1. CORPORATE ACCOUNT TAKEOVER (CATO) Protecting your accounts
from Cyber Criminals
2. CORPORATE ACCOUNT TAKEOVER (CATO) Preparing for CATO (What
this presentation covers) What is CATO? How does it work? Where do
the attacks come from? How do you know if your computer is
compromised? How should you respond? How do you protect yourself
from cyber attacks?
3. CORPORATE ACCOUNT TAKEOVER (CATO) What is CATO? An evolving
electronic crime Typically exploits businesses of all sizes
Companies with limited to no computer safeguards Companies with
minimal or no disbursement for controls with online banking
accounts
4. CORPORATE ACCOUNT TAKEOVER (CATO) How does it work?
Criminals are after money Emails with infected links (phishing) or
infected websites Victim clicks on the infected website or a link
in the email Criminals will monitor infected computers for days,
weeks, and even months
5. CORPORATE ACCOUNT TAKEOVER (CATO) How does it work?
Criminals watch victims log on to Online Banking When the time is
right, the criminals hijack the computer Most attacks occur before
a holiday After hours After a token is used, hijack the session,
and return a message
6. CORPORATE ACCOUNT TAKEOVER (CATO) Where do the attacks come
from? Top 3 Countries accounted for 71% of attacks 1. China 43% 2.
Indonesia 15% 3. United States 13% Rest of the world accounted for
29% of attacks *Source: Daily Mail
(http://www.dailymail.co.uk/sciencetech/article-2779734/China-internet-attack-capital-world-Almost-
HALF-hacks-viruses-originate-country.html)
7. CORPORATE ACCOUNT TAKEOVER (CATO) *Source: Daily Mail
(http://www.dailymail.co.uk/sciencetech/article-2779734/China-internet-attack-capital-world-
Almost-HALF-hacks-viruses-originate-country.html)
8. CORPORATE ACCOUNT TAKEOVER (CATO) Which industries are most
targeted? Q1 2015 1. Gaming 35% 2. Software and technology 25% 3.
Internet and telecom 14% 4. Financial services 8.4% 5. Media and
entertainment 7.5% 6. Education 5% 7. Retail and consumer goods
2.3% 8. Public sector 2% *Source: Akami Technologies. "The State of
the Internet"
9. CORPORATE ACCOUNT TAKEOVER (CATO) 0.0% 5.0% 10.0% 15.0%
20.0% 25.0% 30.0% 35.0% 40.0% Gaming Software and Technology
Internet and Telecom Financial Services Media and Entertainment
Education Retail and Consumer Goods Public Sector Percentage
Attacks Target Industries Attacks *Source: Akami Technologies. "The
State of the Internet"
10. CORPORATE ACCOUNT TAKEOVER (CATO) What forms do attacks
come in? Malware Phishing Malicious websites (this includes social
networks) P2P Downloads Ads from popular websites
11. CORPORATE ACCOUNT TAKEOVER (CATO) Examples of Malware
13. CORPORATE ACCOUNT TAKEOVER (CATO) How do you know if your
computer is compromised? 1. Inability to log into online banking
(thieves could be blocking access so that you would not see the
theft until the criminal has control of the money). 2. Sudden and
dramatic loss of computer speed. 3. Changes in the way things
appear on the screen. 4. Computer locks up so the user is unable to
perform any functions. 5. Unexpected rebooting or restarting of
computer.
14. CORPORATE ACCOUNT TAKEOVER (CATO) How do you know if your
computer is compromised? 6. Unexpected request for a one-time
password (or token) in the middle of an online session. 7. Unusual
pop-up messages, especially a message in the middle of a session
that says the connection to the bank system is not working (system
unavailable, down for maintenance, etc.). 8. New or unexpected
toolbars and/or icons. 9. Inability to shut down or restart the
computer.
15. CORPORATE ACCOUNT TAKEOVER (CATO) How do you protect
yourself from cyber attacks? Preparation and education are key
Train your employees Secure computers and networks Limit
administrative rights Enable spam filters Be careful on the
Internet
16. CORPORATE ACCOUNT TAKEOVER (CATO) How do you protect
yourself from cyber attacks? Allow security patches Adobe, Java,
etc. Prevent pop-ups Do not open attachments from suspicious emails
Reconcile accounts daily Note changes in computer performance
17. CORPORATE ACCOUNT TAKEOVER (CATO) How do you protect
yourself from cyber attacks? Develop an incidence response plan
Know who to involve Create a central point of contact or leadership
team Must have authority to act Should be at the highest level in
executive management (or have full backing of executive
management)
18. CORPORATE ACCOUNT TAKEOVER (CATO) How do you protect
yourself from cyber attacks? Develop an incidence response plan
(continued) Create a central point of contact or leadership team
Have pre-established contacts for: financial institutions, law
enforcement, third-party technical support, and legal support
Control physical access to computers and network components Log and
report the sequence of events or incidents Preserve all evidence
and maintain a chain-of-custody
19. CORPORATE ACCOUNT TAKEOVER (CATO) How do you protect
yourself from cyber attacks? Trace evidence provides help to
forensic teams Install a strong log-management program Prevention
Firewalls Data-loss prevention systems Intrusion detection systems
Access control lists Anti-virus and malware protection
20. CORPORATE ACCOUNT TAKEOVER (CATO) How should you respond?
Immediate Steps to limit further unauthorized transactions 1.
Initiate incidence response plan 2. Contact financial institution
(FI) immediately a) Have a prepared list of key FI employees to
contact 3. Change password(s) 4. Disconnect computers used for
Internet banking 5. Request temporary hold on all other
transactions 6. Contact local law enforcement a) Specifically the
Cyber Crime units of local law enforcement 7. Contact state and
federal agencies if necessary
21. CORPORATE ACCOUNT TAKEOVER (CATO) How should you respond?
Secondary Steps 1. Contact your insurance carrier 2. Contact legal
counsel 3. Hire a third-party forensic company
22. CORPORATE ACCOUNT TAKEOVER (CATO) Final thoughts Stay up to
date with the latest best-practices Be cautious of emails from
unknown senders, pop-ups, etc. Invest in cyber security Ask
questions