SlideShare une entreprise Scribd logo

CyberCrime attacks on Small Businesses

Télécharger en tant que PPTX, PDF
Jose L. Quiñones-Borrero
Jose L. Quiñones-Borrero

Presentation at "Escena Criminal" about cybercrime

Technologie
1  sur  26
Jose L. Quinones, BS MCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHSA
UPR, School of Medicine – IT Director Obsidis Consortia, Inc. – President & Founder Security B Sides Puerto Rico – Organizer Init6 Security User Group – Founder & Mentor Self Employed - Technical Instructor  “The Cleaner” PRgov - Information Security Council Member  “Jedi Master”
60% of small businesses that experience a data breach are out of business within 6 months. IBM says there were 1.5 Million attacks alone in 2013, and 81% of them happened to small businesses. Visa reports that 90% of the payment data breaches reported come from small businesses.
Trojans Botnets (Zombie + C&C) Some notorious ones are Citadel – Taken down by Microsoft on 2011 Spy eye – Developers were arrested in 2012 Zeus – In 2014, Spamhaus detected 7,182 distinct IP addresses that hosted a botnet controller
 Is a type of malware which restricts access to the computer system or files that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.  Transactions are made with money cards, wire transfers and most recently , bitcoin.  If you get bit by this bug most likely you will have to pay to recover your files.
 How to recognize Phishing  Legitimate organizations don’t ask for sensitive data over an email.  Is the grammar and lexicon appropriately used? (broken language)  Did you expect a message from that person?  Is the website name spelled correctly (Ex. Amazone.com) How to respond to Phishing  DELETE immediately  Don’t click stuff, enter the link in the browser by hand  Hover over the link to verify the link (still dangerous)  Don't open e-mail attachments …NEVER! If you fell for it …  Change your passwords  Contact any institutions you think its been compromised  Report it to: http://www.ic3.gov
Common Techniques  Impersonation  Pretext  Framing  Elicitation Common attacks  Customer Service  Tech support  Delivery person  Phone  Email/Phishing http://www.social-engineer.org/framework/general-discussion/
 Owners don’t want to mess with their money machines.  The misconception of “that’s just a cash register”  There is new breed of malware specifically for POS. (ie. Back off PoS)  The reality is that most PoS and Kiosks are fully working computers that run some kind software over a common Operating System (ei. Microsoft Windows) connected to the network.
• (3) copies of your data (local, external drive, cloud) • (2) different media (external drive, cloud, DVD) • (1) copy stores offsite (cloud, home, office, storage facility)
Do not use personal information for passwords Do not use dictionary words as passwords Use at least 3 of the following: a-z, A-Z, 0-9, !@#$%^&* At least 16 characters long Use passphrases  Ex. I like cold pizza, 1 Lik3 c0ld Pizz4! Change regularly (every 90 days) Use a password manager (LastPass)
Use only when absolutely necessary Isolate guest network Authenticate & control access Limit the number of services available (http, https, dns) Use WPA2 with a strong password Control output power * Turn off beacon broadcasting * Use MAC filtering * * Not effective against a skilled attacker
1. Use Password protected access control 2. Control application access and permission 3. Keep the OS and firmware current (update) 4. Backup your data 5. Use remote or automatic wipe if stolen or lost 6. Don’t store personal financial data on your device 7. Beware o free apps 8. Try mobile antivirus (Android) 9. Control Wireless connectivity (Wi-Fi, Bluetooth, NFC, RFID) 10. If possible use a Mobile Device Management (MDM) solution
Read carefully the Terms and conditions of service, and the Privacy Policy You only assurance is a good contract & SLA (get a lawyer) Encrypt everything before uploading it to the cloud Not all clouds are the same, understand you needs. Get the service from a reputable provider.
 Cyber criminal use various method to hide their tracks  Tor Onion Router - Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.  Private VPN - individuals can use VPNs to get access to network resources when they're not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they're using an untrusted public network.  Proxy Servers - In a personal computing context, proxy servers are used to enable user privacy and anonymous surfing.  Spoofing - a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
Data Breaches  http://breachlevelindex.com/#sthash.Whzg9ESf.dpbs Zeus Tracker  https://zeustracker.abuse.ch/monitor.php Live Attack Maps  http://map.ipviking.com/  https://www.fireeye.com/cyber-map/threat-map.html  http://www.sicherheitstacho.eu/  https://cybermap.kaspersky.com/  http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=16434&vie w=map  https://labs.opendns.com/global-network/
 Verizon Data Breach Investigations Report  http://www.verizonenterprise.com/DBIR/  Mandiant Reports  https://www.mandiant.com/resources/mandiant-reports/  IBM Cost of Breach  http://www-935.ibm.com/services/us/en/it-services/security-services/cost-of-data-breach/  Symantec Threat Report  http://www.symantec.com/security_response/publications/threatreport.jsp  Kaspersky Security Analysis  https://securelist.com/analysis/kaspersky-security-bulletin/67864/kaspersky-security-bulletin- 2014-predictions-2015/  MacAfee Threat Report  http://www.mcafee.com/us/apps/view-all/publications.aspx?tf=aaae16480
Blog: http://codefidelio.org Email: josequinones@codefidelio.org Twitter: @josequinones G+: https://plus.google.com/u/2/+JoseLQuinonesBorrero

