CSCE 201 Test 1
Backdoor
- A Backdoor is software code that gives access to a program or service that circumvents normal security protections. - Legitimate backdoors often arise in practice when developers need to access a program or device on a regular basis, yet do not want to be hindered by continual request for passwords or other security credentials. - Not only can attackers exploit "unclosed" backdoors, but malware may attempt to install backdoors on a system to allow the attacker to return at a later time and bypass security settings.
Rootkit
- A Rootkit is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, and worms. - Rootkits accomplish this by hiding or removing: • traces of log-in records, • log entries, and • related processes. - Rootkits also change the operating system to force it to ignore any malicious activity
Biological Viruses
- A biological virus is an agent that reproduces inside a cell. - When a cell is infected by a virus, the virus takes over operation of that cell, converting it into a virtual factory to make more copies of it.
Computer Trojan
- A computer Trojan is an executable program that contains hidden malware code. - It typically misrepresents itself as a program to perform one activity while in actuality it is performing some malicious activity.
character set
- A defined list of characters recognized by the computer hardware and software. - An eight-character password that has a character set comprised of the 76 characters belonging to uppercase letters, lowercase letters, digits, and common symbols would result in 1.11 × 1015 possible passwords. - At two or three tries per second, it could take 5, 878, 324 years to guess the right password.
Hoaxes
- A hoax is a false warning, often contained in an e-mail message claiming to come from the IT department. Hoaxes come in many forms, some may: • warn of a virus and ask the user to take some specific action • ask the user to call the attacker for help • request the user to change some configuration settings - All in an attempt to make a potential attack possible or easier.
Keylogger
- A keylogger silently captures and stores each keystroke that a user types on the computer's keyboard. - A keylogger can be a small hardware device of a software program. - Keyloggers can be either: • hardware and • software - An advantage of software keyloggers is that they do not require physical access to the user's computer as with hardware keyloggers.
Firewalls: Computer
- A software-based personal firewall runs as a program on a computer and serves a similar purpose: it is designed to prevent malware from spreading into the computer. - How does it work? By monitoring the data coming into the computer from the Internet or the local network to which the computer is connected and blocking (filtering) certain content.
Virus Details
- A virus can only replicate itself on the host computer. - It cannot automatically spread to another computer, instead it relies on the actions of users to spread to other computers. - Example: USB or Email
Worms
- A worm is a malicious program designed to take advantage of vulnerability in an application or an operating system in order to enter a computer. - The worm will then search for other computers with the same vulnerability. Typi- cally, by sending copies of itself over the network.
Arbitrary Code Execution
- An arbitrary code execution (a.k.a. remote code execution, or RCE) attack allows an attacker to gain control of the victim's computer to execute the attacker's commands, turning it into his own remote computer. - This is often accomplished via a buffer overflow attack.
Insiders
- An organization's own employees, contractors, and business partners. - Attacks are most often the sabotage or theft of intellectual property. - Most sabotage comes from employees who have recently been demoted, reprimanded, or left the company.
Zombies
- Arbitrary code execution is often a "one-time only" event in which the attacker steals files or corrupts a hard drive. - However, the attacker may want to take control of the machine in the foreseeable future. - In this case, the infected "robot" or bot for short is called a zombie.
Authentication
- