Forensically Speaking Phishing is essentially an online con game Phishers are nothing more than tech-savvy con artists and identity thieves They trick people into divulging sensitive information using: –spam –malicious Web sites –email messages –instant messages
Getting a Positive I.D. on the Perp Pose as legitimate companies Use email to request personal information Direct recipients to respond through malicious Web sites Use emotional language, scare tactics, or urgent requests to entice recipients to respond Look remarkably like legitimate sites because they tend to use the copyrighted images from legitimate sites Requests for confidential information via email or IM tend to fake Fraudulent messages are often not personalized and may share similar properties like details in the header and footer
Protect Yourself: Be Prepared Your bank will never ask you for your personal information in an email. Don’t be fooled! Look for your name, not “Dear Valued Customer” If it is your bank, they already know who you are. Look at the URL in the Address bar. If this is not the correct site, Don’t Click anything, just close the browser. Hover over links to see the real address, if it is not from a valid institution, don’t click any links or open attachments. Look for Spelling mistakes, unprofessional = fraud Always type the URL instead of clicking links in email or IM Use “Reputation” based security software
What is a “”Bot” A "bot" is a type of malware that allows an attacker to take control over an affected computer. Also known as “Web robots,” bots are usually part of a network of infected machines, known as a “botnet,” which is typically made up of victim machines that stretch across the globe.
Bots Forensically Speaking Bots are one of the most sophisticated and popular types of cybercrime today. They allow hackers to take control of many computers at a time, and turn them into "zombie" computers, which operate as part of a powerful "botnet" to spread viruses, generate spam, and commit other types of online crime and fraud. They steal personal and private information and communicate it back to the malicious user: credit card numbers, bank credentials, or other sensitive personal information
Bot Metrics BOTNET Metrics Distinct New BOT C&C Servers15,197 Over IRC Channels43% Over HTTP (Web)57% Daily Average of Active BOT infected computers75,158 (31% increase) United States is the top country for: Origin of Web-based attacks38% “DoS” Denial-of-service attacks51%
Protect Yourself Install top-rated security software Configure your software’s settings to update automatically. Increase the security settings on your browser. Limit your user rights when online. Never click on attachments unless you can verify the source. Ensure that your system is patched with the most current Microsoft Windows™ Update. Set your computer’s security settings to update automatically, to ensure you always have the most current system patches.
Identity theft is a two-step process. –First, someone steals your personal information. –Next, they use that information to impersonate you and commit fraud. –Your defenses must work on both levels. Known Whereabouts & Accomplices Most identity theft occurs the old-fashioned way. Thieves rifle through trash, steal mail, or trick you into revealing sensitive details. With phishing and pharming, thieves use fake emails and Web sites to impersonate legitimate organizations. Hackers and viruses can infiltrate your computer to steal data or capture account names and passwords as you type them.
19 Stolen information is sold Most frequently advertised items Credit card information (32%) Bank account credentials (19%) The price range of credit cards remained consistent in 2008, ranging from $0.06 to $30 per card number Compromised email accounts can provide access to other confidential information and additional resources
Protect Yourself: Safeguard, Monitor, and Respond Don’t give out your social security number over the phone. Learn to spot fraudulent emails, Web sites, and phishing attempts. Use only secure, authenticated Web sites to transact business online. Install a personal firewall, antivirus program, and antispam protection. Regularly check your credit report and monitor financial accounts Shred paperwork containing account information or personal identifiers. Keep important documents locked up. Store sensitive information in password-protected files and directories. If someone has stolen your identity, respond immediately. Close compromised accounts, cancel driver’s license you may have lost. Put a fraud alert on your credit report and report the crime to authorities.
What is a Vulnerability? Vulnerable means to be susceptible to attack A “Vulnerability” is a weakness which allows an attacker to violate the integrity of that system Exploiting a vulnerability can allow the attacker to: –To gain system access –Elevate privileges (impersonate an System or Root account) –Install malicious software –Steal information
Vulnerability Metrics Documented Vulnerabilities in 20085,491 (up 19%) Easy to exploit vulnerabilities80% (up 6%) Zero-day vulnerabilities9 (down from 15) Mozilla99 Internet Explorer47 Apple Safari40 Opera35 Google Chrome11
Vulnerabilities Getting a Positive I.D. on the Perp Companies announce vulnerabilities as they are discovered and quickly work to fix the vulnerabilities with software and security "patches." Protect Yourself: Stay out of Palookaville –Keep software and security patches up to date –Configure security settings for operating system, Internet browser. and security software –Develop personal security policies for online behavior –Install a proactive security solution to block threats targeting vulnerabilities
Forensically Speaking Misleading applications typically strike people when they are surfing the Web Intentionally misrepresents the security status of a computer Reports fake security risks to convince the user that he or she must remove potentially unwanted programs or security risks (usually nonexistent or fake) from the computer. The application holds the user hostage until the “required” software is purchased and installed.
Getting a Positive I.D. on the Perp Misleading applications often look convincing Have you seen: –Strange security messages popping up –Unexpected balloon message –Messages telling you that you’re infected with a new threat Called "misleading applications". Once installed, misleading applications exaggerate or make false claims about the security status or performance of your system, then promise to solve these bogus problems if you pay them.
Known aliases of misleading applications WinFixer Ultimate Defender SpySheriff MalwareWipe DriveCleaner AVSystemCare 1stAntiVirus VirusBurst SpywareQuake AntispywareSoldier
Protect Yourself: Skepticism Is Your Concealed Weapon Be especially cautious when clicking on pop-up advertisements—especially ads promoting system security or performance tools that look like a standard Microsoft Windows™ alert Do not accept or open suspicious error dialogs from within the browser Use reputable security to proactively protect from spyware and other security risks Configure the firewall to block unsolicited requests for outbound communication Only purchase security and system performance software from reputable sources Keep software and security patches up to date