Presentation is loading. Please wait.

Presentation is loading. Please wait.

CYBER SECURITY, Part II Malware and Scams. A Quick Review of the basics!

Published byGriselda Freeman Modified over 8 years ago

Similar presentations

Presentation on theme: "CYBER SECURITY, Part II Malware and Scams. A Quick Review of the basics!"— Presentation transcript:

1 CYBER SECURITY, Part II Malware and Scams

2 A Quick Review of the basics!

3 3 The Security Pillars Authentication Authorization Privacy Information Integrity Non Repudiation Availability

4 Viruses, Worms, Trojan Horses and Spybots aka, Malware Primarily attack on Authentication,Data Integrity, System Availability and Privacy

5 Viruses!! 5

6 6 Computer Viruses In the early 1980s, Fred Cohen did extensive theoretical research at USC, as well as setting up and performing numerous practical experiments, regarding viral type programs. Dr. Cohen's definition of a computer virus as "a program that can 'infect' other programs by modifying them to include a... version of itself" is generally accepted as a standard. Aka….a illicit program hidden inside of a legitimate program that propagates through various computer and network media Cohen created “research viruses” as part of his thesis Today we are concerned with viruses “in the wild”

7 7 Viruses Malicious software code that is usually embedded in executable programs or documents File Infector viruses can sit in a systems memory and attach themselves to any programs that the user opens Some viruses actually create new copies of existing programs that contain malicious code and substitute them for the original A common technique is to infect Word documents that may then be emailed to other systems Famous Viruses in the past were called Chernobyl, Career of Evil, Concept The worst viruses destroy the file directory or the data on your Disk!

8 8 How do they propagate? Early viruses spread when people exchanged floppy disks that contained programs or data with other users and inserted them into their machines (relatively slow propagation) Today, with the speed and global reach of the internet, viruses can spread many times faster attached to emails, and file downloads such as mp3s, images and video files (very fast propagation and attack at a distance)

9 9 Types of Viruses File Infector Viruses –Some of the oldest types –Looks like an executable file (.exe,.com,.bin,.sys) –Hides in system memory and embeds itself in applications that the user opens –Capable of infecting multiple application files –Some Infector viruses make a copy of the real application and hide themselves inside the copy. When the user clicks on the file name, the copy runs, not the original. Macro Viruses –Hide in the popular macro commands that are popular in windows applications –These viruses infect any documents that the application opens (Word, Excel, Access, etc.)

10 10 Types of Viruses Boot Sector Viruses –These viruses infect the boot track of the disk drive when the machine is booted up –By altering the boot drive, the virus can render the machine inoperable –Michelangelo was a famous boot sector virus that launches on computers on March 6 th and puts the infected machines out of service –On March 6, 1992 there was almost hysteria about the effect that this virus would have on all the PCs installed worldwide

11 11 Worms Responsible for today’s most widespread attacks and sometimes confused with Viruses Unlike viruses, worms are designed to self replicate and automatically spread themselves from system to system using the network connections Worms usually use email as their carrier method since email is such a popular application Some worms mail themselves to everyone listed in your address book as an efficient replication mechanism The Anna-Kournikova.jpg.vbs worm did over $80 million worth of damage because people couldn’t resist the temptation of seeing a nude photo of her

12 12 Kournikova worm smashes through the net !!!! Sophos Anti-Virus, a world leader in corporate anti-virus protection, has warned users to be wary of a new in-the-wild worm that poses as a picture of the popular Russian tennis pin-up, Anna Kournikova. The worm has been widely reported as infecting users around the world. 2001

13 13 The Trojan Horse

14 14 Trojans Modeled after the ancient technique of hiding a threat inside of a seemingly benign package Trojans are usually attached to emails and contain a program that performs nasty stuff on your computer When the user opens the email, the system resets and when it boots up, the Trojan program does its thing very secretly Trojans can open up backdoor communications on your system which allows someone to actually see what you are typing on the keyboard (Usernames, Passwords, CC#s, Phone numbers, SS#s)!!!!!!! Trojans can also allow someone to effectively hijack your computer and use it control everything that your machine does without you knowing it (Zombies!)

