Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security for AFCEA

Similar presentations


Presentation on theme: "Cyber Security for AFCEA"— Presentation transcript:

1 Cyber Security for AFCEA
August 14, 2014

2 Cyber Security Cyberspace is a word that began in science fiction literature in the 1980s, was quickly and widely adopted by computer pros and became a household term in the 1990s. During this period, internet usage, networking, and digital communication were all growing dramatically and the term "cyberspace" was able to represent emerging ideas and phenomena. The parent term of cyberspace is "cybernetics,” and is derived from the Ancient Greek kybernismos, kybernesis, meaning "steering, pilotage, guiding,” -- from kybernao "to steer, to drive, to guide, to act as a pilot". NETWORK Cyber is derived from Ancient Greek (kyber), meaning “to steer” – Think: to pilot through the information universe.

3 What is Cyber Security? The U.S. Government defines Cyber Security as “the prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and non-repudiation (NSPD 54/HSPD 23 and the Comprehensive National Cyber Security Initiative). Cyber Security is not just for the computer geeks. These are basic tips that everyone can and should be using. Whether you occasionally send an or “live” online, you will have some sort of digital footprint. As this footprint grows, it’s more likely you will draw the attention of someone who wants to misuse your information. Why do you need this if you already have anti-virus/firewall/security software installed on your computer – and mobile/handheld devices? Having security software installed on your computer is a great start to protecting yourself, but it alone will not keep you safe. True cyber security does not just make use of software and devices, but it also requires a change in how you behave online. Once you start using your digital devices safely, it will quickly become a habit – but a habit for which you will need to remain diligent. When you protect yourself, you protect others by not allowing your own devices to be used for malicious intent.

4 What is Cyber Security to You?
Cyber Security is a set of principles and practices designed to safeguard your computing assets and online information against threats It’s protecting your digital and online presence from being used without your permission. This includes everything from your own computer, tablet and phone to social networks and . As our lives become more dependent and invested in these digital products, it’s essential to keep them secure So, what does it mean? Cyber Security begins with you – as an end-user, you are the first & last line of defense. Therefore, it’s important that you: 1. Create/maintain user-IDs, passwords/passphrases, PIN #’s & Security Q&As 2. Gain knowledge of security guidelines, policies & procedures; stay up to date with cyber news – “Knowledge is Power!” 3. Manage your accounts & passwords 4. Secure your computer 5. Protect the data you handle 6. Assess risky behavior online Cyber Security is not just for the computer geeks. These are basic tips that everyone can and should be using. Whether you occasionally send an or “live” online, you will have some sort of digital footprint. As this footprint grows, it’s more likely you will draw the attention of someone who wants to misuse your information. Why do you need this if you already have anti-virus/firewall/security software installed on your computer – and mobile/handheld devices? Having security software installed on your computer is a great start to protecting yourself, but it alone will not keep you safe. True cyber security does not just make use of software and devices, but it also requires a change in how you behave online. Once you start using your digital devices safely, it will quickly become a habit – but a habit for which you will need to remain diligent. When you protect yourself, you protect others by not allowing your own devices to be used for malicious intent.

5 Cyber Security Begins with YOU

6 Threats Botnet: The term bot is short for robot. Criminals distribute malicious software (also known as malware) that can turn your computer into a bot (also known as a zombie). When this occurs, your computer can perform automated tasks over the Internet, without you knowing it. Criminals typically use bots to infect large numbers of computers. These computers form a network, or a botnet. Criminals use botnets to send out spam messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If your computer becomes part of a botnet, your computer might slow down and you might inadvertently be helping criminals. Some significant dates in computer security hacker history: Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy Różycki broke the Enigma machine code. May: The ILOVEYOU worm, also known as VBS/Loveletter and Love Bug worm, is a computer worm written in VBScript. It infected millions of computers worldwide within a few hours of its release. It is considered to be one of the most damaging worms ever. It originated in the Philippines; made by an AMA Computer College student for his thesis. 2000 – Sep: teenage hacker Jonathan James becomes first juvenile to serve jail time for hacking. The hacker group Anonymous was formed The Hacker group Lulz security is formed Stuxnet (discovered June 2010): The “Stuxnet” worm targeted the centrifuges at the Iranian Natanz uranium-enrichment plant in a clandestine fashion. This Stuxnet blocked the outflow of gas from the cascades of centrifuges, causing pressure to build up and the equipment to become damaged. It even masked the attack by looping 21 seconds of the system's sensor values so that the engineers at the facility wouldn't realize anything was wrong. Until recently, it was believed that the Stuxnet virus simply targeted the centrifuges by causing them to spin too fast and ultimately break. However, it took a more sophisticated, clandestine approach and set them up to fail at a later date, thereby further evading detection. For its targets, Stuxnet contains, among other things, code for a man-in-the-middle attack that fakes industrial process control sensor signals so an infected system does not shut down due to detected abnormal behavior. Such complexity is very unusual for malware. The worm consists of a layered attack against three different systems – Windows OS & Siemens. Shamoon (Aug 2012): The "Shamoon" virus that attacked Saudi Arabia's state oil company, ARAMCO, was probably the most destructive attack the business sector has seen to date, per U.S. Defense Secretary Leon Panetta. The virus is sophisticated and a similar attack days later struck Qatar's natural gas firm, Rasgas. More than 30,000 computers that it infected (at ARAMCO) were rendered useless, and had to be replaced. Shamoon included a routine called a "wiper," coded to self-execute, which replaced crucial system files with an image of a burning U.S. flag. It also overwrote all the real data on the machine with garbage data. While not new, the scale and speed with which it happened was unprecedented. Like other malware, it steals information, taking data from the 'Users', 'Documents and Settings', and 'System32/Drivers' and 'System32/Config' folders on Windows computers. One unusual characteristic, however, is that it can overwrite the master boot record (MBR) on infected machines, effectively rendering them useless. Shamoon uses a two-stage attack. First it infects a computer connected to the internet and turns this into a proxy to communicate back with the malware's command-and-control server. After that, it branches out to other computers on the corporate network, steals information, then executes its payload and wipes the machines. Finally, it communicates this to the external command-and-control server. Resource: Botnet Zombie: Also known as a “bot.” A program that secretly takes over another Internet- attached computer, using that computer to launch attacks that are difficult to trace to the zombie’s creator.

7 Threats - Viruses What is a Computer Virus? A malicious program that can “infect” other programs by modifying them; Modification includes copy of virus program – an infected program can infect other programs. Virus Stages: • Dormant phase: Idle • Propagation phase: Places identical copy of itself into other programs or system areas on the disk. • Triggering phase: Virus activated to perform intended function; Caused by variety of system events. • Execution phase: Malicious function is performed. Types of Viruses: • Parasitic: Attaches itself to executable files and replicates. -- When the infected program is executed, it looks for other executables to infect. • Memory-resident: Lodges in main memory as part of a resident system program -- Once in memory, it infects every program that executes. • Boot sector: Infects boot record (CryptoLocker Ransomware). – Spreads when system is booted from the disk containing the virus. • Stealth: Designed to hide itself from detection by antivirus software May use compression. • Polymorphic: Mutates with every infection, making detection by the “signature” of the virus impossible. Mutation engine creates a random encryption key to encrypt the remainder of the virus. (Key is stored w/virus) Macro Viruses: Platform independent: Most infect Microsoft Word. Infect document, not executable portions of code. Easily spread. Executable program embedded in a word processing document or other type of file. Autoexecuting macros in Word: - -Autoexecute (Executes when Word is started) -- Automacro (Executes when defined event occurs such as opening or closing a document) -- Command macro (Executed when user invokes a command (e.g., File Save)) Smartphone Threats: Cybercriminals (AKA: Threat Actors) know there is big money to be made with so many smart phones in use for online banking, browsing the internet, downloading/sharing files and installing applications (Apps) from various sites like Google Play. Files and Apps can contain threats (malicious code) which can steal your personally identifiable information (PII). Your personal smart phone could be affected. Mobile phones are easy to lose. If you lose an unprotected smartphone, anyone who finds it can access your personal data, as well as information about others, and place calls at your expense until you report the loss to your carrier.

