Cyber Security Basics - Threats, Malware and Prevention

Cyber Security By Akhilesh Hiremath Swami Importance of Cyber Security “The only system which is truly secure is one which is switched off and unplugged, locked in a titanium safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it.” - Professor Gene Spafford In security matters: https://spaf.cerias.purdue.edu/ There is nothing like absolute security We are only trying to build comfort levels, because security costs money and lack of it costs much more Comfort level is a manifestation of efforts as well as a realization of their effectiveness & limitations Importance of Cyber Security The Internet allows an attacker to work from anywhere on the planet. Risks caused by poor security knowledge and practice: Identity Theft Monetary Theft Legal Ramifications (for yourself and your organization) Sanctions or termination if policies are not followed According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are: Web Browser Web Applications Excessive User Rights Cyber Security Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber Security https://www.varonis.com/blog/data-breach-statistics/ is Safety Security:We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology. Domain s False Sense of Security? What is a Secure System? (CIA Triad) Confidentiality – restrict access to authorized individuals Integrity – data has not been altered in an unauthorized manner Availability – information Availability can be accessed and modified by authorized individuals in an appropriate timeframe CIA Triad Confidentiality Example: Criminal steals customers’ usernames, passwords, or credit card information Protecting information from unauthorized access and disclosure CIA Triad Integrity Protecting information from unauthorized modification Example: Someone alters payroll information or a proposed product design CIA Triad Availability Example: Your customers are unable to access your online services Preventing disruption in how information is accessed Threats and Vulnerabilities What are we protecting our and our stakeholders information from? Threats: Any circumstances or events that can potentially harm an information system by destroying it, disclosing the information stored on the system, adversely modifying data, or making the system unavailable Vulnerabilities: Weakness in an information system or its components that could be exploited. Phishing and Spear- phishing Attacks Social Engineering Scams WHAT KINDS Common Malware and OF THREATS Ransomware ARE THERE? Business Email Compromise Fake websites that steal data or infect devices And much more Phishi ng Phishing refers to the practice of creating fake emails or SMS that appear to come from someone you trust, such as: Bank, Credit Card Company, Popular Websites The email/SMS will ask you to “confirm your account details or your vendor’s account details”, and then direct you to a website that looks just like the real website, but whose sole purpose is for steal information. Of course, if you enter your information, a cybercriminal could use it to steal your identity and possible make fraudulent purchases with your money. Phishing Statistics Verizon DBIR 2020: Phishing is the biggest cyber threat for SMBs, accounting for 30% of SMB breaches KnowBe4: 37.9% of Untrained Users Fail Phishing Tests 84% of SMBs are targeted by Phishing attacks A new Phishing site launches every 20 seconds 74% of all Phishing websites use HTTPS 94% of Malware is delivered via email Example of Phishing Another Example S1M1L4RLY, Y0UR M1ND 15 R34D1NG 7H15 4U70M471C4LLY W17H0U7 3V3N 7H1NK1NG 4B0U7 17 Social Engineering When attempting to steal information or a person’s identity, a hacker will often try to trick you into giving out sensitive information rather than breaking into your computer. Social Engineering can happen: Over the phone By text message Instant message Email Malwar e Malware = “malicious software” Malware is any kind of unwanted software that is installed without your consent on your computer and other digital devices. Viruses, Worms, Trojan horses, Bombs, Spyware, Adware, Ransomware are subgroups of malware. Virus es A virus tries to infect a carrier, which in turn relies on the carrier to spread the virus around. A computer virus is a program that can replicate itself and spread from one computer to another. Viruses cont. Direct infection: virus can infect files every time a user opens that specific infected program, document or file. Fast Infection: is when a virus infects any file that is accessed by the program that is infected. Slow infection: is when the virus infects any new or modified program, file or document. Great way to trick a antivirus program! Sparse Infection: is the process of randomly infecting files, etc. on the computer. RAM-resident infection: is when the infection buries itself in your Computer’s Random Access Memory. Bombs Logic Bombs: is programming code that is designed to execute or explode when a certain condition is reached. Most the time it goes off when a certain time is reached or a program fails to execute. But it these bombs wait for a triggered event to happen. Most common use of this is in the financial/business world. Most IT employees call this the disgruntled employee syndrome. Troj ans Trojan horse: is a program or software designed to look like a useful or legitimate file. Once the program is installed and opened it steals information or deletes data. Trojan horses compared to other types of malware is that it usually runs only once and then is done functioning. Some create back-door effects Another distribution of Trojans is by infecting a server that hosts websites. Downfall of Trojans: very reliant on the user. Worm s Worms and viruses get interchanged commonly in the media. In reality a worm is more dangerous than a virus. User Propagation vs. Self Propagation Worm is designed to replicate itself and disperse throughout the user’s network. Email Worms and Internet Worms are the two most common worm. Email Worm Email worm goes into a user’s contact/address book and chooses every user in that contact list. It then copies itself and puts itself into an attachment; then the user will open the attachment and the process will start over again! Example: I LOVE YOU WORM Internet Worms An Internet Worm is designed to be conspicuous to the user. The worms scans the computer for open internet ports that the worm can download itself into the computer. Once inside the computer the worms scans the internet to infect more computers. Zombie & Botnet Secretly takes over another networked computer by exploiting software flows Builds the compromised computers into a zombie network or botnet a collection of compromised machines running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure. Uses it to indirectly launch attacks E.g., DDoS, phishing, spamming, cracking Adware and Spyware Adware is a type of malware designed to display advertisements in the user’s software. They can be designed to be harmless or harmful; the adware gathers information on what the user searches the World Wide Web for. With this gathered information it displays ads corresponding to information collected. Spyware is like adware it spies on the user to see what information it can collect off the user’s computer to display pop ads on the user’s computer. Spyware unlike adware likes to use memory from programs running in the background of the computer to keep close watch on the user. This most often clogs up the computer causing the program or computer to slow down and become un-functional. Exploit Kit Identity Theft Identity Theft Impersonation by private information Thief can ‘become’ the victim Reported incidents rising Methods of stealing information Shoulder surfing Snagging Dumpster diving Social engineering High-tech methods Identity Theft Loss of privacy Personal information is stored electronically Purchases are stored in a database Data is sold to other companies Public records on the Internet Internet use is monitored and logged None of these techniques are illegal Denial of Service Attack Ransomwar e Ransomware is a type of malware that restricts your access to systems and files, typically by encryption and then demands a ransom to restore access. Often, systems are infected by ransomware through a link in a malicious email. When the user clicks the link, the ransomware is downloaded to the user’s computer, smartphone or other device. Ransomware may spread through connected networks. Ransomwar e Top Ransomware Vulnerabilities: RDP or Virtual Desktop endpoints without MFA Citrix ADC systems affected by CVE-2019-19781 Pulse Secure VPN systems affected by CVE-2019-11510 Microsoft SharePoint servers affected by CVE-2019-0604 Microsoft Exchange servers affected by CVE-2020-0688 Zoho ManageEngine systems affected by CVE-2020-10189 https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare- critical-services-heres-how-to-reduce-risk/ Ransomware Controls Weapons-Grade Data Backups Religious Patch Management Plan to Fail Well (Incident Response Plan) Know who to call! Training and Testing Your People Don’t Open that Email Link/Attachment

Cyber Security Basics - Threats, Malware and Prevention

Document Details

Tags

Related

Summary

Full Transcript