15 15 In Summary A wide variety of threats Viruses, Worms and Trojans are sometimes combined in order to confuse the detection and removal techniques The attacks continue and get more sophisticated all the time.

16 16 How to attempt to protect yourself from Malware Install Viruses protection software Subscribe to the update Service and have the updates installed automatically on your machine Perform a complete Virus scan of your machine at least once a week –Automatically while you are asleep! Do not put flash memory cards from unknown parties into your machine Only accept software downloads from reputable companies (almost 10% of all the files on popular file sharing sites are in fact Malware) Install and run Spybot Search and Destroy regularly Don’t open any emails promising racy photos or videos of Anna Kournikova, Pamela Anderson, Paris Hilton or Ben Affleck, George Clooney or Brad Pitt! Or anyone else for that matter….

17 RansomWare! Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed. 17

18 18 Beware of Bogus Virus Protection! (RansomWare) The user gets a very visible warning about infections on their PC from what appears to be a legitimate source (Microsoft, etc) They are instructed to click on a button and download software to protect themselves. By doing so they download and install a program that incessantly pops up on their screen instructing them to pay for a viral antidote which disrupts everything else they are trying to do They then have to go to a website and pay to remove the annoying software that they mistakenly downloaded in the first place! VERRRRY ANNOYING!!!! and costly

19 CryptoWall and CryptoLocker A file-encrypting ransomware program called CryptoWall infected over 600,000 computer systems in the past six months and held 5 billion files hostage, earning its creators more than $1 million, researchers found. The threat has been spreading since at least November 2013, but until the first quarter of this year it remained mostly overshadowed by CryptoLocker, another ransomware program that infected over half a million systems from September 2013 through May, earning its perpetrators an estimated $3 Million! 19

20 20 More Threats and Scams Nigerian Letters Phishing Pharming Spoofing

21 21 Nigerian Letters Also known as “Advance Fee Fraud” Been successfully run since the 1980’s over mail and over the Internet Convinces the target that they will get a huge commission for helping free up money held in an offshore bank account. Target is solicitied for small “fees” and their personal info to expedite the process Of course, no money is forthcoming Read all about them here http://home.rmci.net/alphae/419coal/http://home.rmci.net/alphae/419coal/

22 Nigerian Letter Example Attention.Friend Its my pleasure to inform you that i have verify from the bank director regarding the transfer of your fund and it was good news because the requested fee was less expessive for you to afford. your consignment containing your fund($800.000.00) i have deposited it with the CAPITAL CITY BANK PLC so that your fund will be wired to your account immediately you contact the bank director with your banking details. However i went to CAPITAL CITY BANK PLC to discuss this with the bank director as its has not been delivered to you However he told me that your fund can be transfered to you via a direct wire transfer(KTT) into your account.He told me to instruct you to contact the bank to apply for a direct wire transfer into your account to avoid loosing your fund due to delay. Therefore you can contact the bank with below information, send to them your banking information. CAPITAL CITY BANK PLC OF BENIN REPUBLIC 20/22 HOSPITAL ROUTE COTONOU BENIN REPUBLIC

23 Phising, Pharming and Spoofing 23 Who Am I ????

24 24 Phishing Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic transaction. Phishing is an example of social engineering techniques used to fool users and exploits the poor usability of current web security technologies. Phishing alludes to baits used to "catch" financial information and passwords.