8 Threats - Malware Malware is malicious software – a term used for a variety of hostile or intrusive software. Malware is used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is designed to ‘blend in’ with normal web traffic (making it difficult to detect) It is usually not particularly advanced, but very effective Malware includes computer viruses, ransomware, worms, trojans, rootkits, keyloggers, dialers, spyware, adware, malicious browser objects, rogue security software and other malicious programs; the majority of active malware threats are usually worms or trojans rather than viruses. Malware is different from defective software, which is a legitimate software but contains harmful bugs that were not corrected before release. However, some malware is disguised as genuine software, and may come from an official company website in the form of a useful or attractive program which has the harmful malware embedded in it along with additional tracking software that gathers marketing statistics. Anti-virus SW, anti-malware and firewalls are relied upon by home users, small, large organizations and governments around the globe to safeguard against malware attacks which helps in identifying and preventing further spread of malware in the network. Malware does not just affect Desktops & Laptops – Cyber criminals also target Mobile Devices (Smart Phones) It’s serious criminal offense to create and distribute malware in almost every country across the globe. Many early infectious programs, including the first internet Worm, were written as experiments or pranks. Today, malware is used primarily to steal sensitive information of personal, financial, or business importance by black hat hackers with harmful intentions. Malware is sometimes used broadly against government or corporate websites to gather guarded information, or to disrupt their operation in general. However, malware is often used against individuals to gain personal information such as social security numbers, bank or credit card numbers, and so on. Left unguarded, personal and networked computers can be at considerable risk against these threats. (These are most frequently counter-acted by various types of firewalls, anti-virus software, and network hardware). 2003, the majority of widespread viruses and worms have been designed to take control of users' computers for black-market exploitation. Infected zombie computers are used to send spam, to host contraband data such as child pornography, or to engage in distributed denial-of-service attacks as a form of extortion. Another strictly for-profit category of malware has emerged, called spyware. These programs are designed to monitor users' web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues to the spyware creator. Spyware programs do not spread like viruses; instead they are generally installed by exploiting security holes. They can also be packaged together with user-installed software, such as peer-to-peer applications. Resource: EXTRA: Advanced persistent threat (APT) usually refers to a group, such as a government, with both the capability and the intent to persistently and effectively target a specific entity. The term is commonly used to refer to cyber threats, in particular that of internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information, but applies equally to other threats such as that of traditional espionage or attack. Other recognized attack vectors include infected media, supply chain compromise, and social engineering. An advanced persistent threat (APT) uses multiple phases to break into a network, avoid detection, and harvest valuable information over the long term. Individuals, such as an individual hacker, are not usually referred to as an APT as they rarely have the resources to be both advanced and persistent even if they are intent on gaining access to, or attacking, a specific target. On 18 Feb 2013, The Mandiant Intelligence Center released a report exposing “APT1′s” multi-year, enterprise-scale computer espionage campaign. You can download the report, the appendices and view the video showing APT1 attacker activity at:

9 Threats - Other Trapdoor: Logic Bomb: Trojan Horse: Worms:
Entry point into a program that allows someone who is aware of the trapdoor to gain access. Also used by programmers to debug and test programs: -- Avoids necessary setup and authentication. -- Method to activate program if something wrong with authentication procedure. Logic Bomb: Code embedded in a legitimate program set to “explode” when certain conditions are met: • Presence or absence of certain files. • Particular day of the week. • Particular user running application. Trojan Horse: Useful program that contains hidden code that when invoked performs some unwanted or harmful function. Can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly. Worms: Use network connections to spread from system to system. • Electronic mail facility: -- A worm mails a copy of itself to other systems • Remote execution capability: -- Executes a copy of itself on another system • Remote log-in capability: -- Logs on to a remote system as a user, then uses commands to copy itself from one system to the other. Tips to Combat Viruses, Worms and Trojan Horses on Your Computer: Keep The Operating System Updated: The first step in protecting your computer from any malicious there is to ensure that your operating system (OS) is up-to-date. This is essential if you are running a Microsoft Windows OS. Secondly, you need to have anti-virus software installed on your system and ensure you download updates frequently to ensure your software has the latest fixes for new viruses, worms, and Trojan horses. Additionally, you want to make sure your anti-virus program has the capability to scan and files as they are downloaded from the Internet, and you also need to run full disk scans periodically. This will help prevent malicious programs from even reaching your computer. Use a Firewall - as discussed earlier: A firewall can be either hardware or software. Hardware firewalls provide a strong degree of protection from most forms of attack coming from the outside world and can be purchased as a stand-alone product or in broadband routers. Unfortunately, when battling viruses, worms and Trojans, a hardware firewall may be less effective than a software firewall, as it could possibly ignore embedded worms in out-going s and see this as regular network traffic. For individual home users, the most popular firewall choice is a software firewall. A good software firewall will protect your computer from outside attempts to control or gain access your computer, and usually provides additional protection against the most common Trojan programs or worms. The downside to software firewalls is that they will only protect the computer they are installed on, not a network. Remember - on its own a firewall is not going to rid you of your computer virus problems, but when used in conjunction with regular operating system updates and a good anti-virus scanning software, it will add some extra security and protection for your computer or network.

10 What is APT? APT = Advanced Persistent Threat
Reality: Not always that advanced Only as advanced as they need to be Unlikely to be detected by Anti-Virus (AV) or Intrusion Detection Systems (IDS) Generally assumed to be nation-state or state- sponsored intrusion sets Persistent targeting is the most significant characteristic Unlike opportunistic viruses, worms, and botnets, APT attempts to get and maintain access and retrieve data from a select list of targets, rather than all of the Internet The term “APT” is used because it’s the most commonly used term out there. Other commonly used terms include “Intrusion Sets” or “Nation-state threats” – but we’ll keep using the term APT throughout this lecture because of its convenience. The reality is that a great deal of APT is not that advanced – they’re just as advanced as they need to be to overcome the defenses of the sites that they target. Which means, for most US Government sites, is that they just need to have a recent flash or java exploit available to them, and need to get someone to either open a trojaned document or click on a phishing link. But there are of course exceptions to the “not that advanced” generalization. There are also extremely complex versions of APT that exist, and have caused both US Government and Commercial entities no small amount of trouble. Bottom line – they’ll be as advanced as they need to get the access and information they are targeting. That means that, in general, they don’t have to do that much. The assumption is that APT is either nation-state or state-sponsored activity. This is based on the fact that APT actions on targets tend to be focused more on intelligence (diplomatic, economic, military information) data exfiltration (from both commercial and governmental targets), rather than financial information or data. The persistent targeting of APT is probably its most salient characteristic. Unlike most other security issues coming from outsiders on the Internet (worms, viruses, botnets, web-site defacements), which are generally opportunistic in nature and attempt to exploit those sites/people where they happen to find weaknesses, APT will continually attempt to establish and maintain access to specific target which allow them to exfiltrate data with intelligence value to a nation state. Some of the effects of this persistent, specific targeting is the following: - Its narrow focus means the exploits and techniques used by the APT don’t often make it into commercial IDS or AV signatures – they aren’t widespread enough to get commercial firms’ attention. - If defenses are sufficient to limit the ability of APT to reach its target, they will, over time, upgrade and improve their technology to get it. It is a continual arms race, rather than a matter of simply being better than the surrounding Internet targets.

