Taking cybercrime seriously

26
TAKING CYBERCRIME SERIOUSLY How Law Firms Have Been Attacked Addison Cameron-Huff, J.D. | www.cameronhuff.com | January, 2014

Transcript of Taking cybercrime seriously

Page 1: Taking cybercrime seriously

TAKING CYBERCRIME SERIOUSLY

How Law Firms Have Been Attacked

Addison Cameron-Huff, J.D. | www.cameronhuff.com | January, 2014

Page 2: Taking cybercrime seriously

LAW FIRMS

ARE JUICYTARGETS

Photo by Sam_Catch (Flickr)

Page 3: Taking cybercrime seriously

SECRETSSECRETS

Photo by @horrigans (Flickr)

Page 4: Taking cybercrime seriously

2011: BAY ST. HACKEDRE: POTASH DEAL

Page 5: Taking cybercrime seriously

STATE ESPIONAGE?

Page 6: Taking cybercrime seriously

SHHHH…Attack Methods Are Same As For $$

$

Page 7: Taking cybercrime seriously

MONEYMONEYPhoto by @coffeego

(Flickr)

Page 8: Taking cybercrime seriously

“SIX FIGURE LOSS” AT TORONTO FIRM IN 2012

Page 9: Taking cybercrime seriously

2013: US LAW FIRM HACKED FOR $336K

Page 10: Taking cybercrime seriously

WIRE TRANSFERS + ACH TRANSFERS

Trust Accounts = $$$, Payroll = $$$

Page 11: Taking cybercrime seriously

2013: US TITLE COMPANY LOSES $1.7M VIA ACH

Page 12: Taking cybercrime seriously

BITCOIN RANSOMWARE

Cryptolocker: 2013’s Fun New Method

Page 13: Taking cybercrime seriously

Screenshot by F-Secure

Page 14: Taking cybercrime seriously

HOW?HOW?Photo by Leigh Ann on

Flickr

Page 15: Taking cybercrime seriously

WEBSITEEXPLOITSSPEAR

PHISHING

Page 16: Taking cybercrime seriously

SPEAR PHISHING1) Email 2) Malware 3) Record

keyboard

Page 17: Taking cybercrime seriously

LAW FIRM BOOKKEEPER HACKED

Page 18: Taking cybercrime seriously

FAKE BANK SITE + FAKE PHONE CALLS

Page 19: Taking cybercrime seriously

WEBSITE EXPLOITS1) Attack public site 2) Gain internal

access

Page 20: Taking cybercrime seriously

TARGET: 110 MILLION CUSTOMERS AFFECTED

Page 21: Taking cybercrime seriously

Internal Server

Point of Sale

Terminals

Thief Server(s)

1) Thieves break into public website

2) Find important internal servers

3) Deploy exploit on POS devices

4) Steal 110 million credit cards & PII

Photo by @Roadsidepictures (Flickr)

Page 22: Taking cybercrime seriously

70 CLASS ACTIONS FILED SO FAR

Page 23: Taking cybercrime seriously

STOP KIDDING YOURSELF

You don’t have better security than Target

Page 24: Taking cybercrime seriously

PLAINTEXT PASSWORDS

You’re as secure as the sites you use

Page 25: Taking cybercrime seriously

NOW WHAT?NOW WHAT?

Page 26: Taking cybercrime seriously

LEARN MOREhttp://www.cameronhuff.com/blog/security

Addison Cameron-Huff, J.D. | www.cameronhuff.com | January, 2014