25 Pharming Pharming is a hacker’s attack aiming to redirect a website’s traffic to another, bogus website Pharming can be conducted either by changing the host’s file on a victim’s computer or by exploitation of a vulnerability in DNS server software. Antivirus softwareAntivirus software and spyware removal software cannot protect against pharming.spyware removal software Pharming is also known as Page Hijacking

26 26 Spoofing Website spoofing is the act of creating a website, as a hoax, with the intention of misleading readers that the website has been created by a different person or organization. Another meaning for spoof is fake websites. Normally, the website will adopt the design of the target website and sometimes has a similar URLURL E-mail spoofing is e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e- mail originated from a different source. Because core SMTP doesn't provide any authentication, it is easy to impersonate and forge emails. It is usually fraudulent but can be legitimate. It is commonly used in spam and phishing e-mails to hide the origin of the e-mail message. Most often used in conjunction with Pharming

27 Phishing Video http://www.youtube.com/watch?v=Y4mnIwtIWB4&feature=fvwre l

28 These days, Phishing, Pharming and Spoofing are often all combined in the same attempt to compromise someone’s personal information

29 Looking for Privacy Encryption and Decryption “Kryptos logos” (Hidden Word)

30 30 Encryption and Data Security (Privacy) Cryptography is the art and science of keeping message secret Encryption techniques convert data into a secret code for transmission The process of retrieving the original message at the receiver is called decryption

31 31 Encryption with and without keys Earlier, less sophisticated encryption did not involve the use of keys but relied solely on a secret formula or algorithm This is very weak encryption since: –It is now essential to keep the algorithm secret between all authorized parties –Disseminating the algorithm risks its secrecy –Once the algorithm is compromised, an entirely new one must be developed and distributed The use of keys in conjunction with a public algorithm is much stronger because: –The algorithm can be published so that everyone knows it –The keys are secret –The keys can be changed whenever necessary to preserve their secrecy

32 32 Encryption Keys Keys are essential information -- usually a large numerical parameter(s) -- needed for encryption and/or decryption algorithms Encryption keys are used to encode plaintext as encoded ciphertext Decryption keys are used to decode ciphertext and recover the original plaintext Decryption keys are sometimes discovered by brute force methods employing computers to search large potential key combinations

33 33 Two Types of Encryption using keys Symmetric keys also know as Secret Key Encryption Asymmetric keys also known as Public Key Encryption Public Key Encryption aka PKI is now the dominant form of Encryption in use in all digital transactions

34 34 Disadvantages of Secret (Private) Key Ciphers Both parties have to keep the secret –The more parties that have to share a secret, the less chance that the secret will remain secret Sending the secret key to the receiving party risks its secrecy If the key is compromised then it has to be transmitted to all parties before they can resume communications

35 35 Asymmetric or Public Key Ciphers This involves the use of TWO different keys. One key is PUBLIC and published by a Trusted Third Party, known as a Certificate Authority (CA). This key is contained in a Digital Certificate One key is PRIVATE and held secret by its owner The Private key owner is registered with the CA and has proven their identity to a specific level of certainty The Private key owner can now SEND a message encrypted using the private key to anyone they like The Receiver of this message cannot read it without decrypting it The Receiver goes to the CA (on the web) and requests the Sender’s Public Key The Receiver uses the public key to decrypt the Sender’s message

36 36 Who are the Certificate Authorities? CAs are Bonded, Trusted, Third Party Companies that have been authorized to set up Public Key Infrastructures (PKI) on the Web for the purpose of issuing and managing Public and Private keys for their subscribers They operate very secure servers on the web that allow two parties to use the Public Key methods to send secure information over the internet Subscribers have to pay to belong and must authenticate themselves to the to the CA periodically to prove who they are. There are different levels of authentication depending upon the nature of your transactions You can see a list of Certificate Authorities in your Browser!

37 37 Asymmetric or Public Key Ciphers The first practical public key algorithm was published by Rivest, Shamir, and Adleman in 1976 and is know as RSA (for their last names) RSA is still a widely used algorithm which is a testament to its strength and viability Public key ciphers employ an algorithm with two keys -- a public key and a private key A sender looks up the recipient's public key and uses it to encode a message The recipient then decodes the message with his or her private key (this private key is necessary to decode the message) This also works in reverse.