11 How does APT Gain Access
Extensive reconnaissance Attend same conferences as target; Browse websites to trojanize content; Follow target through social media Spear phishing and Targeted s with Trojans Sources of information on personnel, processes, units, organizations Major SharePoint websites full of PDFs, Office Documents, etc Frequent social media posts Extensive personnel contact information Extensive insight available from FedBizOps Key personnel Design criteria Information on sensitive facilities Malware Other techniques Twitter feeds Google chat MSN messenger * see Mandiant ‘APT1’ report

12 Top 10 Cyber Security Tips
You are an attractive target to hackers. Don’t ever say “It won’t happen to me.” Practice good password management. Use a strong mix of characters, and don’t use the same PW for multiple sites. Don’t share your PW with others, don’t write it down, and definitely don’t write it on a post-it note attached to your monitor. Back up your data regularly, and make sure your anti-virus software is always up to date, install patches ASAP. Never leave your devices unattended. If you need to leave your computer, phone, or tablet for any length of time—no matter how short—lock it up so no one can use it while you’re gone. If you keep sensitive info on a flash (thumb/pony) drive or external hard drive, lock it up as well. Always be careful when clicking on attachments or links in . If unexpected or suspicious for any reason, don’t click on it. Double check the URL of the website the link takes you to: bad actors often take advantage of spelling mistakes to direct you to a harmful site. Can you spot a phony website? Try this Phishing Quiz: Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust. Whether it’s a friend’s phone, a public computer, or a cafe’s free WiFi—your data could be copied or stolen. Be conscientious of what you plug in to your computer. Malware can be spread through infected flash drives, external hard drives, and even smartphones. Watch what you’re sharing on social networks. Criminals can befriend you and easily gain access to a shocking amount of information—where you go to school, where you work, when you’re on vacation, your birth date, address—that could help them gain access to more valuable data. Offline, be wary of social engineering, where someone attempts to gain information from you through manipulation. If someone calls or s you asking for sensitive information, it’s okay to say no. You can always call the company directly to verify credentials before giving out any information. Monitor accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been compromised. Keep a Clean Machine: Keep security software current Automate software updates Protect all devices that connect to the Internet Plug & scan external devices, DVDs, etc Protect Your Personal Information. Secure your devices and accounts w/Passwords Make passwords long and strong Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals. Write it down and keep it safe: Everyone can forget a PW. Keep a list in a secure place away from your computer. Own your online presence: Set privacy/security settings on websites to your comfort level for information sharing. Connect with Care. When in doubt, throw it out Get savvy about Wi‐Fi hotspots Protect your $$. Ensure banking/shopping sites are security enabled with “https://” or “shttp://” Be Web Wise. Stay current. Keep pace with new ways to stay safe online. Think before you act: If it sounds too good to be true, it probably isn’t. Back it up: Protect your op sys, work, music, photos, other digital info by making an electronic copy and storing it safely. Be a Good Online Citizen. Safer for me = more secure for all Post only about others as you have them post about you Help the authorities fight cybercrime: Report it.

13 Passwords Password Security: Your computer password (PW) is your first, last, and best line of defense against damaging intrusions. Without a well-chosen PW or set of PWs, any other security measures protecting your data are essentially useless. Never share your PWs! Avoid creating an insecure password by meeting these requirements: 10+ character minimum. The longer your PW, the more secure. Use a combination of upper and lowercase letters, including special characters such as Don’t use obvious items of personal info (names, birthdates, SS#’s, phone #’s street address, etc). Avoid English words or combos, e.g., “NVCCgirl,” “cooldude,” “kittykat” or “ninjawarrior”. Uses acronyms for unusual phrases that you invent, e.g., “ ~2myuIG-cw! ” which stands for: “ about 2 more years until I Graduate – can’t wait! ” Change it often. Every 90 days is ideal – but at least twice annually. It usually takes a hacker quite some time to crack a long, complex PW. If you change your PW every 90 days, chances of it being cracked are even more slim. When it comes to physical PW security, never record it anywhere close to the computer (on post-its, pull-out trays in desks, inside drawers, under shelves, etc.) Have a lot of PWs? You may wish to use a secure Password Manager.* Most systems have one * (Check out the one on your Smart phone) Passwords = most essential forms of cyber security If you're using a Password (PW) - there must be something worth protecting, make this protection a good one. What are Passwords? Passwords, partnered with a username, is your picture ID for computers and the internet. They help prove you are you when unlocking devices or accessing your data. Imagine if your bank did not require an ID when accessing your banking information. Anyone who was aware you had an account with that bank could walk right in and pretend to be you. Same thing would happen without passwords, except now anyone in the world could access your bank records. How do passwords work? Passwords work by letting you and a computer share a secret to prove who you are in the future. The first time you log into a social, , or banking site, they had you create a password. This password is stored on their servers so that they can identify you next time you log in. The only downside of this is that if anyone learns your password, they can fully impersonate you at the site. Never use common words – of any language. Mix characters , #’s & symbols (if allowed) in a way that is memorable to you. The idea is to basically not use any kind of information that may be linked with you directly. Always use different passwords for accounts that involve monetary transactions. The only thing worse than having one account cracked into would be to have all of your accounts cracked into. (Google: Yahoo Mail attack Jan 2014) Do not have your browser store passwords and log-in credentials - especially important if using a shared computer (and one YOU do not own personally). Technological shortcuts, like Password Manager software, are available. Whatever method you choose, keep in mind that passwords are vital in protecting your computer and your various accounts from unauthorized access. Resources: Password Manager Review: Should I Change My Password? https://shouldichangemypassword.com/all-sources.php

