EMBA session 10th December 2022

Lazarus Heist

Consider the following questions:

• Who is the Lazarus group?
• How did the group gain access to the bank systems?
• How did the attackers hide what they were doing?
• What mistakes were made by the attackers?
• How was the money laundered?
• How would the top 11 CERT tips have helped? (see https://www.cert.govt.nz/business/guides/top-11-cyber-security-tips-for-your-business/)

Write your answers, share with your group and report back to the class.

Choosing a Strong Password

Try the following exercise:

1. Go to https://www.lastpass.com/features/password-generator#generatorTool
2. Generate an eight character long password with at least one number.
3. Go to https://preshing.com/20110811/xkcd-password-generator/
4. Generate a random word password by clicking Generate Another! at the top portion of the webpage.
5. Go to https://www.security.org/how-secure-is-my-password/ and test the strength of password from steps 2 and 4.

Questions: Which is more memorable? Which is stronger? Should you use either website to generate your password

Password reuse

Have you been subject to a data breach?

• Enter your email at https://haveibeenpwned.com/

What are the risks of being in a data breach if you reuse a password?

Make up a password that you have NEVER USED ANYWHERE, and see if it is in the database of pwned passwords:

• Enter the password here, https://haveibeenpwned.com/Passwords for example - abc123

How is this a problem if you have used one of these previously pwned ones ie reusing someone else's password?

Evaluating Password Storage Options

What are the costs and benefits of the following options:

• Writing it down or storing in a file on desktop
• Physically lock away password notes or use encryption
• Cloud-based password manager secured by a master password – lastpass or dashlane
• Browser-based password manager – chrome, firefox
• Single-sign on – Oauth with facebook, google mail etc.