fraud awareness seminar awareness seminar... · 2018-11-14 · computer forensics fraud examination...
TRANSCRIPT
Fraud Awareness Seminar
From Princes to MuddyWater
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 2
Presenters
Emmanuel Adigun
• Senior Manager – Risk Advisory• Vulnerability Management (Ethical hacking)
Lucas Chiloane
• Senior Manager – Risk Advisory• Cyber Forensics
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 3
What is Cyber Crime
Cyber crime
Cyber crime – A crime or other offence committed through the
use of the Internet aided by electronic
communications/systems and/or devices. It is any criminal activity
involving computers and networks.
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 4
Cyber Crime
• Somewhat predictable
• Bound to specific location
• Paper trail
• Set motive
• ID
• Could be anywhere
• No profile
• Bits and Bytes
• Unpredictable
• Volatile
• IP
• Open source
Traditional Criminal
Cybercriminal
Traditional Criminal Vs. Cybercriminal
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 5
Cyber Crime
Traditional Criminal Vs. Cybercriminal
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 6
Cyber CrimeCyber Crime - Forms/Techniques
Identity Theft
Fake Mobile Apps
Piracy CrimewarePhishing/
Vishing
Cyber Bullying
Ransomware ExtortionSocial
Engineering
Web Jacking/
Hoax Email
Espionage Cyberattack
DDoSFake Job
OffersSalami Slicing
Cryptomining
Cyber Terrorism
Hacking
Cyber-squatting
Pharming
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 7
Cyber CrimeThe Dark/Deep Web – Things that can be found…
Intelligence acquisition
(Sources)
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 8
Cyber CrimeThe Dark/Deep Web – Things that can be found
Intelligence acquisition
(Sources)
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 9
Cyber Crime
eCrime
Networks
Deep Web
Indexed
InternetMonitoring
FeedsCrawlersManual
searches
InfiltrationHacking,
Carding, andHacktivism
forums
The Dark/Deep Web
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 10
Cyber CrimeTypical Approach
• Business Intelligence
• Electronic discovery & data collection
• Data analytics
s Intelligence
Primary Components
Computer Forensics
Fraud Examination (Forensic Accounting)
Interviews
Business Intelligence
• Detailed review of documents & data
• Fraud examination techniques
• Information-seeking & administration-seeking interviews
• Questions (incorporate findings from document review process)
• Interview techniques
• Documentation and analysis of responses
• Individual/company background search
Email, IM, Text Message & Voicemail Reviews
• Keyword searches
• Analysis and screening of hit rates
• Document review/2nd level review
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 11
Cyber CrimeIdeal Approach
Interviews
Incident Response
Digital Forensics
Service Providers
Malware Analysis
Cyber Crime
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 12
Cyber CrimeChallenges
Multi jurisdictions
Witnesses
Logistics and practicality
Encryption/destruction
of evidence by accused
Nature (Intangible)
Incarceration
Locating relevant evidence
Identifying (without a shadow of
doubt) Suspects
Cyber crime Investigation:Some of the Challenges
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 13
Cyber Crime
Lack of awarenessToo much reliance on
antivirus
No backups No logs
No incident response planDisconnect between IT and
leadership
People Reactive
Lack of skills/training Security is an IT issue
Cyber Crime:Why is it still
a thing…
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 14
Cyber CrimeRecent engagements
2
Deloitte assisted a major manufacturing client to investigate a case of fraudulent activity on their accounting system. Deloitte investigated the people, process and technology parts of the business.
By analysing system logs, we were able to identify access times and people involved in the fraud.
Deloitte was able to pinpoint the fraudulent activity to an employee within the client’s organization
1
In early 2017, Deloitte Cyber Incident response (CIR) personnel was contacted by a software company to assist with ongoing incident response activities involving unusual behaviour detected on one of their servers.
As a result of this analysis, Deloitte was able to identify major points of interest regarding the timeline of a malware infection, portions of the communication activity initiated by the malware, and its general activities on the network.
Our analysis, based on the behavioural indicators from the malware analysis suggests that the malware packages appear to be relatively common and indicate that they were all related to a single hacker group named “legenda”.
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 15
Cyber CrimeIncident Response
In September 2018, Deloitte investigated a ransomware
infection at a major manufacturing client in SA via
their subsidiary in the US
Some wins…despite the challenges (Deloitte)
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 16
Cyber CrimeTrending
RansomwareWannacry…Petya
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 17
Cyber CrimeTrending
Cryptomining
© 2018. For information, contact Deloitte Touche Tohmatsu Limited 18
Cyber CrimeTrending
Business Email Compromise
Questions
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and its member firms.
This communication is for internal distribution and use only among personnel of Deloitte Touche Tohmatsu Limited, its member firms, and their related entities (collectively, the “Deloitte network”). None of the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication.
© 2018. For information, contact Deloitte Touche Tohmatsu Limited