14 Anti-Virus What is anti-virus software?
Picture an alarm system on a house. Anti-virus (AV), like an alarm, protects your system against known threats, and alerts you when one of these threats enters your computer. However, just like an alarm, this doesn’t make you invulnerable to attacks. There are times when it may detect the threats too late or the threats may bypass it altogether. Overall though, it is a great way to help secure your computer with little work required from you. How does anti-virus work? Most common - automatically scheduled scans. These scans look at each individual file on your computer and compare them against a known signature. If the file, or part of the file, matches a signature, the AV software (SW) alerts the user and will attempt to quarantine the file. Outside of scheduled scans, some AV SW also supports active scanning. With active scanning, files are compared against the same set of signatures every time the file is accessed. This allows the antivirus to check files in-between the scheduled scans. Where do I get anti-virus? Good AV may seem expensive, but there are a lot of ways to get it for free. Many workplaces and educational institutions offer employees and students free AV SW for home use. Contact your work/school IT helpdesk. Many internet providers/cable companies offer AV as part of your subscription. Not available? Symantec Norton 360 or McAfee programs are among the most popular Free anti virus for home use: https://www.acert.1stiocmd.army.mil/Antivirus/Home_Use.htm AV is for: - Detection Identification Removal What is a Virus Signature? A unique string of bits, or the binary pattern, of a virus. The virus signature is like a fingerprint, in that it can be used to detect and identify specific viruses. Anti-virus software uses the virus signature to scan for the presence of malicious code. There are many variants and forms of electronic malware and Internet-based threats, and many forms of protection. Signature-based detection remains a core technique in AV controls of packages and suites that work to protect a user’s system today. How does signature-based detection work? By scanning the contents of computer files and cross-referencing their contents with the “code signatures” belonging to known viruses. A library of known code signatures is updated and refreshed constantly by the AV SW vendor. If a viral signature is detected, the SW acts to protect the user’s system from damage. Suspected files are typically quarantined and/or encrypted in order to render them inoperable and useless. There will always be new and emerging viruses with unique code signatures. The AV SW vendor works constantly to assess and assimilate new signature-based detection data as it becomes available, often in real time so that updates can be pushed out to users immediately and zero-day vulnerabilities can be avoided. Next-gen signature-based detection New variants of computer viruses are developed every day and security companies work to protect users from malware that attempts to disguise itself from traditional signature-based detection. Virus authors have tried to avoid their malicious code being detected by writing “oligomorphic“, “polymorphic” and more recently “metamorphic” viruses with signatures that are either disguised or changed from those that might be held in a signature directory. Oligo- indicating a “few,” “little,” or “scant”. -- An oligomorphic engine is generally used by a computer virus to generate a decryptor for itself. It does this by randomly selecting each piece of the decryptor from several predefined alternatives. The pieces used to build the decryptor are usually too common to be detected with signatures. Most oligomorphic viruses aren't able to generate more than just a few 100 different decryptors, so detecting them with simple signatures is still possible. Poly = many. -- Polymorphic code mutates while keeping the original algorithm intact, so the code changes itself each time it runs, but the function of the code will not change at all (e.g., 1+3 and 6-2 both achieve the same result (“4”) while using different code. Sometimes used by computer viruses, shellcodes and computer worms to hide their presence. Meta = abstraction from one concept to another. Morph = To transform (an image) by computer. Metamorphosis = a conspicuous, relatively abrupt physical change in body structure through cell growth and differentiation. Think Caterpillar to butterfly. -- Metamorphic code outputs a logical equivalent version of its own code under some interpretation. Used by viruses to avoid pattern recognition of AV software. Metamorphic code is used by some viruses when they are about to infect new files, so the next generation will never look like current generation. Mutated code will do exactly the same thing; where the children's binary representation will typically be completely different from the parent's.

15 Patching & Security Updates
Evolving Threats: Viruses aren't the only type of hazard. Security attacks continue to surface in myriad other ways. Many of you now use broadband to remain online full time. Hackers love to target "always-on" users, and are continually developing new ways to infiltrate well-connected home computers. Turn your system off when not in use. Security Updates Are Vital: Security SW is only as good as the intel available at the time of development. Virus writers, hackers and other “bad guys” are constantly coming up with new attack modes. Stay alert! Evolving Protections: As threats evolve, so do anti-threat technologies. However, the latest technology and intel have to make their way from the development lab to your desktop. That's where program updates come into play. Patching & Automatic Updates: The maker of your operating system (OS) (e.g., Microsoft or Mac) develops system updates on a regular basis. A patch can be an upgrade (adding increased features), a bug fix, a new hardware driver or update to address issues such as security, basic functionality or stability problems. Along with your Anti-Virus SW, ensure you have an Internet Security program to retrieve the latest spam definitions and Web filter updates. Up-to-date spam definitions help thwart unsolicited advertising schemes, and Web filter updates help prevent your children from stumbling across websites with inappropriate content. Do your part: Make it a habit to check your provider’s website for security advisories; take advantage of the Live or Automatic Updates. Configure SW to alert you when critical updates are available, set it to run automatically on a predefined schedule. Defend your computer at ALL Times. Keep all software (including your web browser) current with Automatic Updates. If you have Microsoft Windows Operating System (OS): - Patching and Automatic Updates w/Microsoft Security Essentials: For Windows OS, use Microsoft (MS) Security Essentials to help guard against viruses, spyware, and other malicious software. It provides real-time protection for your home or small business PCs. Microsoft Security Essentials is free and MS designed it to be simple to install and easy to use. It runs quietly and efficiently in the background so you don't have to worry about interruptions or making updates. - Key MS Windows Features : Comprehensive malware protection Supports Windows 7, Vista, and XP (XP soon to be obsolete – get a new system or upgrade your Operating system ASAP) Available in 33 languages Simple, free download Protects you quietly in the background Automatic updates – be sure to set this up ASAP. - Get security updates automatically: Turn on automatic updating in Control Panel Pay attention to Windows Update warnings When you turn on automatic updating, most updates will download and install on their own. Sometimes Windows Update will need your input during an installation. In this case, you'll see an alert in the notification area at the far right of the taskbar—be sure to click it. Check out these links: MAC/Apple Security Updates: Symantec Norton 360: McAfee: Check for updates to your OS and Security SW at least once a week to safely stay ahead of the curve.

16 Firewalls What is a firewall? Why do I need a firewall?
Picture a series of doors on the outside of a house. Doors allow those who live inside to come and go as they please while preventing intruders from entering. A firewall is the “door” to your computer or network. The firewall looks at people (systems) trying to connect to your computer and decides whether to let them in or keep them out. Without the firewall, anyone could come into your computer w/out your permission. Why do I need a firewall? If your house had no doors, you’d have no privacy, and all your belongings would be at the risk of those who walk through your house. Without anything to block incoming connections from unauthorized computers, everyone could take your files and watch what you do on the computer. How does a firewall work? A firewall looks at all the connections coming and going from your computer, and decides whether to allow them through or to block them. How? By looking at a list of rules called an Access Control List (ACL). The ACL is like a list a bouncer would have at a club so he would know who to let in and who to keep out. If a computer trying to access yours is on the list, it’s allowed through. Otherwise, the computer is blocked before it even gets a peek at what is going on inside. Where do I get a firewall? Some computers already have a firewall installed when you buy them – but check. You may also see some “premium” options offered as part of security SW and AV packages. An Access Control List (ACL), with respect to a computer file system, is a list of permissions attached to an object; the list informs a computer's operating system which permissions each user or group has to a specific system object, such as a directory or file. Each object has a unique security attribute that identifies which users have access to it, and the ACL is a list of each object and user access privileges (what operations are allowed) such as read, write or execute. Each entry in a typical ACL specifies a subject and an operation. For instance, if a file has an ACL that contains (Alice, delete), this would give Alice permission to delete the file. Other common terms and tools: Gateway router - These routers connect the org’s network to outside networks and provide initial security functionality through the limited use of stateless Access Control Lists (ACLs). They are configured to block out unnecessary traffic by blocking observed hostile networks/hosts, by blocking a limited number of prohibited ports/protocols, by blocking unused/reserved IP address space, and by enforcing IP address spoofing protection. Gateway IDS- The gateway IDS systems monitors all traffic into the org from outside the firewalls in order to detect attacks directed at the command. Gateway firewall - Traffic passes thru these devices which are focused mainly on controlling ingress traffic in a deny-all permit by exception DAPE configuration. The firewalls also implement limited protocol inspection, protocol protection, minimal intrusion prevention protection, and interface with the web filtering engine. This also controls egress traffic by port and/or destination. VPN gateway- These devices allow users on external networks to authenticate and use the org’s resources via an encrypted virtual private network (VPN), either through clientless Secure Socket Layer (SSL)-based interfaces, clients installed on individual systems, or through LAN-2-LAN connections. These clients are typically teleworkers, small, remote field offices, or the org’s staff located on external networks. Firewall: Ensure you never turn it off, no matter ‘who’ comes knocking.

