Cyber Security Presentation

14/9/17
Town Hall, Oxford
Chris White
 Introduction
South East Regional Organised Crime Unit
(SEROCU)

Comprises police officers and staff from the forces of

• Thames Valley
• Sussex
• Surrey
NCA
• Hampshire

Works in conjunction with

• UK Border Agency Regional Organised
• HMRC Crime Units
• National Crime Agency

Together combatting
cross-border organised crime. Local Forces
 You are under attack!!
• Nature of the threat

- Complex, global and constantly changing

- Perpetrated remotely

- Difficult to trace

- Significant impact

• Threat Actors in Cyber Space

- Hacktivists – to cause disruption

- Criminals – financial

- State sponsored, cyber espionage

- Self taught teenagers

- Insiders
 The Threats
• Forums

• Cyber Crime “As-A-Service”

• Malware

• Exploit Kits

• Intrusion (“Hacking” or unauthorised access to systems)

• DDOS – distributed denial of service

• AVC – any video converter

• APT – advanced persistent attack

• Bulletproof Hosting

• E-Currencies

• Malvertising

• Macro virus
 Cybercrime in Numbers
• 3.9 Million cyber crimes reported in 12 months (2016)
– Up from 2.5 million in 2015
• Office National Statistics state cost to UK economy...
– £27 Billion in 2011
– £49 Billion in 2014
• 82% of SME didn’t think their data was worth stealing
• 28% of businesses reported attacks to police
• SME average cost of a security breach £65K to £115K
• 315000 NEW malicious files a day
• 3000 DDoS attacks per day
• 500K phishing attempts per day
• 2 types of business…

Companies who have been compromised

Companies who don’t know they have been compromised!!
 Cybercrime in Numbers
• 90% of large organisations reported they had suffered an
information security breach, while 74% of small and
medium-sized businesses reported the same
• for companies with more than 500 employees the
average cost of the most severe breach is now between
£1.46 million and £3.14 million
• for small and medium sized business the average cost of
the worst breach is between £75,000 and £310,800
• attacks from outsiders have become a greater threat for
both small and large businesses
• 75% of large businesses and 30% of small business
suffered staff-related breaches
A Local Perspective

WOKINGHAM
HIGH WYCOMBE
BRACKNELL
BUCKINGHAM
BLETCHLEY
MAIDENHEAD
OXFORD
MILTON KEYNES
READING
SLOUGH
0 200 400 600 800 1,000 1,200

Possible Medical treatment & Bankruptcy

 Value of your data

How much would it cost you if..?

1. Your business bank accounts were compromised

2. Your payroll system was deleted

3. Your R&D or contracts were sold to your competitors

4. Your website was unavailable for 24-48 hours

5. Your email or phone system was out of action

Cyber Crime ?

...of cybercrime is preventable

DDOS services for sale
 Distributed Denial of Service
• Low tech skill to execute
• Extortion demands 25 ~ 200 BC
• No guarantees to get data back
• Target significant sales events
• Front for secondary attack
(data exfiltration)

September 2015

• DDoS mitigation
• Threat intelligence
• Response plans

Cost per hour to your online trade???

Cyber Attack
 Ransomeware

•Currently targeting individuals

→ Moving towards businesses

• Demands from £600+

• No guarantees to get data back
• Supporting criminality
• Repeat victimisation
• Backup using an external HDD
• Do it regularly
• Store backup securely

•As of 21/8/17, 1 Bitcoin is worth £3,100

How much is your data worth TO YOU ???

 Malvertising..
• Adult websites fact – 50% likelihood of being exposed to virus

Do you block what sites your employees can visit??

The internet is a global network of linked networks

The OPEN webDarkisNet

estimated to be 4% of the actual web content which is indexed,
visible to search engines and accessed by all. GRAMS I2P
Deep
The Deep Web is NOT the same as the DARK web. Content is NOT indexed and
Net
NOT searchable by search engines and
World Wide
access is restricted by name
Web/ password
e.g. corporate databases

- Prevents third-party monitoring of a user’s internet connection.

Anonymisation Deep
Legitimate reasons?
Web living ToR
under a restrictive Hidden
government,
intellectual property, enhanced security for familiesInternet
etc.
protection of

TOR – freeware, traffic relayed through ‘onion routers’ / ToR relay nodes
Internet Dark Web
Paths between nodes are random, Layers of encryption of transmission data –
each node can only see which node it has received data from and which node it
must send data to. No node can see whole path.
ToR
Anonymisation Hidden Chat
Web
The TOR DARK web - Content hosted by ToR nodes rather than standard web
servers – only accessible through ToR client. Anonymisation for service (site)
operators as well as users. On-line market places for many illegal goods and
services.
 Phishing & Spear Phishing
• Pretend to come from trusted organisations such as:

• banks, credit card companies, online shops and auction sites

• Employees believe it is the IT departments responsibility

• Malware hidden inside CV’s and invoices

• Steganography – code hidden in photos

 Your Passwords Please?

11 Million
• Password policy (repeat passwords)
• Educate staff not to use same ones as personal accounts passwords
• Secondary victims from released dataset stolen!!
 Insider Threat - Op Indium
• Richard Neale sent a “Wipe Command” to
900+ Aviva employees devices – BYOD
• Further access and alterations made into
companies system.
• Tried to hide his involvement by using VPN’s
but forensic investigation identified
incriminating artefacts on his devices.
• Cost the company £500K
• Convicted and serving 18 months
 Data breach notification

General Data Protection

Regulation
becomes enforceable
25 May 2018
Are You Ready?
Global Turnover..
Possible fines of 4%
£1.84b of global turnover or €20M
The response - Target Hardening

• DDoS mitigation
• Firewalls
EDUCATION
• Anti-viruses
EDUCATION
EDUCATION!!!
• Phishing tests
• • Network
Staff awareness campaigns monitoring
•
•
Physical security
• Honeypots
Social Engineering awareness
• Patch mgmt.

• Incident mgmt.
policies (& test!!)
 Government Response
Funding via the National Cyber Security Programme 2011 – £650 million
PURSUE – Criminal
investigations and disruption
activity targeting the top tier
cyber threats
PROTECT – Helping
businesses and the public to
avoid victims of cyber crime
2015 – £1.9 billion
PREVENT – Stopping
individuals becoming involved
in cyber crime
PREPARE – Responding
effectively to major cyber
attacks and mitigating their
impact
 Government Response (cont..)

COLLABORATION
We work with the victims and Emergency Response teams to stop and repair
damage and to ensure that evidence is captured.

TRUST
We understand that the reputational damage to a business is sometimes worse
then the actual offence. We therefore operate confidentially.

SUPPORT
We are happy to investigate without taking a subject to court so that we can
build the intelligence picture to protect UK PLC.

ASSISTANCE
We have access to international law enforcement and intelligence platforms and
networks that could reduce repeat victimisation.
Cyber Essentials
10 steps to Cyber Security
 Reporting Cyber Crime ?

If you or someone else is in immediate danger or risk of harm dial 999 now.

If you are suffering a live cyber attack that is in progress, call now on 0300 123 2040 to report, do
not report using the online tool. This service is available 24 hours a day, 7 days a week for
businesses, charities and organisations. Our advisors are also available 24/7 on web chat if you
have any questions - http://www.actionfraud.police.uk/report-a-fraud-including-online-crime
Cyber Security Information Sharing Partnership
Future Threats...

•Mobile phone malware

•DDoS (IoT)

•Whaling

•Combining tactics

Increasingly overt in nature..

Digital Footprint
 Thank you - Questions?

Chris White
Cyber Protect / Prevent Police Sergeant
South East Regional Organised Crime Unit
Twitter: @SouthEastROCU
Email: cyberprotect@serocu.pnn.police.uk

Helpful twitter feeds to follow for guidance and advice

@GCHQ @CityPoliceFraud @GetSafeOnline

@ncsc @cyberawaregov @NCA_UK
@SouthEastROCU