Chamber Forum Workshop

TITLE:

CYBERSECURITY CONFERENCE

Chamber Forum Facilitator:

Quadri Consulting LTD

Jeremy Quadri

Date: 10.12.2015

ABOUT THE CHAMBER OF COMMERCE

• INDEPENDENT AND NOT-FOR-PROFIT ORGANISATION

• LINKS TO OVER 5,000 LOCAL BUSINESSES FROM FTSE 100 COMPANIES TO BUSINESS CONSULTANTS.

• FACILITATE BROAD RANGE OF MONTHLY EVENTS; E.G.

• BUSINESS BREAKFASTS, CONFERENCES, MASTERCLASSES

• MEMBERSHIP INCLUDES 12 HOURS FREE ONE-TO-ONE BUSINESS MENTORING

• ADVERTISING AND SPONSORSHIP OPPORTUNITIES

Jeremy Quadri

- Director of Quadri Consulting Ltd

- Director of TopDevCentral Ltd

- BEng (Hons) Degree - Electrical & Electronics Engineerv1992

- IT Security Professional at Cable&Wireless Since 1998

- CISSP Certified (372063)

- Certified Ethical Hacker Certification

- Offensive Security Certified Professional certification (OSCP)

- CompTIA SY0-301 Security+

- InfoSec Institute Web Application Security Certified

- OWASP - Testing Secure Web Applications

TopDevCentral Ltd

Custom Software Development

Team augmentation

Data Warehousing/Big Data

BI Development

Project Rescue

Quadri Consulting Ltd

Vulnerability Scanning Penetration Testing Professional Services

Threat Management

Awareness Training BI Development

Services

Why Are We Here?

What is Cybersecurity?

Who’s responsibility is it to keep cyber safe?

The Government or the private sector ?

Why YOU may become the next victim?

Who is doing the attacking?

What do they attack?

Why do they attack?

How to protect yourself, your family, and your business!

WHY THIS IS

IMPORTANT

~ A LITTLE HISTORY~

90% of large organisation and 74% of small businesses reported some form

of data breach

Online attacks have grown by 66% since 2009.

Cyber crime costs the UK economy £27bn a year

158 new malware created EVERY MINUTE : PandaLabs

One for each one of us

• Facebook Sees 600,000 Compromised Logins Per Day :TechCrunch

UK HACKED SITES

Hackers Don't Have Rules, Regulations

They Don’t Have To Meet Compliance Such

as PCI, Data Protection, ISO 27001 Etc...

COMMON FALSE RATIONALES?

• There’s Nothing A Hacker Would Want On My PC.

• I Don’t Store Sensitive Information On My PC.

• I Only Use It For Checking E-mails.

• My Company Isn’t Big Enough To Worry About

Hackers?

• Online Stores Will Keep Our Details Safe

How Valuable Is AHacked Workstation

Websites & Blogs

WordPress is used by 60.9% of all the websites.

1. Use the latest version of core and plugins.2. Use strong passwords. For more security

enable a 2-factor plugin3. Get DDOS protection?

CLIENT SIDE ATTACK

DEMO

WHAT AN ATTACK MIGHT LOOK

LIKE

Your data has been encrypted by ransomware malware/virus?

What is Bitcoin?

Bitcoin vs USD chart statistics

Your data has been encrypted by ransomware malware/virus?

HELPFUL TIP #6: WHAT TO DO IF

BREACHED

1. Reboot your computer, choose safe mode. (Can someone tell me how to boot into safe mode —(press & hold the F8 key)

2. Install a Good Anti-virus

3. Run a Scan With Anti-Virus

4. Bios infected seek professional help

DARK WEB

1.ORIGINAL UK PASSPORTS : HTTP://VFQND6MIECCQYIIT.ONION/

2.RENT A HACKER: HTTP://2OGMRLFZDTHNWKEZ.ONION/

3.ASSASSIN FOR HIRE IN EUROPE: HTTP://YBP4OEZFHK24HXMB.ONION/

4.EUROPEAN BASED ARMS-DEALER: HTTP://2KKA4F23PCXGQKPV.ONION/

5.EU DRUG SALE: HTTP://S5Q54HFWW56OV2XC.ONION/

6.COUNTERFEITS CURRENCY: HTTP://Y3FPIEIEZY2SIN4A.ONION/,

HTTP://SLA2TCYPJZ774DNO.ONION/

7.BUY A PAYPAL ACCOUNT & CLONED CARDS :

What sort of things can you find on the deep web

HELPFUL TIP #1: BACKUP YOUR

DATA

1. Run Daily Backups of Critical Data

2. Automated Offsite Backups Are Invaluable

3. Check / Test Your Data Backups Monthly (Minimum)

50% of SMB’s Have No Backup & Disaster Recovery PlanOnly 28% Have Tested Their Plan

HELPFUL TIP #1: BACKUP YOUR

DATA

Why is Payment card data an attractive

target to hackers

HELPFUL TIP #2: BANK CARD RULES

• LOOKOUT FOR THE HTTPS LOCK ICON

• AVOID SHOPPING OVER OPEN WI-FI

• SECURE YOUR HOME NETWORK

• DISABLE PHONE WI-FI & BLUETOOTH WHEN NOT IN USE

• STICK TO REPUTABLE RETAILERS ONLY

How They Get Paid

REAL VALUE?

One prominent credential sellerin the underground reported:

• iTunes accounts for $8

• Fedex.com, Continental.com andUnited.com accounts for USD $6

• Groupon.com accounts fetch $5

• $4 buys hacked credentials at registrar andhosting provider Godaddy.com, as well aswireless providers Att.com, Sprint.com,Verizonwireless.com, and Tmobile.com

• Active accounts at Facebook and Twitterretail for just $2.50 each

93% of companies that lose their data - file for

bankruptcy within 1 year [National Archives]

“3D PRINTING AND CREDIT CARD

SKIMMERS!”

HELPFUL TIP #3: MULTIPLE BANK

ACCOUNTS

One Account for Payroll and Taxes

– NO DEBIT OR CREDIT CARDSASSOCIATED WITH THIS ACCOUNT

2.

3.

4.

Check for padlock when

shopping online

5.

Place your hand over the keyboard

when entering your pin

One Account for Operations & Expenses

Don't let your card's out of your site when shopping

Password

Examples

Social

Password Hacking Demo

HELPFUL TIP #4: PASSWORD RULES

1. DON’T SHARE PASSWORDS

– This includes your “IT Guy”

– Type your password for them

One Password Per Account

2.

3. No Password POST-IT NOTES!

4. Change Your Password Every 60 Days

5. Use a phrase with numbers and characters:

“I Only Have Eyes For You”

”!0hE4uAug”

6. Use a password manager

HELPFUL TIP #5: WINDOWS FIREWALL &

UAC

1. Re-Enable Windows Firewall

2. Install CurrentAntiVirus Software (and keep it current please)

3. Enable UserAccess Control (UAC)

-- We know it is considered obnoxious, but it really does work to help prevent attacks against your workstation

>> Control Panel> User Accounts

4. Seek professional help to secure yourbusiness network

HELPFUL TIP #7: WORK SMARTER

1. Name

2. Address

3. Phone

4. DOB?

5. Education (College/High School)

6. Mother’s Maiden Name?

7. Mothers fathers name

8. Friends names

9. Children’s names

10. Children's school

11. Children's DOB

12. Pets name13. Browsing habits (websites, services,

hobbies, likes, etc…

14. Don't include passport photograph's

on social media

SOCIAL MEDIA AND PHISHING

1. Know who is authorized to add

content

2. Type of content allowed

3. Who has access

4. Who has login info

5. Which sites are used

6. Employee Termination Policy

According to a Microsoft study, phishing via social

Networks grew from 8.3% in 2010 to 84.5% in

2011 (increasing steadily since then)

Find out what percentage of your employees are Phish-prone™ with our free test

https://www.knowbe4.com/phishing-security-test-offer

PHONE HACKING DEMO

If You Allow Users To Access

• Corporate E-mail

• Corporate Data

• Remote Access To Corp Network

Then You MUST have Mobile Device

Management and use a policy to

ensure You Can Wipe Your Corporate

Data If The Device Is Lost Or Stolen.

-Install Tracker application on your smartphone, it could help trace

your device if stolen

-London: Most Of Crimes Reported Are Phone Theft

Where Do Employees Leave Your Corporate

Data And Email?

Put A

Lock On

Your

Phone

TODAY!