38 38 Asymmetric or Public Key Ciphers Illustrated

39 Secure Socket Layer The use of Public Key Infrastructures to secure information exchanges over the web is called the Secure Socket Layer (SSL) SSL is the predominate method used to apply RSA and other algorithms for securing email and sensitive electronic transactions Recently, security vulnerabilities were discovered in SSL which potentially could allow unauthorized parties to compromise the method. http://www.howtogeek.com/182425/5-serious-problems-with- https-and-ssl-security-on-the-web/http://www.howtogeek.com/182425/5-serious-problems-with- https-and-ssl-security-on-the-web/ 39

40 SSL uses several exchanges to setup the secure link 40

41 41 Non-Repudiation using RSA If a party is registered with a CA and sends a document or a transaction encrypted with their secret key to another party they effectively create what is known as a DIGITAL SIGNATURE Digital Signatures are legally binding in the same way your hand written signature is binding (U.S. Congress and EEC laws) –It is very difficult to REPUDIATE that transaction since only the sending party knew the secret key in order to create the encrypted message –The message is read and processed by the receiving party using the Sender’s Public key, which is the ONLY key that will work. If the Receiver can successfully decode the message then it has proof that the message was generated by the specific sender –Very important principle when applied to legally binding documents and transactions such as; Contracts Offers Affadavits Confidential Information

42 Website demo illustrating Digital Certificates and Public Key Encryption http://www.paypal.com

43 CyberWar! 43

44 Stuxnet --- Who done it ????? Stuxnet is a virus that is widely believed to have been developed by the U.S. and Israeil intelligence communities. It’s purpose was to infiltrate programmable control systems used in the process control industries. In particular, this worm was targeted at the controllers that operate the centrifuges used in Iran to process uranium, a key component in the quest for nuclear weapons, or reactors. Stuxnet Video: http://vimeo.com/25118844 44

45 Cyberwar - Recent News -WSJ- October 13, 2012 http://online.wsj.com/article/SB1000087239639044465780457805293 1555576700.html?http://online.wsj.com/article/SB1000087239639044465780457805293 1555576700.html? Iran Blamed for Cyberattacks U.S. Officials Say Iranian Hackers Behind Electronic Assaults on U.S. Banks, Foreign Energy Firms 45

46 Questions?

47 47 Symmetric or Secret Key Ciphers Secret key ciphers use a single secret key (or set of keys) for both encryption and decryption The secret key must be transferred securely in order for secret key methods to be secure Data Encryption Standard (DES) is a US government sponsored secret key cipher. DES uses a 56-bit key. International Data Encryption Algorithm (IDEA) has replaced DES. It uses a 128-bit key. Longer keys make it more difficult for brute force discovery of the secret key

48 48 Authentication using RSA The process used to verify the identity of a respondent is called authentication Authentication is very important for electronic commerce and other network transactions Authentication exploits the symmetry of public and private keys To authenticate that a person is who they say they are: –send that person a nonsense message and ask them to encode it with their private key and return it to you –when the message is returned, if the person is who they claim to be, you should be able to recover your nonsense message using their public key which is published by the CA

49 49 Using Encryption to Authenticate in E-Commerce

Download ppt "CYBER SECURITY, Part II Malware and Scams. A Quick Review of the basics!"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.

Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Computer Viruses.

Computer Viruses.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
22 November 2010. Security and Privacy  Security: the protection of data, networks and computing power  Privacy: complying with a person's desires when.

22 November Security and Privacy  Security: the protection of data, networks and computing power  Privacy: complying with a person's desires when.
Threats To A Computer Network

Threats To A Computer Network
Cryptographic Technologies

Cryptographic Technologies
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
Contents  Viruses Viruses  Computer Worms Computer Worms  Trojans Trojans  Spyware Spyware  Adware Adware  Spam Spam  Hoaxes and Scams Hoaxes and.

Contents  Viruses Viruses  Computer Worms Computer Worms  Trojans Trojans  Spyware Spyware  Adware Adware  Spam Spam  Hoaxes and Scams Hoaxes and.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Similar presentations

Ads by Google