SLIDES😘😘😘 - Link
🎵SANS CTI SUMMIT SPOTIFY PLAYLIST🎵 - Link
There's a shadow army of CTI analysts just waiting to be activated; it's the legion of tech-savvy small business owners and solopreneurs. Small business owners and solopreneurs need to wear numerous hats and many have a negative security budget with zero fancy Enterprise security solutions or security staff. How are they surviving the onslaught of cybercrime, fraud, and other unpleasant aspects of doing business? This is where threat intelligence comes in; it's a zero-cost way of keeping your business and customers safe. In this talk, I'll share the practical application of threat intelligence to a real estate business. Join me for an exciting adventure where we will analyze the real estate threat landscape, perform counter intelligence operations, and create threat actor profiles...the tips you learn and share might just save a life! Takeaways include practical CTI suggestions for small businesses and solopreneurs, potential interview questions for hiring managers to ask small business/solopreneur career-transition candidates, and a plan to operationalize threat intelligence for the highly targeted small business owners and solopreneurs in the real estate industry.
"Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor’s motives, targets, and attack behaviors. Threat intelligence enables us to make faster, more informed, data-backed security decisions and change their behavior from reactive to proactive in the fight against threat actors." - CROWDSTRIKE
- Cybereason vs Conti Ransomware - Link
- SCYTHE Egregor Ransomware - Link
- Sophos Egregor Ransomware - Link
- MITRE ATT&CK Netwalker Ransomware - Link
- Sophos Netwalker Ransomware - Link
- The DFIR Report - Netwalker Ransomware - Link
- Proofpoint Blog by Sherrod DeGrippo on Real Estate Attackers - Link
- FireEye APT41 - Link
- SCYTHE APT41 - Link
- MITRE ATT&CK APT41 - Link
- SCYTHE FIN6 - Link
- Center for Threat Informed Defense FIN6 - Link
- David J. Bianco's Pyramid of Pain - Link
- The Threat Intelligence Lifecycle - Link
- Analysis of Competing Hypotheses (ACH part 1) - Link
- Structured Analytic Techniques for Intelligence Analysis by Richards J. Heuer Jr. & Randolph Pherson - Link
- Sergio Caltagirone. Building Threat Hunting Strategies with the Diamond Model - Link
- Sergio Caltagirone, Andrew Pendergast, & Christopher Betz. The Diamond Model of Intrusion Analysis - Link
- Troy Hunt's Streamlining Data Breach Disclosures - Link
- How do you assess threats in your business?
- How do you determine the threat of your competitors?
- How did you handle ethical issues with brokers, clients, competitors, or vendors?
- How do you perform research for a property or neighborhood?
- What actions did you take to ensure the deal ran smoothly?
- Perform a Google search for your industry plus keywords, such as: cyber, cybersecurity, phishing, ransomware, breach, eCrime, cyber crime, etc
- SANS Internet Storm Center ISC - Review it periodically for cybersecurity related news - Link
- Sign up for a FREE Dark Web Intel Report from Intel471 - Periscope. It will provide you with TLP: Amber information that can help keep you informed of the criminal underworld - Link
- Check out the Verizon Data Breach Investigations Report for your industry - Link
- Review past incidents
- Example: Competitor exchanges, type of malicious emails, attempted BEC, attempted wire fraud, ransomware, website down, website hosting malicious content, malicious SMS, calls at 3am, legitimate listings taken down, sign removed from properties, website defacement, malware, compromised accounts, etc.
- Ask peers/colleagues about their common types of attacks
- Break down the Threats into categories that work for your business
- Destructive: malware, ransomware, exploits, website defacement, DDoS, etc
- Financial: infostealers, BEC, wire fraud, thread hijacking, phishing, malware, impersonation of listings/clients/vendors/etc
- Intellectual property/client information Theft
- Brainstorm Mitigating Controls
- Create a procedure to deal with wire fraud, BEC, ransomware, etc.
- Create reminders to slow down when going through email.
- Practice better operational security (opsec) when out in public and around competitors
- Track the type of malicious email campaigns that you see over time to guide your training, technology, and time/money investment in cybersecurity related items
- Use threat modeling combined with intelligence driven incident response to build out solutions that works for your business model.
- Verizon's Data Breach Investigations Report 2020 for the Real Estate Industry recommends security awareness training and implementation of policies and prodecures - Link
- Check out your industry's specific Privacy or Data Security Resource
- National Association of Realtors (NAR) Data Security and Privacy Toolkit - Link
- Use Open Source Intelligence (OSINT) to your advantage
- EX: If you are a real estate agent, set up Google Alerts for your listings to help identify criminal activity.
- Wire Fraud
- Set up a procedure before it happens on how to deal with wire fraud, including educating your clients.
- Does your broker have a wire fraud disclosure form that your clients must sign? Can you create a disclosure surrounding cyber-related threats to have your clients sign (after broker/legal counsel approval)?
- Can you provide a hand out to your client on cybersecurity safety during a transaction?
- There are 72 hours to report wire fraud to your local FBI office to attempt to get the money back.
- NAR has a good resource on Wire Fraud and Cybersecurity Tips - Link
- Resource: Stop Wire Fraud - Link
- Ransomware
- Do you backup your data? Where do you keep your backups? Do you have extra money to buy another computer...just in case? How will you notify your clients? Will you notify your clients?
- Patching
- How often do you update your website with the latest updates? How often do you patch your computer? How often do you install updates on your phone?
- Cybersecurity Hygiene
- Do you have 2FA set up for your accounts? Do you use a password manager? Do you use a VPN on public WIFI?
- Do you have Antivirus on your devices?
- Do you review access to your various accounts?
- How often do you review the email rules? Do you know what is being forwarded, deleted, moved, etc?
- Does your broker have cyber insurance or cyber breaches added in the E&O insurance?
- Can you insist on working with title companies, banks, vendors, and other Realtors that protect the data in transit, such as using encryption services/password protected pdfs with out of band passwords, etc?
- If you hire a tech/security company, what kind of recourse do you have if they mess up?
- Specialize in neighborhoods/areas, know your products/inventory and your competitors very well.
- Top Cybersecurity Threats to Real Estate Companies - Link
- National Association of Realtors (NAR) Cybersecurity Checklist - Link
- California Association of Realtor's (CAR) Resources on Cyber Crime in the Real Estate Industry - Link
- Arizona Real Estate Investors Association (AZREIA) Resources on Cyber Crime & Real Estate - Link
- Look up Continuing Education or Training related to Cyber Crime and your Industry, such as: Real Estate Training Institute's Cyber Crime and Real Estate Course for 3 Hr Continuing Education Credit - Link
- Cyber Threat Intelligence Activity Group Planning Worksheet - Link
- There are two HANDOUTS that can be found under the Resources folder in this GitHub Repo. One has a ransomware chart and the other a basic table of cybersecurity solutions - Link