Recommandé

[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss PreventionSeqrite
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the worldSeqrite
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyHaider Ali Malik
 
Presentation on Software Piracy
Presentation on Software PiracyPresentation on Software Piracy
Presentation on Software PiracyPallavi Agarwal
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingSeqrite
 
Computer Security
Computer SecurityComputer Security
Computer SecurityVaibhavi Patel
 

Recommandé

[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss PreventionSeqrite
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the worldSeqrite
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyHaider Ali Malik
 
Presentation on Software Piracy
Presentation on Software PiracyPresentation on Software Piracy
Presentation on Software PiracyPallavi Agarwal
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingSeqrite
 
Computer Security
Computer SecurityComputer Security
Computer SecurityVaibhavi Patel
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksVladimir Jirasek
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industrySeqrite
 
Insider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataInsider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataLindsey Landolfi
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate ITPeter Wood
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Software Piracy
Software PiracySoftware Piracy
Software PiracyByerdavi
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device SecurityQuick Heal Technologies Ltd.
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Small Business
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?Spire Research and Consulting
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its PreventionDinesh O Bareja
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber CrimeDr Raghu Khimani
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
Computer Security
Computer SecurityComputer Security
Computer SecurityKlynveld Peat Marwick Goerdeler Global Services
 
Top Cyber Security Concerns for Small Businesses
Top Cyber Security Concerns for Small BusinessesTop Cyber Security Concerns for Small Businesses
Top Cyber Security Concerns for Small BusinessesJairo Batista, MBA
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityJamshidRaqi
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?RONIKMEHRA
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterJose L. Quiñones-Borrero
 
Securing Your Business
Securing Your BusinessSecuring Your Business
Securing Your BusinessJose L. Quiñones-Borrero
 

Contenu connexe

Tendances

Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksVladimir Jirasek
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industrySeqrite
 
Insider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataInsider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataLindsey Landolfi
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate ITPeter Wood
 
Software Piracy
Software PiracySoftware Piracy
Software PiracyByerdavi
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Small Business
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its PreventionDinesh O Bareja
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber CrimeDr Raghu Khimani
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
Top Cyber Security Concerns for Small Businesses
Top Cyber Security Concerns for Small BusinessesTop Cyber Security Concerns for Small Businesses
Top Cyber Security Concerns for Small BusinessesJairo Batista, MBA
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?RONIKMEHRA
 

Tendances (20)

Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industry
 
Insider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataInsider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary Data
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Software Piracy
Software PiracySoftware Piracy
Software Piracy
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber Crime
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Top Cyber Security Concerns for Small Businesses
Top Cyber Security Concerns for Small BusinessesTop Cyber Security Concerns for Small Businesses
Top Cyber Security Concerns for Small Businesses
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?
 