17 Physical Security Even the most secure password or online safety measures can be compromised if you step away from your computer while logged in. Make sure that you always limit incidental (other’s) access to your machine: log off or lock your computer when you leave your desk or the room and lock your room or office. While all computers are valuable to those looking to commit digital crimes, never forget that your computer equipment is also a target for theft. If you can, lock your laptop and any other easily portable equipment to a desk or other hefty object using a security cable (available in most college Student Stores). Keeping your computer and information safe using encryption software, antivirus, antispyware and a firewall are vital. However, it’s far too easy for someone to simply walk away with your computer. Physical security is easy and inexpensive, considering the peace of mind that it brings. Computer physical security is a methodology for safeguarding computer systems, peripherals and all assets that form these systems. It is as important as data protection (which, as you know is usually implemented through antivirus, firewall and encryption software applications). Unfortunately, most home computer users have their PCs sitting on a desk, powered up and unlocked. Or they leave their precious $2000 laptop sitting on the kitchen table, easily within view of anyone passing by a window. It would only take a thief a matter of a few seconds to smash that window, enter the house and walk away with that expensive laptop. In addition, they would now have access to all of the personal information and financial data, which could be used to steal a person’s identity. The cost to repair this damage goes way beyond the price of a window and a laptop. Protect Your Lifelines A typical household computer system usually consists of a few computers, a cable modem, a router and network cabling running throughout the home. When you use network cabling, make sure the wires are properly hidden against the wall to prevent anyone from tripping on them and causing damage. If you use wireless networking, make sure to use the most current encryption technology, with a strong password to secure the router. Lastly, keep the modem and router out of reach of small children, and out of common areas.

18 Bad Physical Security Compliance: Is there a lock installed? Yes
Is it locked? Yes Is the key in a secure place? Yes Is the lock-secure report submitted and signed? Yes All answers---- YES- Therefore --- Compliant

19 Backup, Backup, Backup!!! A cheap way to avoid an expensive disaster How much is it to buy a backup drive? About $ Backup software? Usually included or $30 or less. Not losing your data? Priceless. How do I backup my computer? We store our digital lives online - photos, music, movies, much more. Backing up is making a copy of data and/or program files and keeping that copy in a safe, separate place. If you can’t retrieve or lose access to your data, you can recover it from a backup source copied elsewhere. 3 most common causes of data loss: Malware, hard drive failure & accidental deletion. Backups typically take 1 of 2 forms: Copying your data. If you copy pictures from your digital camera and burn those images to a CD for safe- keeping, you’ve backed them up. Similarly, if you regularly take the contents of your “My Documents” folder tree and copy it to another machine or burn it to CD, you’ve backed up those files. They’re safely stored in another location in addition to the original. Imaging your system. This makes a copy of everything; your data, SW programs, settings – even the operating system itself. Both types of backups share a common characteristic. Whatever you backup, do so by a) making a copy, and then b) placing that copy somewhere else. If your data is in only one place, there are no copies of that data, and you’re not backed up. Find an appropriate storage device capable of storing all of the data you need to backup - at least twice the size of the hard drive. An external hard drive is the best - or backup to the cloud. (A partition on the same computer is less safe - the system remains susceptible to viruses and hard drive failure. If your computer is stolen – so is your backup. * Check out Symantec’s Norton and Carbonite Typical Backup systems: Windows Backup/Restore Time Machine (Mac Users) Network Attached Storage (NAS) External hard drives with backup software Online options DVD/CD/Blu-ray USB flash drives RAID - Redundant Array of Inexpensive Disks Most programs come with relatively simple instructions to set up the most common types of backups for average users. Research it on line and head down to your local Best Buy or Computer store (even Wal-Mart) and see what they have to offer/suggest. Costco, BJ’s, Amazon and many online sources are available for very low prices these days. Note: I also send a copy of any important file to myself as an attachment. The address is accessible from just about anywhere.) Solutions like Carbonite Automatic backup run continually in the background, protecting new and changed files whenever your computer is connected to the Internet. This will not protect you from everything (like a house fire), but it will protect against the most common causes of data loss. If your hard disk dies, you can restore files and perhaps the entire system from your backup. If you happen to – oops! – delete a file by accident, then as long as it was there when the most recent backup was taken, you can restore it quickly and easily. If malware is on your system, you can restore your system from a backup taken prior to the infection. Resources - Check out:

20 Phishing Awareness Phishing is an online con game by tech-savvy con artists and identity thieves. They use malicious web sites, and instant messages to trick people into divulging sensitive information, such as bank and credit card accounts. Phishers attempt to gain personal by employing social engineering techniques. s are crafted to appear as if sent from a legitimate organization or known individual. These s attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. (Or to open an attachment that will launch malware.) The user may be asked to provide personal data, such as account usernames and PWs, that can further expose them to future compromises. Fraudulent websites may also contain malicious code. ALWAYS check the website BEFORE CLICKING in any you receive. Be wary of every attachment you receive – THINK: Do you REALLY need to view/open it? Is it vital? Beware of scams. Don't respond to , instant messages, texts or calls asking for your PW. Never disclose your PW to anyone, even if solicited by what looks like a familiar organization. Malicious links can infect your computer or take you to web pages designed to steal your data. Only click on links from trusted sources. Never click on a mystery link unless you have a way to independently verify it’s safe. This includes tiny URLs – like the one’s found in Twitter. -- US CERT: -- NORTON: ALWAYS check the website BEFORE CLICKING in any you receive: EXAMPLES: REAL SITE: https://www.navyfederal.org/ (DO NOT CLICK ON THESE): SCAM “ " SCAM SITE: " nfcu-onlne.org " is NOT a real site " SCAM SITE: " https://myaccounts.navyfcu.org/cgi-bin/ifsewwwc?Logon " - THIS IS NOT A REAL SITE - DESPITE THE ‘HTTPS’ Look at the KEY web site before clicking on any link you ever receive - this is located after the first two back slashes and before the first single backslash: SCAM SITE: " https://myaccounts.navyfederal.org/ " - is NOT A REAL SITE! REAL SITE: “ https://www.navyfederal.org/ “ The PAGE (i.e., accounts) would be AFTER the site backslash, if it were a real page on the real site, like this: https://www.navyfederal.org/accounts.php (Example only) SUPER TIP: If you are so curious, you cannot control yourself, do a PREVIEW of the site by typing in " preview. " before the web site given like this: EXAMPLE: or Also: GOOGLE HAS A SAFE BROWSING DIAGNOSTIC TOOL. To use the tool, just append a URL (copy and paste the suspected site address) to the end of this link: " “ What To Do: If you receive anything from your bank telling you to click on a link because you have been locked out or to verify your account, STOP, THINK and do NOT click on any link or attachment. 1) Go directly to YOUR BANK's WEBSITE via the URL (website domain address) you KNOW in a new browser screen and check your account. 2) If any problems, CALL YOUR BANK. A bank would NEVER send an like this. 3) Then, IMMEDIATELY DELETE THE and DELETE it from your TRASH BIN. ARTICLE: Simulated Attacks Show C-Level Executives Can Make Easy Targets for Spear-Phishers https://blog.cyveillance.com/general-cyberintel/simulated-attacks-show-c-level-executives-can-make-easy-targets-for-spear-phishers#more-2417 The first recorded use of the term "phishing" was made in 1995 by Jason Shannon of AST Computers. The term is a variant of fishing, and alludes to "baits" used in hopes that the potential victim will "bite" by clicking a malicious link or opening a malicious attachment, in which case their financial information and passwords may then be stolen. The first recorded mention of the term "phishing" is found in the hacking tool, which included a function for stealing the passwords or financial details of America Online users. Resource:

21 Phishing Awareness Note:
Password reset sites are almost ALWAYS https - for Adobe it is actually: https://www.adobe.com/account/account-information.html While the main site is once you log in, EVERY PAGE’s IP address begins with https - NOT http – the ‘s’ means its secure.

