2012 Cost of Cyber Crime Study Cyber crimes continue to be costly Average annualized cost of cyber crime: 2012: $8.9m per year, with a range of $1.4m - $46 million 2011: $8.4 million. Increase of 6 percent or $500,000 Cyber attacks have become common occurrences Cyber attacks have become common occurrences 2012: 102 successful attacks per week 1.8 successful attacks per company per week. 2011: 72 successful attacks on average per week 42% increase VITA
VIRGINIA WAS #8 IN CYBER COMPLAINTS FOR 2012 IC3 Annual Report 2012
The Commonwealth received 117,842,683 alerts, or approximately four attacks per second in 2012 VITA
BOT NETS DNS Changer is malware and a botnet that alters a computers domain name service (DNS) settings, redirecting infected computers to domains maintained by the malicious actors and used to promote fake and dangerous products MSISAC
EXPLOIT KITS Malware redirects on compromised websites, spam email, poisoned search engine results; identifies and takes advantage of vulnerabilities in web browsers, and browser plug-ins, including Java, PDF, and Adobe vulnerabilities Usually delivers ZeuS, Zeroaccess, Cridex, and FakeAV malware, although it is capable of distributing any malware Per MSISAC, it is the most widely used kits in existence in the cyber world MSISAC
WEB CAMERA HACKING Per Justin Vellese with the FBI, web camera hacking is a growing crime that's happening all over the world. FBI Web Warning Article
PHISHING According to Microsoft: Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, Windows Live IDs, bank and other account data and passwords, or other information.Windows Live IDs Microsoft
PHISHING What does a phishing email message look like? Example: Microsoft
PHISHING TYPES OF PHISHING Fake email account reset or mailbox over limit IRS, FBI and Treasury scams Credit Union and Banking scams Major events (Elections, Holidays) Social networking Web sites Fake Websites Websites that spoof your familiar sites using slightly different Web addresses Instant message program
KEYLOGGER A keylogger is a malware software program (it can even be hardware) designed to monitor and log all keystrokes. This is one of the biggest threats of some malware since it can allow all information going through a computer to be stolen; Keyloggers are often set up to look specifically for items like passwords, confidential information, pin numbers, credit card account numbers, ssn – these are the most sought items wanted by criminals for fraud and identity theft
SPAM What is Spam? Simply stated, Spam is an unsolicited email Product offers Misdirection to allow installation of malware Misinformation (denial of access)
SOCIAL ENGINEERING According to Microsoft: The purpose of social engineering is usually to secretly install spyware or other malicious software or to trick you into handing over your passwords or other sensitive financial or personal information.
SOCIAL ENGINEERING Types of Social Engineering Phishing Spear phishing E-mail hoaxes Telephone or in person fraud Shoulder Surfing
FAKE ALERT VMRC had numerous cases of Fake Alert Trojans in our agency. In each case, the PC had to be reimaged and data was lost. Remember if you see a pop-up similar to one on the right, turn your computer off immediately and contact MIS personnel. Do not click on anything in an attempt to close this type of fake alert window – just a single click executes and installs the malware. As always, any suspicious computer behavior should be reported immediately to any MIS personnel !
REMEMBER YOU ARE THE PRIMARY DEFENSE AGAINST CYBER ATTACKS: SYMANTEC – 90% of malware requires human interaction MANDIANT – 100% of successful APT (Advanced Persistent Threat) attacks compromised the human
DEFENSE - PHYSICAL Physical protection of all MRC equipment is a primary defense against cyber attacks Always remember to put your laptop in a locked cabinet at night or hidden in your vehicle when traveling Always secure USB flash drives, cell phones, and other mobile devices while traveling or unattended in the office
DEFENSE – SCREEN LOCK Always remember to lock your computer screen when you step away from your desk:
DEFENSE – PROTECT USER IDs & PASSWORDS Change your passwords at a minimum of every 90 days If your password is comprised or if you suspect a malware infection, immediately change your passwords – always contact your Information Security Officers if this occurs Dont reuse your previous passwords Dont use the same password for each of your accounts No When your computer prompts you to save or remember your password, click on No
DEFENSE – PROTECT USER IDs & PASSWORDS Use memorable phrases, such as I hate Mondays! Alter caps with lowercase, numbers, and use symbols: Example: 1h@teM0ndays! Using this format gives you the opportunity to use the same password for long time. Simply change at least two characters and most policies will allow you to keep the same password.
