System Source Webinar – Don’t Be

the Next Cybercrime Headline - 5/21

Tony Paul PuglieseEnterprise Consulting Engineer

System Source

tpuglies@SYSSRC.com

Brad BrowningChannel Manager – Southeast

Barracuda

bbrowning@barracuda.com

• Introductions – Chris Riley

• Tony Paul Pugliese

• Stopping Security Breaches

• Multi-Factor Authentication

• Password recommendations

• Brad Browning

• Threat landscape evolution

• Q&A – Chris Riley

Agenda

We Hope You are

Enjoying Your

Pizza!!

If you haven’t received your pizza,

then contact Mike Jones:

mjones@syssrc.com

During the Webinar…

Audio – In presentation mode until end

Control Panel

View webinar in full screen mode

In Chat – Tell us what you hope to learn today?

Feel free to submit written questions

Evaluation just after webinar finish

Stopping Security Breach Sources

• Verizon Data Breach Investigations report

• System Source Managed Services

Tony Paul Pugliese

Mobile Attacks• Mobile users more susceptible to social attacks

• Limited screen size

• Limited verification ability

• Devices have Consumer focus

• Mobile users often multi-tasking and not focusing

Social Attacks

• Pretexting

“false narrative to get information or influence behavior”< 10% pretext incidents include malware

• 2 main targets

Finance – wire transfer or phony invoice paymentHR – W2 information for fraudulent tax returns

Web Applications • Web app was path of the attack

Errors•Unintentional action directly compromising asset

Misuse•Unapproved or malicious use of resources

•Privilege abuse

•For fun, curiosity or financial gain

Top Breach Patterns We Can Learn From

Web Application Attacks

• Code / framework exploit

• >50% cloud email server access

• Thwarting authentication process with stolen credentials

• Fixes:

Minimize information or credentials on web server

2FA to slow intruders

Patch CMS and plug-ins consistently

Miscellaneous Errors

Unintentional actions directly compromising security • Delivering data to wrong recipient

• Leads to immediate loss

• Lost or misplaced assets• Misconfiguration (unsecured database)

• Exposing data on public webpage (publishing errors)• Use monitoring and 2nd reviewer when publishing

Miscellaneous Errors

Privilege Misuse

• Mainly insider privilege abuse for $ gain and curiosity

• Security controls for employee misuse may detect external attackers masquerading as privileged users

Improvements for Privilege Misuse

External email tags RDP port check 2FAMobile device

management

External vulnerability

scanBackup checking Disk encryption Dedicated backup server

Email filter tuning IMAP/POP removal Email encryption Internal vulnerability scan

Entrance/Exit process Anti-virus management Firewall review Penetration testing

Compliance reporting Self-service passwords Conditional access Secure workstation image

AD Scan Azure risky login alerts Intrusion protectionAzure Password

protection

DNS filtering Patch management Data loss preventionService account ad hoc

login removal

Security metrics Phishing test with training Single sign-on DDOS protection

Next gen passwordsDisappear from Business

Social Media

Enhanced financial

controls

Email compromise

recovery

In Research: Yubikey Next gen anti-virus

Payroll Fraud phishingResult: Four figure loss

Hi xxxxxx,

I recently switched to a new financial institution and I need your quick assistance to update my paycheck direct deposit details.

Thanks,X

It will never happen to me…

1. Fraudster contacted payroll about new account2. Payroll sent fraudster to xxxxx3. Xxxxx replied to bogus email, would call employee to get new account details.4. Fraudster replied in another email with account details.5. Xxxxx processed payroll deposit to new account.

(later that day) 6. Real employee – text: Where’s my deposit?7. Xxxxx – text: check new account!8. Real employee – text: What new account?9. Money gone.

Improvement for Payroll Fraud

External email tags RDP port check 2FAMobile device

management

External vulnerability

scanBackup checking Disk encryption Dedicated backup server

Email filtering IMAP/POP removal Email encryption Internal vulnerability scan

Entrance/Exit process Anti-virus management Firewall review Penetration testing

Compliance reporting Self-service passwords Conditional access Secure workstation image

AD Scan Risky login alerts Intrusion protection Password protection

DNS filtering Patch management Data loss preventionService account ad hoc

login removal

Security metrics Phishing test with training Single sign-on DDOS protection

Next gen passwordsDisappear from Business

Social Media

Enhanced financial

controls

Email compromise

recovery

In Research: Yubikey Next gen anti-virus

Fraudulent Invoice SubmissionResult: Five Figure Loss

• A manager’s account was hacked

• E-mails watched for financial transactions, determined approval process for order requests

• Created fake invoice from legitimate company and forwarded to her account

• Filled out a required form by copying from older approval

• Forwarded to accounting with her approval e-mail

• Accounting followed the process and paid $xx,xxx. ..