22 Safer Surfing & Email Guidance
Web Vigilance — Trust No One: Protect your personal privacy, remain forever vigilant and protective of your PW and other personal info. Hackers look for computers that are easy to crack and can be used for their own purposes. Strong PWs reduce the risk of getting hacked. Hackers will always choose a machine without a PW first, because it is far easier to get into. Do not allow a program to run on your computer unless you completely trust its source. Never give out your credit card #’s, social security #, or any personal info on an unfamiliar site or site that isn’t secured by Secure Socket Layer (SSL) encryption. Look for the lock icon in your web browser. Identity Theft is big business – don’t let them get into yours. Concerns: Never open attachments sent by a stranger. Be wary of those sent by family & friends, too. Avoid opening any attachment if it’s simply “funny” or entertaining. Don’t forward them, either. Think: Is this info VITAL for you to view, or for others to read/have for their own benefit? If so, copy and paste the data into the body of the – or give a good explanation re what the link or attachment is about. If not, save your own time and don’t waste theirs – don’t send! These kinds of attachments frequently double as a Trojan horse: a program that will distract you (or simply become invisible) while another computer user gains control of your computer. Create a separate web-based free account to receive newsletters, junk mail and other unimportant . Never respond to unsolicited , because doing so may confirm your existence to a SPAM-mail provider. Social Networking Safety: BE SMART about what you post & text. The world does NOT need to know where you are and what you are doing at all times. AFTER you‘ve done something, perhaps post it – yet, be wary of the pattern footprint you are setting. Q: What’s the difference between https protocol and SSL Certificate that we use in web browser? A: Two pieces of one solution: - HTTPS is the protocol that defines how the client and server are going to negotiate a secure connection. - The SSL Certificate is the document that they will use to agree upon the servers authenticity. HTTPS is HTTP (HyperText Transfer Protocol) plus SSL (Secure Socket Layer). You need a certificate to use any protocol that uses SSL. SSL allows arbitrary protocols to be communicated securely. It enables clients to: a) verify that they are indeed communicating with the server they expect and not a man-in-the-middle and, b) encrypt the network traffic so that parties other than the client and server cannot see the communication. An SSL certificate contains a public key and certificate issuer. Not only can clients use the certificate to communicate with a server, clients can verify that the certificate was cryptographically signed by an official Certificate Authority. For example, if your browser trusts the VeriSign Certificate Authority, and VeriSign signs my SSL certificate, your browser will inherently trust my SSL certificate. Good reading here: Visit Adam Langley's blog: https://www.imperialviolet.org/2012/07/19/hope9talk.html

23 See Session Hacking in Backup slides
WiFi Hotspots Coffee, Tea, Stolen ID? WiFi HotSpots – Beware: Free WiFi hotspots are provide access to the internet in airports, coffee shops, supermarkets, hotels, book stores, etc. Here, you may be putting your personal information at risk. Hackers can set up a fake WiFi hotspot and just wait for an unsuspecting person to attach to it so they can gather data. What You Can Do: Access only encrypted websites while on public hotspots. Look for ‘https’ at the beginning of a web address. Read tips on using public WiFi: Ensure Wi-Fi is disabled when not in use. Read Daniel Berg’s “9 Tips to Stay Safe on Public WiFi” for Laptops: EXAMPLE: Your bank calls you to verify your recent $750 bill at an out-of-state Taco Bell, but you haven’t left town in weeks. You quickly contest the charge and request a new credit card, but when you check your wallet the compromised card is still there. You try to think of shady ATMs or recent cashiers, but nothing comes to mind. Nothing, except the online purchase you made while browsing the Internet at your local coffee shop. The number of free public WiFi hotspots is growing, but not every hotspot can provide the protection of a private home network. Your notebook, tablet or smartphone’s default settings and firewalls may not be enough to keep you safe from prying eyes while on the go. If you want to keep your information and files secure, read these essential tips for protecting yourself when you’re away from home. 1. Turn Off Sharing. 2. Get a VPN (Virtual Private Network) - One VPN provider is Private Internet Access, which costs ~$7-9 monthly and allows for unlimited bandwidth and multiple exit points, which will let you choose which country your network traffic is routed through. 3. Avoid Automatically Connecting to WiFi Hotspots. 4. Use HTTPS – secure sites if possible. 5. Use Two-Factor Authentication - Two-factor authentication means you need two pieces of information to log into an account: One is something you know and the other is something you have. Most often this takes the form of a password and a code sent to your mobile phone. We all use logins and passwords. That's something we know. When we enter the code from the keyfob, we've added something we have to the mix. That's two factor authentication, and it increases security dramatically. (See ** You will probably be tested on this phrase – remember it. 6. Confirm the Network Name & login info w/shop owner/staff. 7. Protect Your Passwords & change them often (I cannot repeat this enough!) 8. Turn on Your Firewall – (It should be ON already) On a Windows notebook, locate your firewall settings in the Control Panel under System And Security. Click on Windows Firewall, then click Turn Windows Firewall On. Enter your administrator password, then verify that the Windows Firewall is on. These settings are in System Preferences, then Security & Privacy on a Mac. Navigate to the Firewall tab and click Turn On Firewall. If these settings are grayed out, click the padlock icon in the lower left, enter your password, then follow these steps again. 9. Run Anti-Virus Software - Always running up-to-date anti-virus software can help provide the first alert if your system has been compromised while connected to an unsecured network. Turn it on and have it running in the background while you are working there. Check it again when you return home or to a secure network to be extra safe. See Session Hacking in Backup slides

