it security for nonprofits

IT Security Threats to Non-Profits

Community IT Innovators Webinar Series

January 21, 2016

WebinarTips

• InteractAsk Questions via Chat

• FocusAvoid multitasking

• Slides & RecordingWill be posted on website, YouTube channel and SlideShare

About Community ITAdvancing mission

through the effective use of technology.

• Invested Work exclusively with nonprofit organizations, serving over 900 since 1993.

• Strategic Help our clients make IT decisions that support mission.

• Collaborative Team of over 30 staff who empower you to make informed IT choices.

Matthew EshlemanCTOmeshleman@communityIT.com @meshleman

Steve LongeneckerDirector – Infrastructure Consultingslongenecker@communityIT.com @CommunityIT

AgendaThreat Landscape

New in cybercrime

Community IT Security Playbook

Security is headline news

CYBER SECURITYA New Headline

Every Day

Changes in technology

SaaSSubscribe to applications

IaaSRent servers and

storage

CaaSCyberCrime made

easier

Hacker Organization Centralized Build from scratch Own servers Expensive Large targets

Crime Ecosystem Distributed Buy or hosted Specialize in areas Cheap Smaller targets

OLD NEWEvolution of cyber crime

Job postings Payment systems Marketplaces

Cybercrime is easier than everAnd it’s more accessible to everyone

SMB in the crosshairs

PROPORTION OF BREACHES BY ORG

SIZE

15x

1x ORGS WITH 11-100 EMPLOYEES

ORGS WITH <11 or >100 EMPLOYEES2011

41%

TARGETED ATTACKS

AGAINST SMBS

41%36

%18%

2012 2013

41%

Idealware, “What Non-profits need to know about security” January 2016http://www.idealware.org/reports/what-nonprofits-need-know-about-security-practical-guide-managing-risk

In fact, many hackers have discovered that nonprofits make good targets. They are easier to penetrate than large companies with security teams and less likely catch a hacker in the act. Today, most hackers are part of professional rings focused on the bottom line. If there is money to be made by hacking your nonprofit, they won’t hesitate.

Non-Profits can’t hide in the herd

What does it mean to be a target?

https://commons.wikimedia.org/wiki/File:Target_10_points.svg

First stage of attack: Infect

Emails more finely tuned to SMB TACTICTrick SMB into opening link or attachment

http://thetechguyblog.com/wp-content/uploads/2012/08/Screen-Shot-2012-08-13-at-7.37.58-AM.png

http://www.onlinethreatalerts.com/article/2013/12/20/at-t-you-have-a-new-voice-mail-virus-email-message/5.jpg

Malvertising on the Rise

1. Set up a website with exploit kit

2. Run an ad on Yahoo, AOL or other ad network, with legitimate company creative

3. Ad server redirects users to exploit kit site

4. User gets infected

How does malvertising work? Attn: NYTimes.com readers: Do not click pop-up box warning about a virus -- it’s an unauthorized ad we are working to eliminate.The New York Times

Top websites deliver CryptoWall ransomware via malvertising…Adam GreenbergSC Times

Malvertising Targeting SMBs

Image: http://news.softpedia.com/news/CryptoWall-2-0-Delivered-Through-Malvertising-On-Yahoo-and-Other-Large-Sites-462970.shtml#sgal_0

