Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT  2014.

Similar presentations


Presentation on theme: "ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT  2014."— Presentation transcript:

1

2 ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT  2014

3 COMPUTER SECURITY COMPUTERS AND NETWORKS WERE ORIGINALLY DEVELOPED TO FACILITATE ACCESS, NOT TO RESTRICT IT. SOFTWARE/HARDWARE SYSTEMS KNOWN AS FIREWALLS ARE OFTEN USED TO PROVIDE “CHOKE POINTS” FOR COMPUTER SYSTEMS. THEY PREVENT UNAUTHORIZED LOGINS FROM THE OUTSIDE WORLD. THEY AUDIT THE TRAFFIC ENTERING AND EXITING THE SYSTEM. THEY MAY BE USED TO BLOCK OUTGOING DATA TO UNAUTHORIZED DESTINATIONS. INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 2

4 INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 3 DENIAL OF SERVICE ATTACKS “DENIAL OF SERVICE” ATTACKS CONSIST OF THE CONSUMPTION OF A LIMITED RESOURCE, USUALLY NETWORK CONNECTIVITY, IN AN EFFORT TO DENY LEGITIMATE ACCESS TO THAT RESOURCE. IN THIS TYPE OF ATTACK, THE ATTACKER BEGINS THE PROCESS OF ESTABLISHING A CONNECTION TO THE VICTIM MACHINE, BUT DOES IT IN SUCH A WAY AS TO PREVENT THE ULTIMATE COMPLETION OF THE CONNECTION. IN THE MEANTIME, THE VICTIM MACHINE HAS RESERVED ONE OF A LIMITED NUMBER OF DATA STRUCTURES REQUIRED TO COMPLETE THE IMPENDING CONNECTION. THE RESULT IS THAT LEGITIMATE CONNECTIONS ARE DENIED WHILE THE VICTIM MACHINE IS WAITING TO COMPLETE BOGUS "HALF-OPEN" CONNECTIONS.

5 INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 4VIRUSES A VIRUS IS A COMPUTER PROGRAM FILE CAPABLE OF ATTACHING TO DISKS OR OTHER FILES AND REPLICATING ITSELF REPEATEDLY, TYPICALLY WITHOUT USER KNOWLEDGE OR PERMISSION. SOME VIRUSES ATTACH TO FILES SO WHEN THE INFECTED FILE EXECUTES, THE VIRUS ALSO EXECUTES. OTHER VIRUSES SIT IN A COMPUTER'S MEMORY AND INFECT FILES AS THE COMPUTER OPENS, MODIFIES OR CREATES THE FILES. SOME VIRUSES DISPLAY SYMPTOMS, AND SOME VIRUSES DAMAGE FILES AND COMPUTER SYSTEMS.

6 INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 5 WORMS WORMS ARE PARASITIC COMPUTER PROGRAMS THAT REPLICATE, BUT UNLIKE VIRUSES, DO NOT REQUIRE ACTION ON THE PART OF HUMAN USERS IN ORDER TO SPREAD. WORMS CAN CREATE COPIES ON THE SAME COMPUTER, OR CAN SEND THE COPIES TO OTHER COMPUTERS VIA A NETWORK. WORMS OFTEN SPREAD VIA OR CHAT APPLICATIONS, TAKING ADVANTAGE OF FILE OR INFORMATION TRANSPORT FEATURES TO SPREAD UNAIDED BY HUMAN ACTION.

7 INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 6 TROJAN HORSES A TROJAN HORSE IS A MALICIOUS PROGRAM THAT PRETENDS TO BE A BENIGN APPLICATION. A TROJAN HORSE PROGRAM PURPOSEFULLY DOES SOMETHING THE USER DOES NOT EXPECT. TROJAN HORSES ARE NOT VIRUSES SINCE THEY DO NOT REPLICATE, BUT THEY CAN BE JUST AS DESTRUCTIVE. ONE TYPE OF TROJAN HORSE, KNOWN AS A LOGIC BOMB, IS SET TO EXECUTE WHENEVER A SPECIFIC EVENT OCCURS (E.G., A CHANGE IN A FILE, A PARTICULAR SERIES OF KEYSTROKES, A SPECIFIC TIME OR DATE).

8 INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 7 WATERING HOLE ATTACKS WITH INCREASED VIGILANCE AGAINST MALWARE ATTACKS, SOME ATTACKERS HAVE RESORTED TO INDIRECT WATERING HOLE ATTACKS. THE ATTACKERS INJECT AN “EXPLOIT” CONTAINING MALWARE ONTO A TRUSTED SITE THAT THEIR INTENDED TARGET OFTEN VISITS. WHEN THE TARGET VISITS THE SITE, THE EXPLOIT DROPS ITS MALWARE ONTO THE VICTIM’S SYSTEM. THE ATTACKERS CAN THEN LAUNCH THEIR MALICIOUS ATTACK VIA THEIR LAUNCHED MALWARE.