24 Security Tips for Smart Phones
Lost/Stolen Smart phone: Immediately contact your service provider (e.g., T-Mobile, AT&T, Sprint). Keep your provider phone # in your wallet, in your car and in your home for ease of access. Wiping Contents: Settings should be set to wipe or remove contents after 10 unsuccessful login attempts; this ensures protection of data, should it fall into the wrong hands. Check if remote wiping is available. Note: remote wiping will often NOT wipe the SDRAM chip on the smart phone. Passwords: Use a strong PIN, password, or passphrase to protect the contents. Use Caps, small case and special keys in all your PWs; and use data encryption if supported. Disposal: Erase all personal information securely and remove the SIM card and Memory card (if one) before returning it to your service provider, giving it to another, or disposing of it. Updates: Ensure both your operating system and applications are up to date to help protect against known threats. and the Web: Use SSL encryption (https://) for browsing and webmail when possible. These services entail the same threats on a smartphone as they do on any computer, including phishing attacks, malicious websites, infected attachments, and scams. If you receive an that sounds too good to be true or looks suspicious, do not respond to it or click on any embedded links it contains. Limit your browsing to well-known and trusted websites. Ten Physical Security Tips for Mobile Devices: 1. Never leave your mobile device unattended. Even if you only plan to be away from your device for less than a minute, that is still plenty of time for an opportunistic thief to run off with it. If you are in a public place, it is best to take small devices such as smartphones into the restroom with you by keeping it in your purse or pocket. Keep devices in a locked drawer at work. 2. Be inconspicuous with your device. This is especially true if you have a newly released or fairly expensive device. You never know who may be watching you in a public place. Don’t’ make it attractive to thieves. If you do need to check something on a device, be aware of any prying eyes that may be able to see the device’s screen. 3. Label your device in case it is lost. Put a sticker or other type of label with your name or contact information on your device so anyone who finds it can return it. A label allows someone to find out who owns the device, even if the battery dies. 4. Set the screen timeout to a short period of time. A lengthy screen timeout time (or no timeout at all) allows others to pick up the device and use it if the device is either lost or away from its user for a period of time. This can also prevent inadvertent or accidental loss of data, such as if children find the device and assume it is a toy. 5. Use passwords to unlock your device or any important documents. PWs, passcodes, and PINs for devices are generally simple and effective. For PINs, use a code that is four digits or longer, and avoid repeating digits. Some devices that allow users to set unlock patterns that function like a PIN. If you choose to use a pattern, make sure no one can see your screen before using the pattern. FYI: smudges on the face of your device may reveal your pattern to unauthorized users. 6. Do not use the “auto-fill” feature for passwords. The “auto-fill” feature may save you time for PWs, but will nullify any password protection you may have should an unauthorized user pick up your device. 7. Delete documents you no longer need. If you are no longer using a document, especially if it is sensitive, delete it from your device. No one can steal a document that is not there. Keep only really needed documents. 8. Backup important files. This applies to any important files, not just ones on mobile devices. However, mobile devices have a higher risk of loss or damage than desktop or laptop computers due to their size. 9. Consider a lock or alarm if sensitive data is on your device. If it is absolutely necessary for you to store sensitive data on your device, there are physical devices like cable locks that can deter theft. Users can also install tracking software, such as Prey for Android devices and Find My iPhone or Undercover for Apple. These programs can track or locate lost or stolen devices in real time. 10. Enable remote device wipe/remote recovery. If your device is corporate-issued and it is lost or stolen, immediately contact your IT Dept so they can begin remote recovery, and lock down the device. If it’s your personal device and you have remote recovery services from your provider or device mftr, follow that procedure immediately. Some programs, such as Find my iPhone, allow you to do a remote wipe yourself. If you don’t have any recovery or wipe mechanisms, contact your service provider ASAP so they can at least immobilize the device. If you have remote device wipe enabled, make sure you back up your files regularly.

25 Security Tips for Smart Phones (Continued)
Wireless Networks: Your smartphone may connect automatically to wireless networks without your knowledge. If connected to a public Wi-Fi hotspot, it's probably also being used by other people; someone could eavesdrop on your connection. Keep optional network connections (e.g., WiFi and Bluetooth) turned OFF except when specifically using them. Applications (Apps): Install only needed Apps and ensure obtained from a vendor that has vetted it (like Samsung, Blackberry or Apple’s iPhone App Stores). You risk creating potential vulnerabilities by installing software (SW), and installing a malicious backdoor utilized by hackers to appear as a legitimate App, which sends sensitive info (e.g., SS#, credit card info, UserIDs/PWs, etc) while appearing to function normally. Don’t rush to install a new App. Wait until it has established a good reputation. Documentation: Read the documentation and terms of service for each App before you install it. Apps often require you to grant permission to the vendor to collect, use, and sell personal info - about you, device usage, and your geographic location. Don’t give them access to your Contacts! Posting Images to Facebook & Social Networks: Smart phones use geo-tagging, which tags photos with the time, date and GPS latitude and longitude. Change social-networking settings to PRIVATE so only people you invite into your network can see your photos, etc. Restrict privacy and info to friends. Turn off GPS settings on your smart phone's camera to prevent it from capturing location info. Remember, Photos you travel over the Web as well. Summary: BE AWARE of potential risks. Take caution when searching the Internet, opening s from unknown sources, on social networking sites like Facebook, Pintrist & Twitter, and clicking on links and opening attachments. Social Networking Security: Thieves could see that nice new motorcycle parked out front in the yard or that nice new plasma screen TV in the living room; worse yet, people could see where your child is at certain times of day or exactly where in a park your child goes to at daycare. Change your social-networking settings to private so only people you invite into your network can see your photos. It will take a bit of practice to find all the right settings with Facebook and some other sites, and plenty of users forget to take the time to check their privacy settings. Restricting privacy and information to friends can be critically important. HUMOR: See SouthPark’s episode when Kyle downloads the last Apple iTunes update – without reading the User Agreement of Terms & Conditions: (WARNING EXPLICIT LANGUAGE – not for show in class)

26 Additional Information
Links of Interest: Glossary of Key Information Security Terms How to Fix a Malware Infected Computer How to Clean An Infected Computer How to Know If Your Computer Is Infected Learn to Write Code – Computer Science - Free tutorials for Beginners! - and - US Department of Homeland Security – Stop. Think. Connect - and - Remember: ALWAYS practice safe computing!

27 Questions?

28 Back-Up Slides Additional Threats

29 Threats – New & Insidious (1 of 5)
Incident - Target: In Nov 2013, a group of Eastern European hackers entered Target’s network through a digital gateway, discovering that Target’s systems were astonishingly open, lacking virtual walls and motion detectors found in secure networks. ~110 million customers were affected. ~40 million at US stores had credit and debit card data stolen; hackers also lifted personal information - including names, addresses, addresses and phone #s -- for ~70 million.) Protecting Personally Identifiable Information (PII) is vital for your self - and especially at work. Be vigilant and on guard about protecting your own personal information and protecting your work site user data. Incident - Yahoo: Yahoo Mail was hacked – again – in January The number of accounts compromised is unknown. Attackers gained access through a third-party database outside of Yahoo control. Hacks happen, but If you've followed basic security practices and aren’t using the same login credentials for multiple sites and services, only your Yahoo account should be at risk. Change log-in credentials for any account that may share your Yahoo password, particularly if they use their Yahoo as their login. Also if you use a similar address as the username - it’s not a big leap for hackers to think you may be both and Lookout for spam as well. Use strong PWs, different for each account. -- Remember, cyber security begins with you. Be vigilant and on guard about protecting your own personal information. Check bank statements regularly, especially for small charges -- a few pennies, perhaps -- that may represent a thief checking to see if the account is still active. If this has happened to you, expect to get fake phone calls, s and letters in the mail asking for your personal information and telling you to click on links. Don't do it, even if it looks official. Instead, go directly to the source. If a person calls you, claims to be with your bank and says you've been affected by the Target hack, hang up. Then call the bank number on your credit card to resolve the issue. If you get an that seems official, don't click on any links. If it claims to be your bank or anyone else, ignore the and go straight to the Target website. Type in the address yourself. Ditto with paper mail scams. Don't answer them. Criminals are now armed with even more information. If they have your and credit or debit card information, they could pose as you on certain websites.

30 Threats – New & Insidious (2 of 5)
SQL Injection: Databases using structured query language (SQL) rely on specially formatted queries to locate and return requested data. Human or automated attackers can send requests that exploit the database's internal codes to alter the query as it's processed. This year alone, SQL injection was the culprit behind a number of notorious security breaches, such as hacker group LulzSec's alleged theft of data from the Sony Pictures server. Once again, the solution to this problem isn't in the user's hands. Well-designed software avoids the problem by weeding out any queries that don't meet strict standards. Those who create and maintain database apps are advised to "use whitelisting, not blacklisting," letting only specific data through instead of keeping only specific data out. That way previously unseen SQL injections won't get through. Fake Tech-Support Calls: You might get an unsolicited phone call from a tech-support representative claiming to be from Microsoft or another big-name IT corporation. But the caller won't be who he claims to be. After warning you that "suspicious activity" has been detected on your computer, he'll offer to help once you give him the personal information he requires to get his job done. That job isn't fixing your computer. In fact, he's really just after your personal information. If you receive a call like this, hang up, call the company the bogus technician claimed to be from, and report the incident to a legitimate representative. If there really is a problem, they'll be able to tell you; if not, you just thwarted a data thief.

