Академический Документы
Профессиональный Документы
Культура Документы
14/9/17
Town Hall, Oxford
Chris White
Introduction
South East Regional Organised Crime Unit
(SEROCU)
Together combatting
cross-border organised crime. Local Forces
You are under attack!!
• Nature of the threat
- Perpetrated remotely
- Difficult to trace
- Significant impact
- Criminals – financial
- Insiders
The Threats
• Forums
• Malware
• Exploit Kits
• Bulletproof Hosting
• E-Currencies
• Malvertising
• Macro virus
Cybercrime in Numbers
• 3.9 Million cyber crimes reported in 12 months (2016)
– Up from 2.5 million in 2015
• Office National Statistics state cost to UK economy...
– £27 Billion in 2011
– £49 Billion in 2014
• 82% of SME didn’t think their data was worth stealing
• 28% of businesses reported attacks to police
• SME average cost of a security breach £65K to £115K
• 315000 NEW malicious files a day
• 3000 DDoS attacks per day
• 500K phishing attempts per day
• 2 types of business…
WOKINGHAM
HIGH WYCOMBE
BRACKNELL
BUCKINGHAM
BLETCHLEY
MAIDENHEAD
OXFORD
MILTON KEYNES
READING
SLOUGH
0 200 400 600 800 1,000 1,200
September 2015
• DDoS mitigation
• Threat intelligence
• Response plans
TOR – freeware, traffic relayed through ‘onion routers’ / ToR relay nodes
Internet Dark Web
Paths between nodes are random, Layers of encryption of transmission data –
each node can only see which node it has received data from and which node it
must send data to. No node can see whole path.
ToR
Anonymisation Hidden Chat
Web
The TOR DARK web - Content hosted by ToR nodes rather than standard web
servers – only accessible through ToR client. Anonymisation for service (site)
operators as well as users. On-line market places for many illegal goods and
services.
Phishing & Spear Phishing
• Pretend to come from trusted organisations such as:
11 Million
• Password policy (repeat passwords)
• Educate staff not to use same ones as personal accounts passwords
• Secondary victims from released dataset stolen!!
Insider Threat - Op Indium
• Richard Neale sent a “Wipe Command” to
900+ Aviva employees devices – BYOD
• Further access and alterations made into
companies system.
• Tried to hide his involvement by using VPN’s
but forensic investigation identified
incriminating artefacts on his devices.
• Cost the company £500K
• Convicted and serving 18 months
Data breach notification
• DDoS mitigation
• Firewalls
EDUCATION
• Anti-viruses
EDUCATION
EDUCATION!!!
• Phishing tests
• • Network
Staff awareness campaigns monitoring
•
•
Physical security
• Honeypots
Social Engineering awareness
• Patch mgmt.
• Incident mgmt.
policies (& test!!)
Government Response
Funding via the National Cyber Security Programme 2011 – £650 million
2015 – £1.9 billion
COLLABORATION
We work with the victims and Emergency Response teams to stop and repair
damage and to ensure that evidence is captured.
TRUST
We understand that the reputational damage to a business is sometimes worse
then the actual offence. We therefore operate confidentially.
SUPPORT
We are happy to investigate without taking a subject to court so that we can
build the intelligence picture to protect UK PLC.
ASSISTANCE
We have access to international law enforcement and intelligence platforms and
networks that could reduce repeat victimisation.
Cyber Essentials
10 steps to Cyber Security
Reporting Cyber Crime ?
If you or someone else is in immediate danger or risk of harm dial 999 now.
If you are suffering a live cyber attack that is in progress, call now on 0300 123 2040 to report, do
not report using the online tool. This service is available 24 hours a day, 7 days a week for
businesses, charities and organisations. Our advisors are also available 24/7 on web chat if you
have any questions - http://www.actionfraud.police.uk/report-a-fraud-including-online-crime
Cyber Security Information Sharing Partnership
Future Threats...
•DDoS (IoT)
•Whaling
•Combining tactics
Chris White
Cyber Protect / Prevent Police Sergeant
South East Regional Organised Crime Unit
Twitter: @SouthEastROCU
Email: cyberprotect@serocu.pnn.police.uk