Improvement for Fraudulent Invoices Protection

External email tags RDP port check 2FAMobile device

management

External vulnerability

scanBackup checking Disk encryption Dedicated backup server

Email filtering IMAP/POP removal Email encryption Internal vulnerability scan

Entrance/Exit process Anti-virus management Firewall review Penetration testing

Compliance reporting Self-service passwords Conditional access Secure workstation image

AD Scan Risky login alerts Intrusion protection Password protection

DNS filtering Patch management Data loss preventionService account ad hoc

login removal

Security metrics Phishing test with training Single sign-on DDOS protection

Next gen passwordsDisappear from Business

Social Media

Enhanced financial

controls

Email compromise

recovery

In Research: Yubikey Next gen anti-virus

Deny Risky Logins in Real-Time

Nigerian Login!

Protected Information Sent to OthersResult: Government Inquiry

Protected information emailed to wrong party

Improvement for Protected Information Handling

External email tags RDP port check 2FAMobile device

management

External vulnerability

scanBackup checking Disk encryption Dedicated backup server

Email filtering IMAP/POP removalEmail encryption/

Azure Rights MgmtInternal vulnerability scan

Entrance/Exit process Anti-virus management Firewall review Penetration testing

Compliance reporting Self-service passwords Conditional access Secure workstation image

AD Scan Risky login alerts Intrusion protection Password protection

DNS filtering Patch management Data loss preventionService account ad hoc

login removal

Security metrics Phishing test with training Single sign-on DDOS protection

Next gen passwordsDisappear from Business

Social Media

Enhanced financial

controls

Email compromise

recovery

In Research: Yubikey Next gen anti-virus

Healthcare Ransomware IncidentResult: 200+ Computers Replaced

• Infected systems reimaged/replaced eliminating forensics

• Incomplete patching• Inconsistent patch configuration (manual/automated)

• Some PCs not requesting needed patches

• Vendors not patching• Old, less visible PCs including displays and timeclocks

• Some OS versions frozen because of software incompatabilties

• Source traced to parent institution

Improvement for Ransomware Protection

External email tags RDP port check 2FAMobile device

management

External vulnerability

scanBackup checking Disk encryption Dedicated backup server

Email filtering IMAP/POP removal Email encryption Internal vulnerability scan

Entrance/Exit process Anti-virus management Firewall review Penetration testing

Compliance reporting Self-service passwords Conditional access Secure workstation image

AD Scan Risky login alerts Intrusion protection Password protection

DNS filtering Patch management Data loss preventionService account ad hoc

login removal

Security metrics Phishing test with training Single sign-on DDOS protection

Next gen passwordsDisappear from Business

Social Media

Enhanced financial

controls

Email compromise

recovery

In Research: Yubikey Next gen anti-virus

Multi-Factor Authentication

Multi-Factor Authentication

• Name + Password = “Something you know”• Hackers have multiple ways to get passwords:

• Compromised site

• Phishing

• Malware / keylogger

• Static passwords are not safe!

Office 365 / Azure AD MFA

Multi-Factor Authentication• Office 365

• Provides / forces MFA for the following admin accounts• Global administrator

• SharePoint administrator

• Exchange administrator

• Conditional Access administrator

• Security administrator

• Helpdesk administrator or password administrator

• Billing administrator

• User administrator

• Authentication administrator

Multi-Factor Authentication

• MFA Recommended for• Remote communications (start VPN connection)

• Corporate resource external access (Windows Remote Desktop / Citrix / VDI)

• Web-based application portals – internal or cloud-based

• Office 365

Microsoft password

guidelines

Microsoft password guidelines• Follow new NIST guidelines

• Evolving password requirements to fit reality of hacking attempts versus illusion of added safety

• Do away with requirements around:• minimum length

• complexity• (upper / lower letters + numbers + symbols)

• password expiration

Microsoft Password Guidelines

• Educate users not to reuse organization credentials anywhere else

“This is not just theoretical: for Microsoft account, we see hackers testing leaked credentials against our systems at an average of 12M credential pairs every day.

It is common practice for cyber criminals to try compromised credentials across many sites.” 4

4 Microsoft Password Guidance – Jun 2016.

Microsoft Password Guidelines

• Enforce Multi-Factor Authentication registration

• Users should maintain current security information so they can respond to security challenges and be notified of security events.• alternate email address

• Phone number

• device registered for push notifications

• DON’T depend on SMS

Microsoft Password Guidelines

• Use risk based multi-factor authentication

• Strikes balance of safety and user convenience

• When system detects suspicious activity, it can challenge the user to ensure that they are the legitimate account owner.