31 Threats – New & Insidious (3 of 5)
Fraudulent SSL Certificates: A Secure Sockets Layer (SSL) certificate reassures your browser that the site you've connected to is what it says it is. If you're looking at "HTTPS" instead of plain old "HTTP," you know there's security involved, such as when you log in to your bank account or pay your phone bill. The most trusted SSL certificates are issued by designated Certification Authorities worldwide. What happens if that trust between browser and website is exploited? Acquiring or creating fake SSL certificates is unlawful, but happens often enough that we need to be aware of it. On multiple occasions in 2011, the discovery of false certificates suggested an attempt to spy on Iranian citizens as they used Gmail and Google Docs. According security firm F-Secure, foreign governments are using these techniques to monitor local dissidents. Banking Trojans: A Trojan is malicious software that disguises itself as innocent program, counting on you to download or install it into your system so it can secretly accomplish its malicious tasks. The infamous ZeuS Trojan and its rival SpyEye take advantage of security holes in your Internet browser to "piggyback" on your session when you log in to your bank's website. These monsters are in the Ivy League of computer malware; they avoid fraud detection using caution, calculating inconspicuous amounts of money to transfer out of your account based on your balance and transaction history. Financial institutions continue to increase layers of security involved in large transactions, such as requiring confirmation through "out-of-band" communications. Mobile device digital crooks have lost no time adapting to the changes. Banking Trojans are able to change the mobile number tied to your account and intercept that confirmation request. Be careful what and from where you download.

32 Threats – New & Insidious (4 of 5)
DNS Redirection: Internet service providers (ISPs) such as Time Warner Cable claim they're trying to help with DNS redirection, but the reality seems to come down to money. Domain Name System (DNS) redirection overrides your browser's normal behavior when you can't reach a webpage. Instead of displaying the normal 404 "File Not Found" error, the ISP sends you to a page of the ISP's choosing usually a page full of paid advertising and links. Innocent though that practice may be, computer viruses can do the same thing, redirecting your browser to a hostile page the first time you misspell a domain. With ISPs, you can opt out of their DNS redirection (you'll find links below all the ads); with viruses, stay on your toes. Make sure you know what your browser's default 404 page looks like, and take action if you see anything different. Open DNS Resolvers: Another danger lies in the way some DNS servers are configured. An "open resolver" can offer information it isn't authorized to provide. Not only are open resolvers exploited in distributed denial-of-service (DDoS) attacks , but an attacker can "poison" the DNS cache, providing false information and incorrect resolutions that must be detected to be corrected. If your browser trips over a case of cache poisoning, the agents in charge of a hostile server can glean detailed information about your system especially if you're in the middle of an important transaction. How can typical users solve this dilemma? The chilling answer: They can't. It's up to Internet service providers to address the problem. (DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) name server’s cache database, causing the name server to return an incorrect IP address, diverting traffic to another computer (often the attacker's).

33 Threats – New & Insidious (5 of 5)
Disguised Filenames: Modern operating systems accommodate speakers of languages such as Arabic and Hebrew by featuring codes which can reverse the direction of type to display such languages correctly: written right-to-left instead of left-to-right. Unfortunately, these "RTL" and "LTR" commands are special Unicode characters that can be included in any text, including filenames and extensions. Exploiting this fact, a malware purveyor can disguise ".exe" files as other files with different extensions. Your operating system will display the "disguised" name, though it still treats the file as an executable launching it will run the program and infect your computer. Practice caution with any and all files from unknown sources. Man-in-the-Middle Attacks: While you're still sipping your latte on that unsecured network, even your encrypted messages may not be all that safe. A Man-in-the-Middle (MTM) attack occurs when an attacker intercepts communications and proceeds to "relay" messages back and forth between the lawful parties. While the messaging parties believe their two-way conversation is private, and might even use a private encryption key, every message is re-routed through the attacker, who can alter the content before sending it on to the intended recipient. The encryption key itself can be swapped out for one the attacker controls, and the original parties remain unaware of the eavesdropper the entire time.

34 More on Worms & Viruses The “Stuxnet” worm (discovered June 2010) targeted centrifuges at the Iranian Natanz uranium- enrichment plant in a clandestine fashion. Stuxnet blocked the outflow of gas from the cascades of centrifuges, causing pressure to build up and the equipment to become damaged. It even masked the attack by looping 21 seconds of the system's sensor values so that the engineers at the facility wouldn't realize anything was wrong. Until recently, it was believed that Stuxnet simply targeted the centrifuges by causing them to spin too fast and ultimately break. However, it took a more sophisticated, clandestine approach and set them up to fail at a later date, thereby further evading detection. Stuxnet contains, among other things, code for a man-in-the-middle attack that fakes industrial process control sensor signals so an infected system does not shut down due to detected abnormal behavior. Such complexity is very unusual for malware. The worm consists of a layered attack against three different systems – Windows OS & Siemens. The "Shamoon" virus (Aug 2012) attacked Saudi Arabia's state oil company, ARAMCO - probably the most physically destructive attack the business sector has seen to date. The virus is sophisticated and a similar attack days later struck Qatar's natural gas firm, Rasgas. 30,000 + computers it infected (at ARAMCO) were rendered useless, and had to be replaced. Shamoon included a routine called a "wiper," coded to self-execute, which replaced crucial system files with an image of a burning U.S. flag. It also overwrote all the real data on the machine with garbage data. While not new, the scale and speed with which it happened was unprecedented. Like other malware, it steals information, taking data from Users, 'Documents and Settings', and 'System32/Drivers' and 'System32/Config' folders on Windows computers. One unusual characteristic, however, is that it can overwrite the master boot record (MBR) on infected machines, effectively rendering them useless. Shamoon uses a two-stage attack. First it infects a computer connected to the internet and turns this into a proxy to communicate back with the malware's command-and-control server. After that, it branches out to other computers on the corporate network, steals information, then executes its payload and wipes the machines. Finally, it communicates this to the external command-and-control server.

35 More on Viruses Oligo - indicating a “few,” “little,” or “scant” -- An oligomorphic engine is generally used by a computer virus to generate a decryptor for itself. It does this by randomly selecting each piece of the decryptor from several predefined alternatives. The pieces used to build the decryptor are usually too common to be detected with signatures. Most oligomorphic viruses aren't able to generate more than just a few 100 different decryptors, so detecting them with simple signatures is still possible. Poly - many -- Polymorphic code mutates while keeping the original algorithm intact, so the code changes itself each time it runs, but the function of the code will not change at all (e.g., 1+3 and 6-2 both achieve the same result (“4”) while using different code. Sometimes used by computer viruses, shellcodes and computer worms to hide their presence. Meta - abstraction from one concept to another; Morph - to transform (an image) by computer Metamorphosis - a conspicuous, relatively abrupt physical change in body structure through cell growth and differentiation. Think Caterpillar to butterfly. -- Metamorphic code outputs a logical equivalent version of its own code under some interpretation. Used by viruses to avoid pattern recognition of AV software. Metamorphic code is used by some viruses when they are about to infect new files, so the next generation will never look like current generation. Mutated code will do exactly the same thing; where the children's binary representation will typically be completely different from the parent's.


Download ppt "Cyber Security for AFCEA"

Similar presentations


Ads by Google