Upload File

breaking in and breaking records – a look back at 2016 cybercrimes

  • Home
  • Technology
  • Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes
21
Breaking In and Breaking Records: A Look Back at 2016 Cybercrimes Travis Smith, Senior Security Researcher Chris Conacher, Manager, Security Content and Research

Upload: tripwire

Post on 07-Jan-2017

181 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

Breaking In and Breaking Records:A Look Back at 2016 CybercrimesTravis Smith, Senior Security ResearcherChris Conacher, Manager, Security Content and Research

Page 2: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

2

Hollywood Presbyterian Medical CenterFebruary 15

Page 3: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

3

Page 4: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

4

Hollywood Presbyterian Medical Center

Allen StefanekCEO, CHA Hollywood Presbyterian Medical Center

February 15

The quickest and most efficient way to restore our systems and administrative

functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.

Page 5: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

5

Decryption Keys Available

Link to nomoreransomware.com

NoMoreRansom.org

Page 6: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

6

iPhone HackingSan Bernardino Shooter iPhone

Page 7: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

7

BadLock BustApril 12

Page 8: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

8

Page 9: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

9

Page 10: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

10

DNC Hacked, A Tale of Two Attackers

First Attacker had persistence for over a year, siphoned communications Second Attacker had persistence for months, stole research on Donald Trump Both groups believed to be Russian affiliated National Republican Senatorial Committee (NRSC) also hacked, siphoning off

credit card data

June

Page 11: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

11

Attribution

TTPs – Tactics, Techniques, and Procedures C2 Addresses Used Re-Used Certificates Data Dumps Translated Into Cyrillic

How It’s Done

?

Page 12: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

12

Page 13: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

13

Page 14: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

14

Mirai Botnet Emerges

620 - 665 Gbps DDOS attack against Brian Krebs' website Not an amplification or reflection attack, but launched from hacked IoT Devices Source code released October 1st

Rumors that Liberia was knocked offline by the Botnet on Oct 4, but probably not true

October 21, Mirai brings down Twitter, Amazon, Reddit, GitHub, Netflix, among others.

September 20

Page 15: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

15 SOURCE: Cisco

0

10

20

30

40

Bill

ions

of d

evic

es

1988 1992 1996 2000 2004 2008 2012 2016 2020

GROWTH IN THE INTERNET OF THINGSThe number of connected devices will exceed 50 Billion by 2020

19921M

20030.5B

2009IoT

Inception

20128.7B

201311.2B

201414.2B

201518.2B

201622.9B

201728.4B

201834.8B

201942.1B

202050.1B

Page 16: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

16

Update Classes

Manual Search

Unsupported Devices User Notifications

Auto Updating

Page 17: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

17

Windows UpdatesOctober

Page 18: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

18

More Vulnerabilities

As Of December 13, 2016

All Year

CVE (v2 Scores) 2015 2016High 2,408 2,339Medium 3,489 3,144Low 591 574Total 6,488 6,112

MS Security Bulletins 2015 2016Critical 35 61Important 92 86Moderate 8 6Total 135 153

Page 19: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

19

Old Microsoft Bulletin Pagehttps://technet.microsoft.com/en-us/security/bulletins.aspx

Page 20: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

20

New Microsoft Security Portalhttps://portal.msrc.microsoft.com/en-us/

Page 21: Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

Thank You!


Legal records, confidentiality and access: breaking …...3rd LRAR Seminar 27/10/2017 Page 1 of 28 Legal records, confidentiality and access: breaking down the barriers The 3rd Legal

20130326 cybercrimes part1_gadomsky

The science behind breaking world records

Legal records, confidentiality and access: breaking down ......3rd LRAR Seminar 27/10/2017 Page 1 of 28 Legal records, confidentiality and access: breaking down the barriers The 3rd

Breaking the Barriers of Traditional Records Managementmoreq2.eu/attachments/article/351/20081212_DLM Forum_Breaking the... · Breaking the Barriers of Traditional Records Management

Unit 1 Breaking records The Road Is Always Ahead Of You

Panel: Cybercrimes and the Domestication of International

Breaking the Barriers of Traditional Records Management Forum_Breaking... · Breaking the Barriers of Traditional Records Management Dr. Ulrich Kampffmeyer DLM Forum Conference Toulouse,

Cybercrimes Investigation

INVESTIGATION OF TERRESTRIAL AND CYBERCRIMES, … · 2018-09-09 · INVESTIGATION OF TERRESTRIAL AND CYBERCRIMES, NATIONAL SECURITY THREATS AND COUNTER-INTELLIGENCE: BRAIN FINGERPRINT

RECOGNITION ROCKSTARS - Seacret Intelblog.seacretdirect.com/.../2016/12/US_Recognition_Rockstars_16122… · RECOGNITION ROCKSTARS Breaking pins and breaking records! Check out the

Breaking Fitness Records without Moving: Reverse Engineering and Spoo ng Fitbithomepages.inf.ed.ac.uk/ppatras/pub/raid17.pdf · 2017-09-15 · Breaking Fitness Records without Moving:

[EN] Breaking the Barriers of Traditional Records Management | Ulrich Kampffmeyer | DLM Forum 2008

Social News for Social Good: Building Buzz and Breaking Records with Digg

MAKING AND BREAKING RECORDS: ENTERTAINMENT … · Making and Breaking Records: Entertainment ... A Queens of the Stone Age: Songs for the Deaf RIAA Certiied Gold Presentation Album

THE TOP 5 CYBERCRIMES

Be in the know: The Cybercrimes Bill

FHM Breaking All Records Yet Again! - Taiwan Quality … Breaking All Records Yet Again! ... FHM 2015 returned even bigger and better than before with a record 9 halls ... Indonesia,

Combating-cybercrimes-in-India (1)

CATALOGO DE PRODUCTOS BREAKING RECORDS COMPANY

GTC 2016 Europe: Breaking New Database Performance Records with GPUs

ASSESSMENT OF FACTORS AFFECTING CYBERCRIMES …

The Fight Against Cybercrimes in Tanzania

Unit 1 Breaking records

isn’t the only thing Breaking Records - AGC San Diego MMQB Article for Joint Safety 2012.pdf · The heat wasn’t the only thing breaking records. ... Cal/OSHA Appeals ... The employer

Evolution of Cybercrimes and Social Engineering

2014 Cybercrimes Problem

The Challenges Of Cybercrimes In International Business

CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES

criminal liability for cybercrimes: Ukrainian-style

BREAKING RECORDS ARCHITECTURE AND HISTORY

The Top 5 Cybercrimes - AICPA ..... 3 Scope of Cybercrimes..... 4 ... The Top 5 Cybercrimes is among the resources that the AICPA offers to assist CPAs in addressing cybercrime. It

BREAKING RECORDS

Breaking the Barriers of Traditional Records Management · 12/12/2008  · Breaking the Barriers of Traditional Records Management Dr. Ulrich Kampffmeyer DLM Forum Conference

A CRITICAL EXPOSITION OF THE NIGERIAN CYBERCRIMES