Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness: Brave New World

Published byCharlotte Harmon Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Awareness: Brave New World"— Presentation transcript:

1 Security Awareness: Brave New World
Security Planning Susan Lincke

2 Study Sheet The student shall be able to:
Describe the following attack types, who is involved and the information they hope to obtain or actions they hope to accomplish: Hacktivism, cyber-crime, cyber warfare, surveillance state Define attacks: virus, worm, logic bomb, trojan horse, social engineering, phishing, pharming, botnet, zombie, man in the middle, rootkit, dictionary attack, spyware, keystroke logger, ransomware. Define the role of these security techniques and technologies: firewall, security patches, secure behavior Define passwords using three techniques. Define how fraud is commonly found in an organization.

3 History of Cyber-Security
Surveillance State Information Warfare Cyber Crime Hacktivism Vandalism Experimentation Note that History means that the oldest events still occur, but that there was a progression.

4 Password Dictionaries
Experimentation Cracker: Computer-savvy programmer creates attack software Hacker Bulletin Board SQL Injection Buffer overflow Password Crackers Password Dictionaries Successful attacks! Crazyman broke into … CoolCat penetrated… Script Kiddies: Unsophisticated computer users execute programs Malware package=$1K-2K

5 Malware includes Virus
A virus attaches itself to a program, file, or disk When executed, the virus activates, replicates Malware Infection Rates: Web: 1 in 566 1 in 196 40% of data breaches Program A Extra Code B infects [ISTR14][ISTR13] Viruses Computer viruses are software programs that are deliberately designed by online attackers to invade your computer, to interfere with its operation, and to copy, corrupt or delete your data. These malicious software programs are called viruses because they are designed not only to infect and damage one computer, but to spread to other computers all across the Internet. Computer viruses are often hidden in what appear to be useful or entertaining programs or attachments, such as computer games, video clips or photos. Many such viruses are spread inadvertently by computer users, who unwittingly pass them along in to friends and colleagues.

6 Worm Independent program sends copies of itself from computer to computer across networks Click on attachment to execute the worm May send itself to addresses in your list May carry other forms of malware To Joe To Ann To Bob List: Worms Worms are more sophisticated viruses that can replicate automatically and send themselves to other computers by first taking control of certain software programs on your PC, such as .

7 Social Engineering - Phishing
Social engineering manipulates people into performing actions or divulging confidential information % of Breaches Transfer $ from Nigeria ABC Bank has a problem with your account Watch this funny video… see attached You have a notice from Facebook Phone Call: This is John, the System Admin. What is your password? Social Engineering can occur in-person, over the phone, in s or fake web pages. Social Engineering: non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems. The next two slides discuss two types of Social Engineering: phishing and pharming.

8 Pharming = Fake Web Pages
Pharming: Another type of social engineering. A user’s session is redirected to a masquerading website. At the fake website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real site and conduct transactions using the credentials of a valid user on that website. The fake web page looks like the real thing Extracts account information

9 Man in the Middle Attack
An attacker pretends to be your final destination on the network. The attacker may look like a strong WLAN access point. 1% of hacking attacks An easy way to do this is to log into a wireless network that is unusually strong that day.

10 Rootkit After penetration, hacker installs a rootkit
Eliminates evidence of break-in Modifies the operating system Rate of infection/malware Rootkit: 39% Backdoor: 66% Keystroke logger:75% RootKit: A collection of programs that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network. Keystroke Logger: A program which logs passwords, credit card numbers, etc., and forwards them to the attacker. Statistic from forensically-analyzed breaches, 2013. Backdoor entry Keystroke Logger Hidden user

11 History of Cyber-Security
Surveillance State Information Warfare Cyber Crime Hacktivism Vandalism Experimentation Example Hacktivist: Anonymous Political causes, e.g.: Middle East Democracy WikiLeaks Mexican Miner’s rights Bad ways, e.g.: Web defacement DDOS attacks on Visa, MasterCard, MPAA Computer hacking 2% of external breaches Statistic from Forensically-analyzed breaches, 2013

12 Botnet Cross international boundaries
Distributed Denial of Service: Attack web pages $100 per 1000 infected computers Command & Control: 51% of malware attacks When your computer becomes infected, it is likely to become a bot. Because attacks are international, they are hard to eliminate. Statistic from forensically-analyzed breaches, 2013 Zombie: a compromised computer which may host pornography, illegal music and/or movies Botnet: a “zombie army,” or collection of compromised computers, zombies, used to send out spam, viruses or distributed denial of service attacks. [SC06]

13 History of Cyber-Security
Surveillance State Information Warfare Cyber Crime Hacktivism Vandalism Experimentation Target: Finance, Retail, Food 55% of external breaches Cost of Credit Card Numbers: U.S.: $10 European: $50 Bulk: $1 or more Statistics are for Forensically-Analyzed breaches, 2013 [Pop13] Popper, N. and Sengupta, S. “U.S. Says Ring Stole 160 Million Credit Card Numbers”, New York Times, July 25, 2013. [WSJ080608] Pereira, J., Levitz, J. and Singer-Vine, J. “U.S. Indicts 11 in Global Credit Card Scheme”, Wall Street Journal, Aug. 6, 2008.

14 Keystroke Logger Silently tracks the keys you enter
Sends credit card info, password to the criminal You see unusual charges on credit card statement 75% of Malware

15 Trojan Horse Trojan Horse: Masquerades as beneficial program
The Zeus Trojan: Infected millions of computers Mostly in the U.S. and often via Facebook today: top 5 malware problems Steals bank passwords and empties accounts Can impersonate a bank website [Perlr13] Perlroth, N. “Malware that Drains Your Bank Account Thriving on Facebook”, New York Times, June 3, 2013. [SC06] Hoffman, K. E. “Botnets 3.0”, SC Magazine, July 2013, p Logic Bomb Malware that destroys data when certain conditions are met. E.g., it may format a hard drive or change data files (possibly by inserting random bits of data) on a particular date or time or if a certain employee record is missing from the employee database. Example: an employee places a logic bomb inside a system to destroy data when his/her record is removed upon termination. Trojan Horses A Trojan horse is a program which seems to be doing one thing, but is actually doing another. A Trojan horse can be used to set up back door in a computer system so that the intruder can gain access later. The name refers to the horse from the Trojan War, with similar function of deceiving defenders into bringing an intruder inside.

16 War Driving and Hacking
Gonzalez cracked and exposed over 170 million credit card numbers Stole from: Barnes & Noble, Boston Market, OfficeMax, Sports Authority, TJ Maxx, Dave & Buster’s, Marshall’s, Heartland Payment Systems, 7-Eleven, and Hannaford Brothers Sentenced to 20 years prison, 2009 Followed by 3 years supervised release 2003 arrested & released: became informant to Secret Service [Gonz09] Reuters, “Man Accused of Stealing Stores’ Data Pleads Guilty”, New York Times, Aug. 29, 2009. [Gonz10] Anon, “U.S. Department of Justice; Leader of Hacking Ring Sentenced for Massive Identity Thefts from Payment Processor and U.S. Retail Networks”, Biotech Business Week, April 12, 2010.

17 ATM – Point of Sale Credit Card Fraud
Skimmers used at ATMs, gas stations, stores. Skimmers make up 91% of physical security attacks (35%) Skimmers match color of bank ATMs Manufactured in bulk, by 3D printers Check for loose parts; hide PIN Gonzalez encode PINs onto debit card magnetic strips [Gonz10] Anon, “U.S. Department of Justice; Leader of Hacking Ring Sentenced for Massive Identity Thefts from Payment Processor and U.S. Retail Networks”, Biotech Business Week, April 12, 2010. [Ver13] “Verizon 2013 Data Breach Investigations Report”,

18 Ransomware “You are infected. Buy antivirus.”
“You’ve stored underage pornography. Pay a fine or go to jail. Notice from FBI” CryptoLocker: “Your disk has been encrypted. Pay to decrypt.” Pay in 72 hours or else… Backup can be corrupted – MS Shadow Massachusetts Police dept. paid $750 Pay up or your data dies: CryptoLocker ransomware hits Australia Chris Griffith, The Australian, December 05, 2013

