Quiz 2
example of social engineering friendliness
"is your CEO in today?"
examples of virus actions
-Cause a computer to repeatedly crash -Erase files from or reformat hard drive -Turn off computer's security settings
3 goals of a cyberattack
-Deface electronic information (such as Web sites) to spread disinformation and propaganda -Deny service to legitimate computer users -Commit unauthorized intrusions into systems and networks that result in critical infrastructure outages and corruption of vital data
notify users by
1. pop up message with instructions - cannot bypass 2. read me file with instructions
ransomware is delivered by
1. visit a legit website, but it's infected so the browser downloads it and BOOM... on your computer 2. instructions are delivered through email, click link, & BOOM... on computer 3. attachments where malware hides in
appender infection
1.Virus appends itself to end of a file 2.Moves first three bytes of original file to virus code 3.Replaces them with a jump instruction pointing to the virus code
split infection
1.Virus splits into several parts 2.Parts placed at random positions in host program 3.Head of virus code starts at beginning of file 4.Gives control to next piece of virus code
swiss cheese infection
1.Viruses inject themselves into executable code 2.Original code transferred and stored inside virus code 3.Host code executes properly after the infection
script kiddies
Break into computers to create damage Are unskilled users Download automated hacking software from Web sites and use it to break into computers Tend to be young computer users with almost unlimited amounts of leisure time, which they can use to attack systems Lack technical skills of crackers, sometimes can be more dangerous Success in using automated software scripts fuel their desire to break into more computers Do not normally understand the technology behind what they are doing Want to bolster their egos: attacks give them sense of self-importance
backdoors
Computer code that provides a secret entrance into a computer of which the user is unaware Malware from attackers can also install backdoors
logic bombs
Computer program that lies dormant until triggered by a specific event A certain date being reached on the system calendar A person's rank in an organization dropping below a specified level
ways information can be attacked
Crackers can launch distributed denial-of-service (DDoS) attacks through the Internet Spies can use social engineering Employees can guess other user's passwords Hackers can create backdoors
botnets can be used for
DDOS and Spam
social engineering
Easiest way to attack a computer system requires almost no technical ability and is usually highly successful Social engineering relies on tricking and deceiving someone to access a system Social engineering is not limited to telephone calls or dated credentials No technical skill or abilities needed to break into a system Relies on friendliness, frustration, or helpfulness of a company employee to reveal information necessary to access a system CANNOT PUSH TOO HARD OR PEOPLE WILL BE SUSPICIOUS need to rely on trust ask for small amounts of information at a time; need to be believable rely on physical acts
cyberterrorist
Experts fear terrorists will attack the network and computer infrastructure to cause panic Using airplanes, trains, cars, and even themselves, terrorists attempt to harm innocent civilians -disrupting normal society Attacks are often unprecedented -ways not used before motivation may be defined as ideology, or attacking for the sake of their principles or beliefs One of the targets highest on the list of cyberterroristsis the Internet itself Attackers to fear the most Skill level of a cyberterrorist is very high Unlike hackers (continuously probe systems or create attacks), cyberterrorist can be dormant for several years Target may involve a small group of computers or networks that can affect a large number of users (electrical power grid, isolated attack causing a power blackout)
worms
Malicious program Exploits application or operating system vulnerability Sends copies of itself to other network devices may consume resources or leave behind a payload to harm infected systems
spies
Person hired to break into a computer and steal information Do not randomly search for unsecured computers to attack Hired to attack a specific computer that contains sensitive information Goal: break into a computer, take the information without drawing any attention to their actions motivation for being a spy: almost always financial
hacker
Person who uses advanced computer skills to attack computers, but not with a malicious intent Use their skills to expose security flaws
cracker
Person who violates system security with malicious intent Have advanced knowledge of computers and networks and the skills to exploit them Hackers (searching for security weakness) Crackers destroy data, deny legitimate users of service, or otherwise cause serious problems on computers and networks Malicious actions: do harm to any computer they can beak into
keyloggers
Program that captures user's keystrokes Information later retrieved by attacker Attacker searches for useful information like passwords, credit card numbers. and personal information
adware
Program that delivers advertising content in a way unexpected and unwanted by the user Typically displays advertising banners and pop-up ads May open new browser windows randomly Can also perform tracking of online activities
negative effects of spyware
Slows computer performance Causes system instability May install new browser menus or toolbars May place new shortcuts May hijack home page Causes increased pop-ups
5 basic attacks
Social engineering Password guessing Weak Keys Mathematical attacks Birthday attacks
rootkits
Software tools used by an attacker to hide actions or presence of other types of malicious software Hide or remove traces of log-in records, log entries May alter or replace operating system files with modified versions specifically designed to ignore malicious activity
risk acceptance
accept risk as the cost of doing business, do nothing and continue to operate as if risk did not exist
Companion virus
adds malicious copycat program to operating system
trojan
an executable program that does something other than advertised contains hidden code that launches an attack installed with user's knowledge but hides its malicious payload
how to defend against a trojan horse
antivirus tools special software that alerts you of the existence of a trojan horse program Anti-Trojan horse software that disinfects a computer containing a Trojan horse
3 types of viruses
appender infection swiss cheese infection split infection
pharming
automatically redirected to a site for surrendering personal information ex: visiting a website that's been hacked, not through email
risk management
avoidance mitigation acceptance transferrence
ransomware
been around for about 30 years;
2 types of hackers
black hat hacker white hat hacker
group of zombies
botnet
malware that makes profits
botnets, spyware, adware, keylogger, ransomware
how do viruses spread to other computers
by users transferring those files to other devices
risk mitigation
common response to threats that can be a risk to the system
botnets
computer infected by malware allows it to be remote controlled by an attacker operates in the background with no visible evidence of existence; hides actions from attacker; can remain active for years
security administrator
configures and maintains security solutions to ensure proper service levels and availability
know your enemy so you can
create a defense to neutralize attacks and minimize damage
protection against ransomware
cyberhygiene antivirus software to help protect patching your system train personnel ( don't click on unknown links) principle of least privilege backup computer on and offline
examples of worm actions
deleting computer files allowing remote control of a computer by an attacker
security engineer
designs, builds, and tests security solutions to meet policies and address business needs
security manager
develops corporate security plans and policies, provides education and awareness, and communicates with executive management about security issues
dumpster diving
digging through trash receptacles to find calendars, inexpensive hardware, memos, organizational charts, phone directories, policy and system manuals
macro viruses
executes a script
how do worms infect
exploit vulnerabilities in an application or operating system
basic methods of persuasion
flattery or insincerity, conformity, friendliness
security policies should be
flexible and adaptable without needing frequent re-writes with technology changing should remain available to staff
white hat hacker
good intentions; goal: expose weaknesses to improve security
conformity
group based behavior; this will diffuse responsibility if something goes wrong
attacker profiles (7)
hackers crackers script kiddies spies employees/insiders cyberterrorists cyber criminals
example of social engineering helpfulness
holding the door
Social engineering psychological approaches often use:
impersonation phishing spams hoaxes
goal of security
implement proper policies and educate users of those policies
program viruses
infects executable files
resident virus
infects files opened by user or operating system
boot virus
infects the Master Boot Record of the hard drive
how do viruses infect
insert their code into a file
whaling
looking for bigger targets (usually people with a lot of money)
black hat hacker
malicious intentions; goal: steal information
how to send spam
need laptop hotel- pay cash & fake ID
to avoid social engineering
need to develop strong instructions/company policies regarding passwords, who can enter the premises, and what to do when asked questioned by another employee who may reveal informaiton
can viruses be remote controlled
no
do worms need user action
no
employees/insiders
one of the largest information security threats to business "Malicious insider": someone who has or had access to network, system, and data of an organization use trusted authority to cause harm to organization 90% of "data leakage" cases => over 48% of breaches attributed to insiders often more costly than external attacks
principle of least privilege
only allow access to files needed to do your job; only allow actions on files that commensurate with your job; no one needs full range on everything
payload
part of the computer program that executes the malicious action
types of images to be sent through spam
phishing image image spam layered GIF image
impersonation
pretend to be tech support
how to remove a rootkit
reformat hard drive and reinstall operating systems
viruses
replicate themselves by spreading to another file; activates its malicious payload; to files; needs a medium to spread; cannot travel on its own; needs users action; needs an agent to spread Antivirus software defends against viruses Drawback of antivirus software is that it must be updated to recognize new viruses Updates (definition files or signature files) can be downloaded automatically from the Internet to a user's computer
phishing
send email that appears legit to surrender information
spam
send huge emails to many people goal: get information done by selling you fake stuff
insiders break in to (3)
show the company a weakness in their security to say "I'm smarter than all of you" for money
risk avoidance
simplest response, risk on an asset overwhelms gained by operating it
spyware
software that gathers information without user consent; usually used for advertising, collecting personal information; and changing computer configurations
spim
spamming with IM (instant messaging)
spear phishing
targets a specific group of people; more time consuming; ex: customized email
risk transference
transfer the risk to someone else
malware that conceals its purpose
trojans, rootkits, logic bombs, backdoors
viruses and worms are self replicating but where they replicate is different
true
how do you get information through spam
use images to bypass detection
how do worms spread to other computers
use networks to travel from one computer to another
malware that have the goal of spreading
viruses and worms
malware that infects systems
viruses and worms
vishing
voicemails
usable security
what's the point of security if people cannot use it? need usable solutions people will make shortcuts; slow work down;
can worms be remote controlled
yes
do viruses need user action
yes
example of social engineering frustration
you could be frustrated or you could frustrate someone else into giving you information
infected robot (bot) computer is called a
zombie