Security threats
Security threatsSecurity threats
Security threats
 

En vedette

Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterJose L. Quiñones-Borrero
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneJose L. Quiñones-Borrero
 
Power Point Hacker
Power Point HackerPower Point Hacker
Power Point Hackeryanizaki
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 

En vedette (6)

Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Securing Your Business
Securing Your BusinessSecuring Your Business
Securing Your Business
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your Drone
 
Power Point Hacker
Power Point HackerPower Point Hacker
Power Point Hacker
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 

Similaire à CyberCrime attacks on Small Businesses

Crimes in digital marketing..pptx
Crimes in digital marketing..pptxCrimes in digital marketing..pptx
Crimes in digital marketing..pptxRajviNikeetaRathore
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Cengage Learning
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfSoo Chin Hock
 
8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catchiYogi
 
First Union Bank Report
First Union Bank ReportFirst Union Bank Report
First Union Bank ReportYogesh Kumar
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptxTapan Khilar
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfLucaMartins7
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Symptai Consulting Limited
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4Anne ndolo
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksMichael Davis
 

Similaire à CyberCrime attacks on Small Businesses (20)

Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paper
 
Information security
Information securityInformation security
Information security
 
Crimes in digital marketing..pptx
Crimes in digital marketing..pptxCrimes in digital marketing..pptx
Crimes in digital marketing..pptx
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch
 
First Union Bank Report
First Union Bank ReportFirst Union Bank Report
First Union Bank Report
 
C3
C3C3
C3
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptx
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdf
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security Risks
 

Plus de Jose L. Quiñones-Borrero

Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?Jose L. Quiñones-Borrero
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresJose L. Quiñones-Borrero
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingJose L. Quiñones-Borrero
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Jose L. Quiñones-Borrero
 
Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Jose L. Quiñones-Borrero
 
InfoSec professional advice to university students
InfoSec professional advice to university students InfoSec professional advice to university students
InfoSec professional advice to university students Jose L. Quiñones-Borrero
 
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meetingBYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meetingJose L. Quiñones-Borrero
 

Plus de Jose L. Quiñones-Borrero (12)

Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchain
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
 
Cryto Party at CCU
Cryto Party at CCUCryto Party at CCU
Cryto Party at CCU
 
Weaponization of IoT
Weaponization of IoTWeaponization of IoT
Weaponization of IoT
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and Countermeasures
 
InfoSec Gamification
InfoSec GamificationInfoSec Gamification
InfoSec Gamification
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
 
Pivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG PresentationPivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG Presentation
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
 
Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013
 
InfoSec professional advice to university students
InfoSec professional advice to university students InfoSec professional advice to university students
InfoSec professional advice to university students
 
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meetingBYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
 

Dernier

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Dernier (20)