DEFENSE – PROTECT PASSWORDS Use at least eight characters, including numerals and symbols Avoid common (dictionary) words Dont use your personal information, login, or adjacent keys as passwords Use variety of passwords for your online accounts
DEFENSE - PROTECT AGENCY SENSITIVE DATA Sensitive personal information means the first name or first initial and last name in combination with and linked to any one or more of the following data elements that relate to a resident of the commonwealth, when the data elements are neither encrypted nor redacted: 1) Social security number; 2) Drivers license number or state identification card number issued in lieu of a drivers license number; or 3) Financial account number, or credit card or debit card number, in combination with any required security code, access code, or password that would permit access to a residents financial accounts;
DEFENSE - PROTECT AGENCY SENSITIVE DATA Remember: ** By statute, at MRC, confidential harvest information is also considered sensitive data
DEFENSE – ENCRYPTION Unless authorized otherwise, store sensitive data only on your designated network drive; if sensitive data is on the network it does not have to be encrypted, but use common sense and encrypt the file if a significant amount of sensitive data is included If you are required to carry sensitive data on a mobile device, that data is to be encrypted and you must obtain permission to do so by the agency ISO and Commissioner All encryption software will be installed by MIS personnel only Never ever send unencrypted sensitive data in an email! Call in the information to the designated person or obtain the proper software from the MIS personnel to encrypt it in an email
DEFENSE – EMAIL !DO NOT send unencrypted sensitive data in an email! - Always contact MIS if you need to send confidential data by email Watch out for phishing emails Store critical emails in your personal folders COV email accounts must not be auto forwarded to any external accounts Never ever click on an untrusted link in an email, always type the link in the browser. HINT: Hover your mouse over an email link, without clicking, if the web address is different from what you would expect it may be phishing or malware website! Do not open attachments from unknown sources
DEFENSE – EMAIL 200MB ** Remember VITA will never send you a hyperlink in this email for you to click on** From: Microsoft Outlook Sent: Thursday, September 20, 2012 2:00 AM To: Subject: Your mailbox is almost full. Importance: High Your mailbox is almost full. 200 Please reduce your mailbox size. Delete any items you don't need from your mailbox and empty your Deleted Items folder. **This is an example of a legitimate email from VITA informing the user that they are near their storage limit on an email account. There have been regular emails to various users in the agency that are phishing attempts using the Your mailbox is almost full line. If it does not look like the above email, delete it!** 163 MB200MB
DEFENSE – SURFING VITA automatically forces down a popup blocker in our browsers, if you have to disable it for a website, remember to always re-enable it afterwards After clicking on a trusted link, always monitor the address bar in the browser, if the web address is different than expected, do not proceed! Always remember it is better to type in a hyperlink in the address bar from an untrusted source!
DEFENSE – WIRELESS SECURITY If you are issued a VPN FOB, never attach your pin to the device and always secure your device Always secure air cards like you would any mobile device Be alert when using a public wireless network, never transfer or access sensitive data while attached to one! Hint: Try to avoid the use of public wireless network whenever possible
DEFENSE – MOBILE DEVICES Secure your laptop with a cable lock or store it in locked area or locked drawer Keep all devices with you during air and vehicle travel until it can be locked up safely. Do not forget to retrieve it after passing through airport security. Always keep your Blackberry and flash drives in a secure location. Maintain physical control of these devices! NEVER EVER store unencrypted sensitive data on these devices! Limit exposure of your mobile phone number Be choosy when selecting and installing apps Set Bluetooth-enabled devices to non-discoverable Avoid joining unknown Wi-Fi networks and using public Wi-Fi hotspots Dont use third-party device firmware to change access to your device US-CERT
DEFENSE – REMOTE ACCESS Only authorized personnel are allowed to access their network drives remotely Dont use public WIFIs to access the VMRC network server Secure all VPN fobs as if it is a laptop computer and never attach your pin to the device Remember to never access sensitive data in a public location
DEFENSE – REBOOT It is best to turn off or reboot a computer at the end of the day. This will flush the RAM memory and will update configurations If you use a credit card or sensitive data online, you should clear your search cache and cookies afterwards. This can be done on Internet Explorer by going to Tools>Internet Options>Browsing History>Delete. In addition, it is beneficial to perform this task on a regular basis. As always, be on the lookout for suspicious activity!
DEFENSE AT HOME - SECURITY SOFTWARE Anti-Virus Software Firewalls Anti-Spyware and Malware Software Email Scanning Web Filters Windows 7 Firewall MAKE SURE THE FOLLOWING PROGRAMS ARE UP-TO-DATE:
DEFENSE- UP-TO-DATE In order to protect yourself and your computer you need to ensure that you Operating System and Web Browser is up-to-date Security patches are frequently updated, so check regularly! Microsoft
DEFENSE- WIRELESS NETWORKS Ensure your wireless network is setup as a secure wireless network: http://www.microsoft.com/windowsxp/ using/networking/setup/wireless.msp x
DEFENSE – BACKUP YOUR DATA One of the biggest errors people make is not backing up their data! Depending upon your use: For work we back it up every night For home you should strive to back it up at least weekly Windows 7 Backup
WHEN TO CONTACT MIS? Contact any of your MIS personnel and supervisor about any cyber security incident!
CONTACT MIS FOR SOFTWARE INSTALLATION Remember to never install software on any device (computer, USB, blackberry, etc.) without permission from the ISO. This is to ensure we have met all licensing and copyright requirements.
CONTACT FTC WHEN IDENTITY THEFT OCCURS File a complaint with the Federal Trade Commission: https://www.ftccomplaintassistant.gov Place a fraud alert on your credit reports, and review your credit reports. This can be accomplished by contacting one of the nationwide consumer reporting agency File a Police Report Close the accounts that have been tampered with or opened fraudulently
TEST YOUR CYBER SECURITY KNOWLEDGE Do not forget you are required to take a quiz after you complete the training. You can access the quiz by login the Employee Portal. You will find the quiz under the System Access. It is a multiple choice test and should only take a couple of minutes to complete. You are required to pass the test with a 90% - but you can take the test multiple times. If you pass the test by 90%, you will receive a Nice Job! You've passed! message. Employee Portal
Thank You! Thanks for going through the training today. MRC security web pageMRC security web page Information Security is critical at work and at home. We appreciate you taking the time to learn the contents of this training and highly encourage you taking some time regularly to read up on security topics. Use our MRC security web page to access more information on security and access account request information. Also available on our security web page is the Agency Information Security Policy – all users should be familiar with the policy and their responsibilities for security as an agency employee.MRC security web page Please contact Erik Barth (x72262); Linda Farris (x72280) or your supervisor if you have any questions about this training or information security topics in general.
References VITA IC3 Annual Report 2012 Miller School of Medicine MSISAC Microsoft FBI Web Warning Article US-CERT