Explosion in SaaS/CaaS Plug-and-Play MarketplaceKits cost as little as $200

ANGLERRIGASTRUM

FIESTA

BLEEDING LIFE

BLACKHOLE

CRIMEPACK

DOTKACHEF

FLASHPACK

GONGDA

NITERIS

LIGHTSOUTNUCLEAR

ARCHIE

SWEETORANGE

Exploit Kits Are Getting Better

http://krebsonsecurity.com/2010/10/java-a-gift-to-exploit-pack-makers/

Malware payload

Increasingly Common Step: DropperIncreasingly Common Option for Ransomware

Bad actor gets a piece of malware on computer

1Malware sits quietly and just phones home; not the flashy/noisy malware

2Bad actor sells or

rents ability to infect computer Malware phones

home Installs main

payload: Ransomware, Keylogger, Spambot

3If contract ends or more capacity, install more malware

4

TACTICMalware that installs other malware

Source: krebsonsecurity.com

Battle Ground Cinema$81,000 stolenSource: Krebs On Security

Delray Beach Public Library$160,000 stolenSource: Krebs On Security

Brookeland Fresh Water Supply District$35,000 stolenSource: Krebs On Security

Spring Hill Independent School District$30,687 stolenSource: News-Journal

Crystal Lake Elementary School District

47$350,000 stolenSource: McHenry County Blog

DKG Enterprises$100,000 stolenSource: Krebs On Security

Downeast Energy & Building Supply$150,000 stolenSource: Bank Info Security

Little & King LLC$164,000 stolenSource: Krebs On Security

SMB bank account breaches

But this is just the beginning…

What about DOWNTIME & DATA THEFT?

TACTICRansom encrypted data

Fake Anti-Virus FBI Ransomware Cryptovirus

– CryptoLocker– PrisonLocker– HowDecrypt– CryptorBit– CryptoDefense– CryptoWall

Ransomware

http://blogs-images.forbes.com/parmyolson/files/2014/02/cryptolocker.png

CryptoVirus workflowInbound and outbound communication

Infect machine with early stage• Email• Exploit kit• Malvertisin

g• Dropper

1Phone home to Command and Control server to get encryption key

2Encrypt local and network share data• May take hours

to days to fully encrypt

• Makes finding a clean restore difficult

3Ransom user• Establish

deadline and threaten permanent data loss

4

TACTICRansom user for encrypted data

“Signature-based tools (antivirus, firewalls, and intrusion prevention) are only effective against 30–50% of current security threats.”IDCNovember 2011

Test Against Signature Based Tools

http://www.aegiscrypter.com/

New Malware executable is testedagainst AV and UTMs.

If detected, crypter runs againto create zero-day FUD

(Fully UnDetectable)

Getting Around Signatures: Crypters

Strengthening security beyond signatures

Security Playbook

Security Training and Awareness

PatchingBackupsAntiVirusPasswor

ds

Predictive Intelligence

Security Training and Awareness

Help staff be aware of common vectors (spoofed email, advertising, dictionary attacks)

An ounce of prevention is worth a pound of cure – Ben Franklin

We shouldn’t count on technical safety nets

Image courtesy of http://www.pdpics.com/photo/2363-training-glass/

Backups

Set up a backup regime with appropriate Recovery Point Objectives and Recovery Time Objectives.

Don’t just backup files. Backup email. Backup databases. Backup cloud data as well as on-premise data.

Conduct test restores.Image courtesy of https://commons.wikimedia.org/wiki/User:Evan-Amos from https://commons.wikimedia.org/wiki/File:Sega-Saturn-Backup.jpg

Patching

Patching Windows is Critical

Increasing threats coming from other vectors

Passwords

Complex (ie, Long) Change relatively

frequently Incorporate 2 factor

authentication (when possible)

Identity and Access Management

Image courtesy of Akhilan, https://commons.wikimedia.org/wiki/File:Debian_Installation_Password_15.jpg

AntiVirus

Based on definition lists of “Bad Software”

Requires regular full system scans

Growing resource footprint

Predictive Intelligence

Machine Learning & Big Data put to use

‒ DNS Filtering and Insight‒ Reporting and analytics‒ Next Gen Malicious

software detection

Image courtesy of Sam Johnston. Created using OmniGroup's OmniGraffle and Inkscape. https://commons.wikimedia.org/wiki/File:Cloud_computing.svg

Backup and Disaster Recovery for Non-Profits

Community IT Innovators Webinar SeriesUpcoming

February 18, 2016

Author: DuMont Television/Rosen Studios, New York-photographer, Uploaded by We hope at en.wikipedia http://commons.wikimedia.org/wiki/File:20_questions_1954.JPG

Provide feedback Short survey after you exit the webinar. Be sure to include any questions that were not answered.

Missed anything? Link to slides & recording will be emailed to you.

Connect with us

Thank you