PERKELE: ANDROID MALWARE KIT

1. Can Help Defeat Multi-factor Authentication Used By Many Banks

2. Interacts With A Wide Variety OfMalware Already Resident On AVictim’s PC

3. WhenA Victim Visits His Bank’s Web Site, The Trojan Injects Malicious Code Prompting The User To Enter His Mobile Information, Including Phone Number And OS Type

When the bank sends an SMS with a one-time code,

Perkele intercepts that code and sends it to the

attacker’s control server. Then the malicious script

completes an unauthorized transaction.

THE MOST SECURE WAY TO COMMUNICATE

1. A LETTER SENT THROUGH SNAIL MAIL. (BY CONVENTIONAL POSTAL DELIVERY

SERVICES)

2. OVERNIGHT PACKAGE SUCH AS FEDEX OR UPS.

3. A CALL MADE FROM ONE PREVIOUSLY UNUSED CELL PHONE TO ANOTHER

PREVIOUSLY UNUSED CELL PHONE.

1. Tor

2. Red Phone Free, Worldwide, Encrypted Phone Calls everything

is end-to-end encrypted

3. Signal Desktop [https://whispersystems.org/blog/signal-

desktop/]

Modern secure privacy tools

Traditional

TOP 6 BEST ANTIVIRUS FOR ANDROID

Anti-theft, lost phone check

1.Avast Mobile Security & Antivirus FREE

2. 360 Security – Antivirus FREE

4. CM Security Antivirus Applock by Cheetah Mobile — FREE

5. AVG Anti-Virus Security – FREE

6. Kaspersky -

Train Staff On Social Engineering!

Know The Source

Limit Telephone Information Sharing

Physical Security

Wireless “Hot Spots” & Hotel Internet

Your Equipment @ Offsite Locationsincluding Starbucks & Conferences

Ability To Disable The Device If It’s Lost OrStolen (LoJack, Encryption, Etc.)

HELPFUL TIP #8: COMMON SENSE SECURITY

Use Malware protection

Encrypt Your Hard Drive

Use Email Hygiene Provider / Service

Use Server Based Group Policies

Use MSP to Manage Company Firewall(s)

Establish Company-wide Data Policies

HELPFUL TIP #9: ADVANCED SECURITY TIPS

All You Needed In The 80’s

Tape Backup

A Good Mullet

An Afro

Patch Management

Force Password Changes

Implement Password Policies

Secure ALL Mobile Devices

Review Workstation Security

Review Network Security

Enforce Content Filtering

HELPFUL TIP #10: PATCHES, UPDATES, & YOUR

NETWORK

WHAT’S NEXT ON CYBERCRIMINALS

AGENDA?

1. WebsiteAccounts: Twitter,

Facebook, Pinterest,

YOUR WEBSITE

2. Home Automation

Systems

3. Video Conferencing

Systems

4. Video Surveillance

Systems

5. Refrigerator and Other Network

Appliances

6. HVAC Systems

7.

8.

Automobiles, Phones, &

Televisions

All IOT ( internet of things )

** Recent Paid Test Results In Disabled Brakes**

What’s Next on YOUR Agenda?

Network Security Audit

1. Fill Out The Audit Contact Form

2. Business Development Will Schedule An On-site Pre-Audit Meeting

3. Engineer Will Be Scheduled For On-site Visit

4. Engineer and Business DevelopmentWill Discuss The Findings Of The Audit

5. Follow Up Client Meeting To Discuss Recommendations And Findings Of The Audit

WHAT HAPPENS NEXT?ONE OF TWO THINGS HAPPENS

1. Do You have a security plan ?

Can you implement it in house ?

3. Can you to outsource it ?

2.

Analyse

Plan

Design

Implement

Operate

Optimize

Analyse

Plan

Design

Implement

Operate

Optimize

WHAT HAPPENS NEXT?ONE OF TWO THINGS HAPPENS

2. You love the plan and ask us to

get you protected ASAP.

If that’s the case, we’ll knock it out of the park

... and that’s a promise.

QUESTIONS?

Founded 2013

About

Quadri Consulting

QUADRI CONSULTING LTD

3rd Floor

207 Regent Street

London

W1B 3HH

UK

www.quadriconsulting.com

Phone+44-0800-044-5840

RECAP ON THE QUADRI CONSULTING LTD

• NEXT WORKSHOP WILL BE MARCH 2016 ON THE SAME

SUBJECT WITH MORE HACKING

• BEERS, CONFERENCES, MASTERCLASSES

• INCLUDES 1 HOUR FREE HACKING MENTORING

• ADVERTISING AND SPONSORSHIP OPPORTUNITIES