Microsoft Password Protection

• Microsoft now bans common passwords when the user changes password on Office 365 / Azure AD

• Microsoft account currently bans patterns which are commonly used in attacks, or even close to those patterns

Microsoft Password Protection• Microsoft now bans common passwords when the user changes

password on Office 365 / Azure AD

• Microsoft account currently bans patterns which are commonly used in attacks, or even close to those patterns

Microsoft Password Protection

• Microsoft now bans common passwords when the user changes password on Office 365 / Azure AD

• Microsoft account currently bans patterns which are commonly used in attacks, or even close to those patterns

• Azure AD Password Protection protects your organization by detecting and blocking known weak passwords and their variants

• allows custom defined terms specific to each organization

Microsoft Password Protection• Microsoft now bans common passwords when the user changes

password on Office 365 / Azure AD

• Microsoft account currently bans patterns which are commonly used in attacks, or even close to those patterns

• Azure AD Password Protection protects your organization by detecting and blocking known weak passwords and their variants

• allows custom defined terms specific to each organization

Microsoft Password Protection

• Microsoft now bans common passwords when the user changes password on Office 365 / Azure AD

• Microsoft account currently bans patterns which are commonly used in attacks, or even close to those patterns

• Azure AD Password Protection protects your organization by detecting and blocking known weak passwords and their variants

• allows custom defined terms specific to each organization

• rule matches are "fuzzy" and look at variants of global list and custom terms, user-names and tenant names.

• can be extended to on-premises AD

Microsoft Dynamically Banned Passwords

• Microsoft now bans common passwords when the user changes password on Office 365 / Azure AD

• Microsoft account currently bans patterns which are commonly used in attacks, or even close to those patterns

• Azure AD Password Protection protects your organization by detecting and blocking known weak passwords and their variants

• allows custom defined terms specific to each organization

• rule matches are "fuzzy" and look at variants of global list and custom terms, user-names and tenant names.

• can be extended to on-premises AD

Microsoft Password Protection•Pricing

• Cloud-only users• Check against global list = free,

• Custom list requires Azure AD P1 or P2

• AD Synced users, Azure AD Premium P1 or P2.• P1 = 6$ / user / month

• P2 = 9$ / user / month

• (Pricing shown is unbundled)

Threat landscape evolution

Brad BrowningChannel Manager – Southeast

Barracuda

More targeted, sophisticated and costly

93%

Most breaches start with email

Social engineering represents 93% of email breaches.

- 2018 Verizon DBIR

BR

AN

D -

Co

nfid

ential

CONFIDENTIAL

Email Security Stack

BR

AN

D -

Co

nfid

ential

CONFIDENTIAL

• Free tool - scans an Office 0365 tenant and relates directly to our Sentinel (AI based solution)

• Provides detailed report of all threats found regardless of the Gateway in place

• Highlights gaps in existing email security solution

• Identifies security and compliance threats already existing in user mailboxes

What is the Email Threat Scan?

Sentinel - API based e-mail protection solutionComprehensive Spear Phishing Protection

AI for Real-

Time Spear

Phishing

Prevention

Domain Fraud

Visibility and

Protection

with DMARC

Fraud

Simulation for

High-Risk

Individuals

PhishlineWhy Security Awareness Training?

Security is not a destination- you cannot arrive at “secure”, it’s an ongoing pursuit.

Frequent testing exposes users to a variety of attack types and promotes proper detection and handling techniques

Continuous training reinforces security best practices that users utilize in their day-to-day lives

Simulation

Training

Analysis

SimulationMulti-vector threat

simulation to assess user

awareness

TrainingExtensive library of

training content

tailored for different

learning styles and

abilities.

AnalysisDetailed reporting metrics

to determine effectiveness

and inform the next

campaign

Components of a Security Awareness Program

Security Awareness TrainingWhen?

• Part of new hiring practices

• As a follow up to testing results

• To measure program’s success

…You’re dealing with humans

How?

• Via PhishLine

• Using training link

• You company intranet site

• A Learning Management System (LMS)

What?• 30+ Video Modules

• 20+ Languages

• Short, colorful, designed for the adult learner• Quiz and No Quiz

• Easy to Deploy

• Click Thinking

• Can be bundled and customized*

Q & A

Kindly complete the survey at the end of this webinar. We will use your feedback to help us

improve.

THANK YOU!