WIXLIB

Randy RomesCISSP, CRISC, MCP, PCI-QSAPrincipal – Information SecurityRandy.Romes@claconnect.comAugust 2019WEALTH ADVISORY OUTSOURCING AUDIT, TAX, AND CONSULTINGInvestment advisory services are offered through CliftonLarsonAllenWealth Advisors, LLC, an SEC-registered investment advisor 2019 CliftonLarsonAllen LLPThe Dark Web & Your Bank:Impact, Risks, Strategy

This presentation is designed to provide accurate and authoritativeinformation in regard to the subject matter covered. The handouts, visuals,and verbal information provided are current as of the webinardate. However, due to an evolving regulatory environment, FinancialEducation & Development, Inc. does not guarantee that this is the mostcurrent information on this subject after that time. 2019 CliftonLarsonAllen LLPDisclaimerWebinar content is provided with the understanding that the publisher is notrendering legal, accounting, or other professional services. Before relying onthe material in any important matter, users should carefully evaluate itsaccuracy, currency, completeness, and relevance for their purposes, andshould obtain any appropriate professional advice. The content does notnecessarily reflect the views of the publisher or indicate a commitment to aparticular course of action. Links to other websites are inserted forconvenience and do not constitute endorsement of material at those sites,or any associated organization, product, or service.Create Opportunities We promise to know you and help you.2

2019 CliftonLarsonAllen LLPSponsorsArkansas Community BankersCommunity Bankers Association of OklahomaCalifornia Community Banking NetworkPennsylvania Association of Comm. BankersIndependent Bankers of ColoradoIndependent Banks of South CarolinaFlorida Bankers AssociationIndependent Comm. Bankers of South DakotaCommunity Bankers Association of GeorgiaTennessee Bankers AssociationCommunity Banker Association of IllinoisIndependent Bankers Association of TexasIndiana Bankers AssociationVermont Bankers AssociationCommunity Bankers of IowaVirginia Association of Community BanksCommunity Bankers Association of KansasCommunity Bankers of WashingtonMaine Bankers AssociationCommunity Bankers of West VirginiaCommunity Bankers of MichiganWisconsin Bankers AssociationIndependent Community Bankers of MinnesotaMissouri Independent Bankers AssociationDirected byMontana Independent Bankers AssociationThe Community Bankers Webinar NetworkNebraska Independent Community BankersIndependent Comm. Bankers Assoc. of New MexicoIndependent Bankers Assoc. of New York StateIndependent Community Banks of North DakotaCommunity Bankers Association of OhioCreate Opportunities We promise to know you and help you.3

Randy RomesCISSP, CRISC, MCP, PCI-QSACliftonLarsonAllen LLP 2019 CliftonLarsonAllen LLPToday’s Presenter“Professional Student”Science Teacher / Self-Taught Computer GuyIT Consultant – Project Manager – IT Staff/Help Desk – HackerAssistant Scout Master (Boy Scouts)Create Opportunities We promise to know you and help you.4

Create Opportunities We promise to know you and help you. 2019 CliftonLarsonAllen LLPRaise Your Hand If 5

Security cameras HVAC systems Door sensors andproximity readers “Chrome wants toremember yourlocation ” “Hey Alexa, what’smy balance?” “Presence”Create Opportunities We promise to know you and help you. 2019 CliftonLarsonAllen LLPEverything Can Talk to Everything .6

2019 CliftonLarsonAllen LLPSun Tzu:“Know your enemy andknow yourself and you canfight a hundred battleswithout disaster”The Current State of CybercrimeWEALTH ADVISORY OUTSOURCING AUDIT, TAX, AND CONSULTINGInvestment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, anSEC-registered investment advisor7

Financial institutions face a wide variety ofthreats posed by the Dark Web––––– 2019 CliftonLarsonAllen LLPWhat Threats Do Financial InstitutionsFace from the Dark WebCredit Card FraudCorporate TheftEmerging MalwareFraud TechniquesThreats can also be internal Employee selling confidential informationCreate Opportunities We promise to know you and help you.8

Hackers have monetized their activity 2019 CliftonLarsonAllen LLPCurrent State of Cybercrime– Theft of personally identifiable information (PII)– Payment fraud– Ransomware Most attacks are carried outby organized crimeCreate Opportunities We promise to know you and help you.9

Hacking is run like a business wherepeople specialize in different areas 2019 CliftonLarsonAllen LLPOrganized Crime– Writing malware– Renting botnets– Stealing data– Selling data (collect data from various sources/BIG DATA)– Etc. Most attacks are completely automatedCreate Opportunities We promise to know you and help you.10

Every organization stores information abouttheir employees in electronic format 2019 CliftonLarsonAllen LLPTheft of PII– Payroll/tax/W2 Name, address, SSN, etc.– Email address Every institution has their accountholders’ PFI Some institutions store other sensitive data– Credit card information– Health informationCreate Opportunities We promise to know you and help you.11

All this information has value––––– 2019 CliftonLarsonAllen LLPTheft of PIISubmit fraudulent tax returnsSubmit fraudulent insurance claimsSet up fraudulent identities for creditPurchase items with stolen credit card informationUse emails for phishing campaigns Attackers buy and sell data on cyberblack market– Similar to amazon.com for stolen informationCreate Opportunities We promise to know you and help you.12

The open web is anythingthat can be indexed by asearch engine (Google,Bing, Yahoo etc.) 2019 CliftonLarsonAllen LLPThe Open Web– Easily accessible– Under constantsurveillance andmonitoring– Open web containsaround 10% of the internetCreate Opportunities We promise to know you and help you.13

The Deep Web is the internet that is hiddenfrom view 2019 CliftonLarsonAllen LLPThe Deep Web– Any content that cannot be linked in asearch engine– Estimated to be 500x larger than open internet– Examples: Private intranets VPNs Also contains “Dark Web”Create Opportunities We promise to know you and help you.14

2019 CliftonLarsonAllen LLPThe Dark Web The Dark Web is a portion of the Deep Web, thatcannot be accessed via a standard internet browser The Dark Web is essentially a private network onthe Deep Web The Dark Web uses onion routing to anonymize users (TOR)Create Opportunities We promise to know you and help you.15

The Onion Router (TOR) is a free and open source software/protocol that enables anonymous communication Traffic through the TOR network is anonymized by relayingtraffic through a free volunteer supported relay network Dark Web websites are similar to any other website,however instead of the websites ending with a .com or .net,Dark Web sites end with a .onion TOR makes it difficult to trace users internet activity:–––– 2019 CliftonLarsonAllen LLPWhat Is TOR? (Onion Routing)Visiting websitesOnline postsMessagingFile transfersCreate Opportunities We promise to know you and help you.16

TOR adds additional layers of encryption as datais routed through the relay network, makingnetwork surveillance extremely difficult.Create Opportunities We promise to know you and help you. 2019 CliftonLarsonAllen LLPWhat Is TOR? (Onion Routing)17

Since the creation of cryptocurrency's (Bitcoin),the Dark Web has flourished with illicit marketplacesand forums A large variety of illicit products can be anonymouslypurchased on the Dark Web 2019 CliftonLarsonAllen LLPWhat Can Be Found on the Dark Web?– Bank Account Logins– Credit Card Info– Forged Documents– Malware (Banking Trojans, Remote Administrator Tools) Dark Web ecommerce sites are similar to traditionalsites like eBay or Amazon, such as ratings, reviews,shopping carts, forums, and customer serviceCreate Opportunities We promise to know you and help you.18

Cryptocurrencies are the most popular formof payment on the Dark Web Cryptocurrencies pseudo-anonymize, whichcriminals find ideal for conducting financialcyber crimes The most common form of cryptocurrencyused on the Dark Web is Bitcoin In recent years, there has been a push to usemore privacy focused cryptocurrencies onthe Dark Web, such as MoneroCreate Opportunities We promise to know you and help you. 2019 CliftonLarsonAllen LLPPayment Methods on the Dark Web19

Fraud techniquefor sale onDark WebmarketplaceCreate Opportunities We promise to know you and help you. 2019 CliftonLarsonAllen LLPDark WebMarketplace20

1B over 2 yearsAverage 10M per bank2 to 4 months per bankMethods: Online Banking,Swift, ATMsAttackers primarily inRussia, Ukraine, ChinaBanks primarily Russia,Europe, United States 2019 CliftonLarsonAllen LLPBackend Payment SystemsCarbanak – Biggest Bank Heist g-tied-to-russian-security-firm/Create Opportunities We promise to know you and help you.21

Create Opportunities We promise to know you and help you. 2019 CliftonLarsonAllen LLPBackend Payment SystemsCarbanak – Biggest Bank Heist EVER22

2019 CliftonLarsonAllen LLPDark WebMarketplace“Vendor”selling bankaccount loginsCreate Opportunities We promise to know you and help you.23

2019 CliftonLarsonAllen LLPDark Web ForumExample of bank logins being openly advertised and sold on a Dark Web forumCreate Opportunities We promise to know you and help you.24

When is the last time you wrote a check? Electronic payments are the norm 2019 CliftonLarsonAllen LLPPayment Fraud – Account Take Overs– Wire transfers and ACH payments– Online banking– ”Send money” Corporate Account Take Over CATO– Compromise accounts/credentials thatcan move money Persuasion Attacks– Convince others to send moneyCreate Opportunities We promise to know you and help you.25

2019 CliftonLarsonAllen LLPPersuasion Attacks (More Recently)https://krebsonsecurity.com/tag/bec/CEO asks the accountant Common mistakes1. Use of private email2. “Don’t tell anyone”Create Opportunities We promise to know you and help you.26

Create Opportunities We promise to know you and help you. 2019 CliftonLarsonAllen LLPMarketplace for Stolen (Credit Cards)27

(Two Years Ago )Create Opportunities We promise to know you and help you. 2019 CliftonLarsonAllen LLPCredit Card Breaches in the News28

(Weeks Ago )“ The PoS malware was designedto collect information stored onthe magnetic stripe of paymentcards, including cardholder'sname, payment card number,card verification code, andexpiration date. 2019 CliftonLarsonAllen LLPCredit Card Breaches in the NewsHowever, the company pointedout that the investigation foundno evidence suggesting thathackers made off with additionalinformation belonging to theaffected cardholders, and that"not all guests who visited thelisted restaurants" are affected bythe breach .”Create Opportunities We promise to know you and help you.29

2019 CliftonLarsonAllen LLPThe Boy Scout Motto:“Be Prepared”Strategies and Action ItemsWEALTH ADVISORY OUTSOURCING AUDIT, TAX, AND CONSULTINGInvestment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, anSEC-registered investment advisor30

Because the Dark Web provides the ability to keepusers anonymous, the number of criminals who useTOR for financial fraud is only increasing 2019 CliftonLarsonAllen LLPProtecting Financial Institutions fromDark Web Threats Financial institutions need to be on the forefront whenit comes to threats originating from the Dark Web Its important for financial institutions to understandthe threat the Dark Web poses Actions should be taken to monitor and prevent threatsbefore they occurCreate Opportunities We promise to know you and help you.31

Our information security strategyshould have the following objectives: 2019 CliftonLarsonAllen LLPStrategies Users who are aware and savvy Systems that are hardened andresistant to malware and attacks Resilience capabilities:monitoring, incident response,testing, and validationCreate Opportunities We promise to know you and help you.32