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

CyberCrime attacks on Small Businesses

  • 1. Jose L. Quinones, BS MCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHSA
  • 2. UPR, School of Medicine – IT Director Obsidis Consortia, Inc. – President & Founder Security B Sides Puerto Rico – Organizer Init6 Security User Group – Founder & Mentor Self Employed - Technical Instructor  “The Cleaner” PRgov - Information Security Council Member  “Jedi Master”
  • 3.
  • 4.
  • 5. 60% of small businesses that experience a data breach are out of business within 6 months. IBM says there were 1.5 Million attacks alone in 2013, and 81% of them happened to small businesses. Visa reports that 90% of the payment data breaches reported come from small businesses.
  • 6.
  • 7. Trojans Botnets (Zombie + C&C) Some notorious ones are Citadel – Taken down by Microsoft on 2011 Spy eye – Developers were arrested in 2012 Zeus – In 2014, Spamhaus detected 7,182 distinct IP addresses that hosted a botnet controller
  • 8.  Is a type of malware which restricts access to the computer system or files that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.  Transactions are made with money cards, wire transfers and most recently , bitcoin.  If you get bit by this bug most likely you will have to pay to recover your files.
  • 9.
  • 10.  How to recognize Phishing  Legitimate organizations don’t ask for sensitive data over an email.  Is the grammar and lexicon appropriately used? (broken language)  Did you expect a message from that person?  Is the website name spelled correctly (Ex. Amazone.com) How to respond to Phishing  DELETE immediately  Don’t click stuff, enter the link in the browser by hand  Hover over the link to verify the link (still dangerous)  Don't open e-mail attachments …NEVER! If you fell for it …  Change your passwords  Contact any institutions you think its been compromised  Report it to: http://www.ic3.gov
  • 11. Common Techniques  Impersonation  Pretext  Framing  Elicitation Common attacks  Customer Service  Tech support  Delivery person  Phone  Email/Phishing http://www.social-engineer.org/framework/general-discussion/
  • 12.  Owners don’t want to mess with their money machines.  The misconception of “that’s just a cash register”  There is new breed of malware specifically for POS. (ie. Back off PoS)  The reality is that most PoS and Kiosks are fully working computers that run some kind software over a common Operating System (ei. Microsoft Windows) connected to the network.
  • 13.
  • 14.
  • 15. • (3) copies of your data (local, external drive, cloud) • (2) different media (external drive, cloud, DVD) • (1) copy stores offsite (cloud, home, office, storage facility)
  • 16. Do not use personal information for passwords Do not use dictionary words as passwords Use at least 3 of the following: a-z, A-Z, 0-9, !@#$%^&* At least 16 characters long Use passphrases  Ex. I like cold pizza, 1 Lik3 c0ld Pizz4! Change regularly (every 90 days) Use a password manager (LastPass)
  • 17.
  • 18. Use only when absolutely necessary Isolate guest network Authenticate & control access Limit the number of services available (http, https, dns) Use WPA2 with a strong password Control output power * Turn off beacon broadcasting * Use MAC filtering * * Not effective against a skilled attacker
  • 19. 1. Use Password protected access control 2. Control application access and permission 3. Keep the OS and firmware current (update) 4. Backup your data 5. Use remote or automatic wipe if stolen or lost 6. Don’t store personal financial data on your device 7. Beware o free apps 8. Try mobile antivirus (Android) 9. Control Wireless connectivity (Wi-Fi, Bluetooth, NFC, RFID) 10. If possible use a Mobile Device Management (MDM) solution
  • 20. Read carefully the Terms and conditions of service, and the Privacy Policy You only assurance is a good contract & SLA (get a lawyer) Encrypt everything before uploading it to the cloud Not all clouds are the same, understand you needs. Get the service from a reputable provider.
  • 21.
  • 22.
  • 23.  Cyber criminal use various method to hide their tracks  Tor Onion Router - Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.  Private VPN - individuals can use VPNs to get access to network resources when they're not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they're using an untrusted public network.  Proxy Servers - In a personal computing context, proxy servers are used to enable user privacy and anonymous surfing.  Spoofing - a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
  • 24. Data Breaches  http://breachlevelindex.com/#sthash.Whzg9ESf.dpbs Zeus Tracker  https://zeustracker.abuse.ch/monitor.php Live Attack Maps  http://map.ipviking.com/  https://www.fireeye.com/cyber-map/threat-map.html  http://www.sicherheitstacho.eu/  https://cybermap.kaspersky.com/  http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=16434&vie w=map  https://labs.opendns.com/global-network/
  • 25.  Verizon Data Breach Investigations Report  http://www.verizonenterprise.com/DBIR/  Mandiant Reports  https://www.mandiant.com/resources/mandiant-reports/  IBM Cost of Breach  http://www-935.ibm.com/services/us/en/it-services/security-services/cost-of-data-breach/  Symantec Threat Report  http://www.symantec.com/security_response/publications/threatreport.jsp  Kaspersky Security Analysis  https://securelist.com/analysis/kaspersky-security-bulletin/67864/kaspersky-security-bulletin- 2014-predictions-2015/  MacAfee Threat Report  http://www.mcafee.com/us/apps/view-all/publications.aspx?tf=aaae16480
  • 26. Blog: http://codefidelio.org Email: josequinones@codefidelio.org Twitter: @josequinones G+: https://plus.google.com/u/2/+JoseLQuinonesBorrero