CFA CyberConf A.C.Slashopt ltd Nikos Tsarouchas Constantinos - - PowerPoint PPT Presentation
CFA CyberConf A.C.Slashopt ltd Nikos Tsarouchas Constantinos Gakopoulos Constantinos Gakopoulos Greece Kastoria 1974 Landed in Cyprus 1995 20 years in the scene of IT 10 Years messing up with security Love PlayStation
A.C.Slashopt ltd Nikos Tsarouchas – Constantinos Gakopoulos
Constantinos Gakopoulos
Greece Kastoria 1974 Landed in Cyprus 1995 20 years in the scene of IT 10 Years messing up with security Love PlayStation In Love with Zelda
Nikos Tsarouchas
Thessaloniki1973 In Cyprus since 2011 HP since 2008 More than 20 years in the scene of IT Love Rum
Non Technical Attacks
Social Engineering Dumpster Diving Phishing
Technical Attacks
DDOS – DOS Attack Virus, Trojan, Worms
Ransomware/ Locky/Cerber
Ransomware is a computer malware that installs covertly on a victim's device (e.g., computer, smartphone, wearable device) and that either mounts the cryptoviral extortion attack from cryptovirology that holds the victim's data hostage, or mounts a cryptovirology leakware attack that threatens to publish the victim's data, until a ransom is paid. From Wikipedia, the free encyclopedia
Virus / Mallware
Malware, short for malicious software, is any software used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising Malware may be stealthy, intended to steal information or spy on computer users for an extended period without their knowledge. From Wikipedia, the free encyclopedia
Phishing
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website, the look and feel of which are almost identical to the legitimate one. Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Phishing emails may contain links to websites that are infected with malware.
Major breaches in 2016
As a kid, I had this great idea to be secure. I could build a big titanium room that would not be accessible from the outside. Then again, I thought…this will only give the intruder infinite time to find a myriad ways to find a way in.
Andreas Papamichael. Co-Founder A.C.Slashopt ltd
Statistics
BlackHat Conf 2016 BlackHat Conf 2016
They don’t believe there is an actual danger They think they are already secure I have a friend…I know someone….My best man told me…
THIS WILL NEVER HAPPEN TO ME
IT Department Vs Management Dep
IT Department
New Technologies Upgrades. OS – H/W Data integrity – Security IT Budged for this year Training for IT New Software cost DRS Cloud
Management
Cost of the investment But it works Come on. We are too small IT…. What? LoooL Google IT Find it on Pirate bay How Much??? I Don’t trust them
28 Days Later… ( Not the Movie)
Disaster Issues
Data loss, Files Encrypted Servers, Client Pc’s, Phone Compromised? Who? Why? Cannot restore files. Backup failed and is corrupted Weak firewall. No logging
Measures To take
Evaluation. Know how, what, when and how many Isolation Human Factor (Happiness, Salary, Education, ) Backups Backups Backups Carefully pick your sec consultant
If none of the above worked…
There is always a final and more radical solution and way to fix the issues caused by the security compromise
God Is Always The Answer