19 Password Cracking: Dictionary Attack versus Brute Force
Pattern Calculation Result Time to Guess (2.6x1018/month) Personal Info: interests, relatives 20 Manual 5 minutes Social Engineering 1 Manual 2 minutes American Dictionary 80,000 < 1 second 4 chars: lower case alpha 264 5x105 8 chars: lower case alpha 268 2x1011 8 chars: alpha 528 5x1013 8 chars: alphanumeric 628 2x1014 3.4 min. 8 chars alphanumeric +10 728 7x1014 12 min. 8 chars: all keyboard 958 7x1015 2 hours 12 chars: alphanumeric 6212 3x1021 96 years 12 chars: alphanumeric + 10 7212 2x1022 500 years 12 chars: all keyboard 9512 5x1023 16 chars: alphanumeric 6216 5x1028 The rate of attacks are 34% of hacking attacks (52% of breaches) This chart shows the different combinations of passwords and password lengths and how long a dictionary attack or brute force attack would take to guess the password. Discussion of proper password creation and change techniques will occur later in the User Practices section of the presentation. At this stage just discuss the attacks and comparisons to password lengths and patterns. Brute Force Attack: A cryptanalysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, one-by-one. Dictionary Attack: An attack that tries all of the phrases or words in a dictionary, trying to crack a password or key. A dictionary attack uses a predefined list of words compared to a brute force attack that tries all possible combinations.

20 History of Cyber-Security
Surveillance State Information Warfare Cyber Crime Hacktivism Vandalism Experimentation 2010 Stuxnet worm: Developed by U.S., Israel Hit Iranian nuclear power plants damaged nearly centrifuges nearly 1/5 of those in service Iran attacked American banks, oil companies [NYT060112] “How a Secret CyberWar Program Worked”, graphic, New York Times, June 1, 2012. [NYT013013] Perlroth, N. “Hackers in China Attacked the Times for Last 4 Months”, New York Times, Jan. 30, 2013.

21 Information Warfare Next wars will be computer attacks to power, water, financial systems, military systems, etc Cyberweapons are MUCH cheaper than military Causes as much damage High priority: Protecting utilities, infrastructure New black market in 0-day attacks. Governments pay more > $150,000/bug Govts. include Israel, Britain, India, Russia, Brazil, North Korea, Middle Eastern countries, U.S. New hacking firms openly publicize products [NYT0713] Perlroth, N. and Sanger, D. E. “Nations Buying as Hackers Sell Flaws in Computer Code”, New York Times, July 13, 2013.

22 History of Cyber-Security
Surveillance State Information Warfare Cyber Crime Hacktivism Vandalism Experimentation 21% external breaches: State affiliated 96% from China Statistics from Forensically-analyzed attacks, 2013

23 China – IPR Theft People’s Liberation Army targets manufacturing, research, military aircraft NY Times fought off China for 4 months Who gave info on P.M. Wen Jiabo? 45 mostly-new malware Attacked from 8 AM-midnight China time Stole all passwords; hacked 53 PCs Discussed repeatedly at Pres. Level China says U.S. guilty (Snowden) NY Times story tells us details that most companies will not divulge. [NYT013013] Perlroth, N. “Hackers in China Attacked the Times for Last 4 Months”, New York Times, Jan. 30, 2013.

24 Snowden Releases… NSA has requested/manipulated:
Water down encryption Install backdoors in software Collect communication data Verizon, Google, Yahoo, Microsoft and Facebook were coerced into …? Gag orders prevent companies from speaking Yahoo/Google: nearly 200 million records, Dec 2012 Includes metadata (headers) and content [NYT112613] Perlroth, N. and Markoff, J. “NSA may have hit companies at a weak spot”, New York Times, Nov. 26, 2013. [WP13] “NSA Infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say”, Washington Post, Oct. 30, 2013. [NYT9513] Perlroth, N., Larson, J. and Shane, S. “NSA Able to Foil Basic Safeguards of Privacy on Web”, New York Times, Sept. 5, 2013.