9 INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 8 ZERO DAY VULNERABILITIES WHEN ATTACKERS DISCOVER A VULNERABILITY IN A SOFTWARE SYSTEM BEFORE THE SYSTEM DEVELOPERS DO (OR AT LEAST BEFORE THEY FIX IT), THE ATTACKERS TRY TO DEVELOP “EXPLOITS” (I.E., STRATEGIES FOR TAKING ADVANTAGE OF THAT VULNERABILITY) ON “DAY ZERO” OF AWARENESS OF THE VULNERABILITY. AFTER SOME SOFTWARE DEVELOPERS TOOK OVER FOUR YEARS TO ADDRESS KNOWN VULNERABILITIES, HEWLETT- PACKARD’S ZERO DAY INITIATIVE WAS SET UP TO REWARD RESEARCHERS WHO REPORTED VULNERABILITIES TO ZDI, WHICH WOULD TRY TO WORK WITH THE VENDOR TO DEVELOP A PATCH FOR THE PROBLEM. IN ANY CASE, THE DEVELOPER WOULD HAVE NO MORE THAN 180 DAYS TO FIX THE VULNERABILITY BEFORE ZDI WOULD RELEASE THE INFORMATION TO THE PRESS.

10 INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 9 RANSOMWARE

11 INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 10 UNSOLICITED COMMERCIAL (SPAM) IS SENT TO A VAST NUMBER OF USERS, WITH THE HOPES THAT SOME SMALL PERCENTAGE OF THEM WILL RESPOND TO AN “IRRESISTIBLE” OFFER AND PURCHASE WHAT TURNS OUT TO BE A BOGUS PRODUCT AT A “BARGAIN” PRICE.

12 INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 11 SPAM STATISTICS (2013)

13 INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 12 ZOMBIE ARMIES (BOTNETS) ZOMBIE COMPUTERS, VIRUS- INFECTED COMPUTERS THAT PERFORM MALICIOUS TASKS UNDER REMOTE DIRECTION, ARE THE MAJOR DELIVERY METHOD OF SPAM.

14 INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 13 SPAM RED FLAGS AMONG THE TELLTALE SIGNS THAT AN MESSAGE COULD BE SPAM: FREQUENT USE OF CHARACTERS THAT ARE NEITHER NUMBERS NOR LETTERS. TRANSMISSION TIME IN THE WEE HOURS OF THE NIGHT. USE OF HUSTLE PHRASES, LIKE “DOUBLE YOUR INCOME” OR “LOSE WEIGHT FAST”.

15 INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 14 PHISHING EXPEDITION PHISHING IS A HIGH-TECH SCAM THAT USES SPAM OR POP-UP MESSAGES TO DECEIVE WEB USERS INTO DISCLOSING CREDIT CARD NUMBERS, BANK ACCOUNT INFORMATION, SOCIAL SECURITY NUMBER, PASSWORDS, OR OTHER SENSITIVE INFORMATION.

16 INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 15 SPEAR PHISHING INSTEAD OF SENDING THOUSANDS OF RANDOM S, HOPING A FEW VICTIMS WILL BITE, SPEAR PHISHERS TARGET SELECT GROUPS OF PEOPLE WITH SOMETHING IN COMMON (E.G., WORK AT THE SAME COMPANY, ATTEND THE SAME COLLEGE). FIRST, CRIMINALS NEED SOME INSIDE INFORMATION ON THEIR TARGETS TO CONVINCE THEM THE S ARE LEGITIMATE. THEY OFTEN OBTAIN IT BY HACKING INTO AN ORGANIZATION’S COMPUTER NETWORK OR BY COMBING THROUGH OTHER WEBSITES, BLOGS, AND SOCIAL NETWORKING SITES. NEXT, THEY SEND S THAT LOOK LIKE THE REAL THING TO TARGETED VICTIMS, OFFERING ALL SORTS OF URGENT AND LEGITIMATE-SOUNDING EXPLANATIONS AS TO WHY THEY NEED YOUR PERSONAL DATA. FINALLY, THE VICTIMS ARE ASKED TO CLICK ON A LINK INSIDE THE THAT TAKES THEM TO A PHONY BUT REALISTIC-LOOKING WEBSITE, WHERE THEY ARE ASKED TO PROVIDE PASSWORDS, ACCOUNT NUMBERS, USER IDS, PINS, ETC.

17 INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 16 SPEAR PHISHING WORD CLOUD CERTAIN WORDS ARE USED FREQUENTLY IN SPEAR PHISHING EFFORTS, USUALLY ASSOCIATED WITH URGENCY OR OTHER ATTENTION-GRABBING CONNOTATIONS.

18 INTERNET SECURITY IS 376 OCTOBER 28, 2014 PAGE 17 MOBILE ADWARE (MADWARE) DEVELOPERS MONETIZE MOBILE APPS BY DISPLAYING ADVERTISEMENTS ON THEM. THEY USE AD LIBRARIES THAT HAVE THE ABILITY TO COLLECT INFORMATION ABOUT THE APP’S USER IN ORDER TO SERVE TARGETED ADVERTISEMENTS. THIS CAN BE ABUSED AND, DEPENDING ON WHICH AD LIBRARY FEATURES THE DEVELOPER CHOOSES TO USE, PERSONAL DATA CAN BE LEAKED THROUGH AN AD LIBRARY. ADDITIONALLY, AN AD LIBRARY CAN EXHIBIT ANNOYING BEHAVIORS SUCH AS DISPLAYING ADS IN THE NOTIFICATION BAR, CREATING AD ICONS, OR CHANGING WEB BROWSER BOOKMARKS.


Download ppt "ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT  2014."

Similar presentations


Ads by Google