperly Secured Access Trusted network connections Trojans / Malware / Spyware Employee Malfeasance Title 9

Top 5 Methods of Attack Web Pages Unsecured web pages access SQL Injection Improperly designed website Oops - errors Title

10 Top 5 Methods of Attack Un / Improperly Secured Access Abandoned / Unguarded computers. Computers with too many connections Brute Force Backdoors Title 11

Top 5 Methods of Attack Trusted network connections Sub contractor / Sister company or agency Title 12 Top 5 Methods of Attack Trojans / Malware / Spyware E-mail of a Trojan Social Engineering

Telephone Contact Email Contact Internet contact (Chat, IM, etc) Customized Malware (Largest attacks) Back doors Title 13 Top 5 Methods of Attack Employee Malfeasance

Abuse of system access Use of un-approved hardware / device Rogue networks Improperly handled data Title 14 Timelines facts How long To Compromise Data Most took days to months

31% took only Minutes Time to Discovery Most took weeks or months 5% took minutes Time to Containment Most took days to weeks *some even months Title 15 Some thoughts 98% came from servers (duh) 85% an not very difficult

61% Discovered by a 3rd party 86% had evidence in log files about attack Title 16

Recently Viewed Presentations

  • Prinsip-Prinsip Identifikasi Risiko

    Prinsip-Prinsip Identifikasi Risiko

    Teknik pengukuran: credit rating, creditmetrics. Risiko perubahan tingkat bunga : tingkat bunga berubah yang mengakibatkan kerugian pada portofolio perusahaan. Teknik pengukuran: metode pengukuran jangka waktu,durasi. [email protected] / 0811266750 …
  • Group 7, the Halogens

    Group 7, the Halogens

    Group 17—The Halogen Group The halogen fluorine is the most reactive of the halogens in combining with other elements. Representative Elements Chlorine is less reactive than fluorine, and bromine is less reactive than chlorine. Iodine is the least reactive of...
  • Social Studies 30 IB Overview of Topics for IB EXAMS

    Social Studies 30 IB Overview of Topics for IB EXAMS

    The Treaty of Versailles. The Big 3 (4) and each of their intentions. Wilson's 14 points. The military, territorial and economic clauses of TOV. ... Neuilly. Sevres **Not part of Paris Peace Conference** League action 1920-25. 1920 - Aaland Islands...
  • Tercera a octava semana: Período embrionario

    Tercera a octava semana: Período embrionario

    trilaminar. forme las tres hojas embrionarias sus derivados y el proceso de plegamiento que lo convierte en embrión. Objetivo especifico 5-4 El alumno estará en capacidad de explica el desarrollo de la placenta durante el desarrollo del embrión trilaminar.
  • HIPAA - Payers

    HIPAA - Payers

    Staff are handling 80% more claims per claims processor. Business Implications Increase from electronic to paper-based claims will impact resource allocation. Manual workaround and contingency plans required due to change. Example: Health plan experiences a 10% increase in denials due...
  • Disclaimer - in.gov

    Disclaimer - in.gov

    The Indiana State Police is solely responsible for the content of this guide. The program simply offers . examples. ... Locate Reunification Group Site out of line-of-sight of the Registration Desk. Locate Exit Door separately from Entry Point.
  • Biology 211 Anatomy & Physiology I

    Biology 211 Anatomy & Physiology I

    Pattern of nephrons creates pattern of cortex and medulla: Cortex consists primarily of convoluted tubules which twist many directions. Medulla consists primarily of loops of Henle & collecting ducts all oriented in the same direction.
  • Data Mining - SMU

    Data Mining - SMU

    CSE 5331/7331 Fall 2007 Image Mining Margaret H. Dunham Department of Computer Science and Engineering Southern Methodist University Table of Contents Image Mining - What is it?