25 Lavabit Lavabit provided secure services… including to Edward Snowden FBI wanted Software, Private Key and Passwords for ALL clients Ladar Levison, President Lavabit fought off court orders, then closed company “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.” Effect: Buyers wary of products from surveillance-state/info warfare countries [Lava13] Perlroth, N. and Shane, S. “As FBI Pursued Snowden, an Service Stood Firm”, New York Times, Oct. 2, 2013.

26 Is Your Computer Safe? Yes No

27 Yes No Is Your Computer Safe?
“The confidence that people have in security is inversely proportional to how much they know about it.” -Roger Johnston

28 Recognizing a Break-in or Compromise
Symptoms: Antivirus software detects a problem Pop-ups suddenly appear (may sell security software) Disk space disappears Files or transactions appear that should not be there System slows down to a crawl Stolen laptop (1 in 10 stolen in laptop lifetime) Often not recognized

29 Malware Detection Often not recognized (Additional) Spyware symptoms:
Change to your browser homepage/start page Searches end up on a strange site Firewall turns off automatically Lots of network activity while not particularly active New icons, programs, favorites which you did not add Frequent firewall alerts about unknown programs trying to access the Internet Often not recognized

30 Safe & Secure User practices
What are the best practices to avoid all the threats we have been discussing?

31 Antivirus - Antispyware
Anti-virus software detects malware and can remove it before damage is done For PC, Tablet, Smartphone Install, keep anti-virus software updated Anti-virus is important but limited in capability Attackers are always creating new viruses, so it is important that anti-virus software stay updated. Anti-virus and anti-spyware software should be updated on a regular basis. Anti-virus should be set to auto update at 12 midnight and then do a scan at 12:30. Anti-spyware should be set to auto update at 2:30 am and then a full system scan should be done at 3:00 am, this procedure makes sure that only one activity is performed at a time. If the employees work from home, they should also have anti-virus and anti-spyware installed on their home computers.

32 Avoid Social Engineering and Malicious Software
Do not open attachments unless you expect the with attachment you trust the sender Do not click on links in s unless you are absolutely sure of their validity Only visit and/or download software from web pages you trust Attachments Attachments should be opened only from trusted senders. If you are not expecting an attachment from the sender, it’s a good idea to call and confirm, before opening the attachment. Spam often asks for sensitive information. Links in s Never click on link in attachment, except only when you are expecting it. If you are not expecting an link from the sender, it’s a good idea to call and confirm, before clicking the link. If you hover the cursor over an ’s web link description, the link should be displayed on the bottom of the browser. Make sure both of them match. Trustworthy Web Pages Software download should be done only from trusted websites like Microsoft for Windows updates and Office application updates. Avoid downloading and using freeware or shareware, since most of them either don’t come with technical support or full functionality.

33 Use a Firewall Web Response Illegal Dest IP Address Email Web Request
SSH Connect Request DNS Request Web Response Ping Request A Packet Filter firewall looks at the incoming packets. Some of them may be requests for connections, or responses to our connections. Normally PCs only initiate connections, such as web or . Therefore, web and requests we would expect to travel in the other direction (from PC to Internet). Most of these requests are illegal. Most likely a cracker is attempting to break into a server, or a PC which is willing to act as one. Other attacks include uses of invalid IP addresses, such as an IP address representing the internal network (pretending to originate from the inside of the network). In this case, the only packets that should make it through are replies to our web requests and requests to a mail server. Illegal Source IP Address Response FTP request Microsoft NetBIOS Name Service Connect Request Telnet Request

34 Protect your Operating System
Microsoft regularly issues updates to fix security problems Windows Update should automatically install updates. Avoid logging in as administrator Windows has automatic update features that should be turned on. Operating system should be regularly updated with the latest patches and updates provided by the vendors. Major software applications like Microsoft Office should also be regularly updated. Other installed business applications should also be updated on a regular basis. Never use an admin account to surf the web, since in case of a compromise the malicious code would have admin rights.

