IH - Security Incidents - Module 5 Powerpoint Presentation.pptx

Dr. Kevin F. Streff Founder and Managing Partner 1 Incident Handler Certification

Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com [email protected] 605.270.4427 2

Agenda 3 Module 1 Incident Response Overview Module 2 Incident Response Laws and Regulations Module 3 The Fit of Incident Response in Information Security and Privacy Programs Module 4 Privacy Incidents Module 5 Security Incidents Module 6 Incident Response Program Overview Module 7 Step 1 - Preparation Module 8 Step 2 - Detection and Analysis Module 9 Step 3 - Contain, Eradicate, and Recover Module 10 Step 4 - Post Incident Activity Module 11 Incident Response Testing Module 12 Third Party Incident Response Requirements Module 13 Incident Response Auditing Module 14 Incident Response Metrics

Module 5 Security Incidents 4

34 newly named adversaries in 2023 230+ total adversaries tracked by CrowdStrike 2:07 mins: fastest recorded eCrime breakout time 75% increase in cloud intrusions 76% spike in data theft victims named on the dark web 75% of attacks were malware-free 2024 CrowdStrike Report 5

Social Engineering Attacks According to the 2024 Data Breach Investigations Report by Verizon, social engineering attacks account for 17% of all data breaches and 10% of cybersecurity incidents, making social engineering one of the three most common cyberattack vectors 6

Example Mailchimp In January 2023, Mailchimp, a prominent platform for email marketing and newsletters, detected an unauthorized user within its infrastructure. They stated that an intruder had gained access to one of the tools Mailchimp uses for user account administration and customer support. The intruder had previously targeted Mailchimp employees and managed to get their account credentials through social engineering techniques. Afterward, the malicious actor used the compromised credentials to access data on 133 Mailchimp accounts. 7

Privilege Abuse Organizations usually have many users with elevated privileges such as admins, technical specialists, and managers. Some can only access certain critical resources, such as specific databases or applications. Others might have full access to every system in the network and even be able to create new privileged accounts without drawing anyone’s attention. If privileged users have malicious intent or have been compromised, it may lead to data breaches, financial fraud, sabotage, and other severe consequences. Unfortunately, it’s hard to detect if a user with elevated access rights is abusing their privileges, as these culprits often cleverly conceal their actions. 8

Example Int ernational Committee of the Red Cross (ICRC) Malicious actors had compromised privileged accounts, used lateral movement techniques to escalate their privileges, and acted under the guise of admins to obtain sensitive data. 9

Data Leakage Occurs when sensitive information is unintentionally exposed to unauthorized parties. For example, a misconfigured cloud storage server might allow easy access to personally identifiable information (PII) and trade secrets 10

Example Pegasus Airlines In June 2022 Discovered an error in the configuration of one of their databases. It turned out that an airline employee had misconfigured security settings and exposed 6.5 terabytes of the company’s valuable data. As a result of the improper configuration of an AWS bucket, 23 million files with flight charts, navigation materials, and the crew’s personal information were available for the public to see and modify. 11

Insider Data T heft In siders may steal data for financial benefit, espionage purposes, ideological reasons, or because of a grudge. For financial institutions, insider data theft may cause financial losses, reputational damage, loss of customer trust, and legal liabilities. 12

Example In May 2023, two former employees stole and leaked Tesla’s confidential data to a German news outlet, Handelsblatt. An investigation showed that malicious insiders breached the company’s IT security and data protection policies to unlawfully obtain and disclose 23,000 internal documents from Tesla, amounting to nearly 100 gigabytes of confidential information. As a result, the personal information of 75,735 current and former Tesla employees was leaked and the company was at risk of facing a $3,3 billion fine for insufficient data protection 13

Intellectual property theft Intellectual property is one of the most valuable types of data an organization possesses. Bright ideas, innovative technologies, and complex formulas give businesses a competitive advantage. It’s no surprise that malicious actors often target their victims’ trade secrets 14

Example In May 2022, Apple sued Rivos, a chip development startup, for allegedly stealing trade secrets after Rivos hired away more than 40 former Apple employees. Apple claimed that at least two of their former engineers took gigabytes of confidential information with them before joining Rivos. Apple suggests that Rivos hired Apple’s former employees to work on competing system-on-chip (SoC) technology. Apple spent billions of dollars and more than a decade of research to create the SoC designs that are now used in iPhones, iPads, and MacBooks. Having access to SoC trade secrets would have significantly aided Rivos in competing against Apple. 15

Third Party Breaches Having a sophisticated supply chain with numerous subcontractors, vendors, and third-party services is the norm for organizations these days. However, granting third parties access to your network is associated with cybersecurity risks. One of the reasons is that your third parties may not always follow all necessary security procedures. Thus, there’s no guarantee that hackers won’t exploit your vendors’ vulnerabilities to access your organization’s assets. 16

Example In March 2024, American Express informed its customers that unauthorized parties gained access to sensitive customer information through a breach in their merchant processor. The breach was caused by a successful point-of-sale attack. American Express emphasized that its internal systems weren’t compromised during the incident. However, the breach at the merchant processor leaked American Express customers’ sensitive data, such as names, current and former account numbers, and card expiration dates. 17

Phishing A threat actor masquerades as a reputable entity or person in an email or other communication channel. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including extracting login credentials or account information from victims. A more targeted type of phishing attack known as spear phishing occurs when the attacker invests time researching the victim to pull off an even more successful attack. 18

Malware This is a broad term for mal icious soft ware for different types of malware that are installed on an enterprise's system. Malware includes Trojans, worms, ransomware, adware, spyware and various types of viruses. Some malware is inadvertently installed when an employee clicks on an ad, visits an infected website, or installs freeware or other software. Signs of malware include unusual system activity, such as a sudden loss of disk space; unusually slow speeds; repeated crashes or freezes; an increase in unwanted internet activity; and pop-up advertisements. 19

DDoS Attack A threat actor launches a distributed denial-of-service attack to shut down an individual machine or an entire network so that it's unable to respond to service requests. DoS attacks do this by flooding the target with traffic or sending it some information that triggers a crash. 20

Wire Fraud Any form of financial fraud committed with the use of electronic communications. Wire transfer fraud is compromising a bank wire. 21

ACH Fraud ACH fraud is the manipulation of or unauthorized initiation of electronic fund transfers through the Automated Clearing House 22

Physical Security Breach ACH fraud is the manipulation of or unauthorized initiation of electronic fund transfers through the Automated Clearing House 23

Summary Both security and privacy incidents need to be reflected in your incident response plans Risk-based approach Identify the potential issues prior to them occurring 24

Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com [email protected] 605.270.4427 25 American Security and Privacy, LLC

IH - Security Incidents - Module 5 Powerpoint Presentation.pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

IH - Security Incidents - Module 5 Powerpoint Presentation.pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Pray For The Peace Of Jerusalem and You Will Prosper

Don_t_Waste_Your_Life_God.....powerpoint

VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf

Fertility awareness methods for women in the society

Chapter 5 Arithmetic Functions Computer Organisation and Architecture

syakira bhasa inggris (1) (1).pptx.......