35 Create a Good Password

36 Create a Good Password, Cont’d
Combine 2 unrelated words Mail + phone = Abbreviate a phrase My favorite color is blue= Mfciblue Music lyric Deck the halls with boughs of holly, Fa la la la la la la la la la Dthwboh,F9xl Other password creation techniques: Combining words using symbols and numbers Abbreviating a phrase Using music lyrics, poems or quotes

37 Password Recommendations
PCI DSS vers. 3 [PCIv3] CIS Microsoft Windows 8 [CIS8] Password length 7 characters 14 characters Account lockout threshold 6 invalid attempts 5 invalid attempts Account lockout duration (clears lockout counter) 30 minutes 15 minutes Screen saver time-out Max. password age 90 days 60 days Min. password age Not specified 1 day Password history retention 4 24 Password complexity requirements Numeric and alphabetic 3 of 4: uppercase alpha, lowercase alpha, numeric, punctuation

38 Kind-of Secure On-line Financial Transactions
Always use secure browser to do online purchasing Never use a Debit card on-line. Frequently delete temp files, cookies, history, saved passwords etc. Symbol showing enhanced security Always use secure browser to do online activities. Frequently delete temp files, cookies, history, saved passwords etc. Look for https and/or lock or secure symbol

39 Back up Important Information
Disappearing info: Malware, ransomware, disk failure, … What information is important to you? Is your back-up: Recent? Off-site & Secure? Process Documented? Tested? Encrypted? Backup should be done (at least)once a week. If possible, store to a removable media. The removable media should be big enough to hold 52 weeks of backup (e.g., 500GB). Do a full backup once a month and store it in offsite location. This would be useful in case of a disaster in your office (fire, theft, flood, etc). On the removable media create 12 folders for each month. Backup data should be tested periodically to ensure reliability.

40 Summary – Examples of Types
Threat Type Year: Example Threats Experiment 1984: Fred Cohen publishes “Computer Viruses: Theory and Experiments” Vandalism 1988: Jerusalem Virus deletes all executable files on the system, on Friday the 13th. 1991: Michelangelo Virus reformats hard drives on March 6, Michelangelo’s birthday. Hactivism 2010: Anonymous’ Operation Payback hits credit card and communication companies with DDOS after payment cards refuse to accept payment for Wiki-Leaks. Cyber-crime 2007: Zeus Trojan becomes ‘popular’; turns computers into zbots and spyware steals payment card numbers. 2008, 2009: Gonzales re-arrested for sniffing WLANs and implanting spyware, affecting 171 million credit cards . 2013: In July 160 million credit card numbers are stolen via SQL Injection Attack. In Dec., 40 million credit card numbers and 70 million customer information are stolen through Target stores. California indicates 167 data breaches are reported this year. Information Warfare 2007, 2008: Russia launches DDOS attack against Estonia, then Georgia news, gov’t, banks 2010: Stuxnet worm disables 1000 of Iran’s nuclear centrifuges. Surveillance State 2012: State affiliated actors mainly tied to China quietly attack U.S./foreign businesses to steal intellectual property secrets, summing to 19% of all forensically analyzed breaches 2013: Lavabit closes secure service rather than divulge corporate private key to NSA without customers’ knowledge.

Download ppt "Security Awareness: Brave New World"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
 Surveillance State  Information Warfare  Cyber Crime  Hacktivism  Vandalism  Experimentation.

 Surveillance State  Information Warfare  Cyber Crime  Hacktivism  Vandalism  Experimentation.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Viruses & Destructive Programs

Viruses & Destructive Programs
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.

Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Cyber Crime & Security Raghunath M D BSNL Mobile Services,

Cyber Crime & Security Raghunath M D BSNL Mobile Services,
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.

ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
Viruses.

Viruses.
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.
IT Security for Users By Matthew Moody.

IT Security for Users By Matthew Moody.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Similar presentations

Ads by Google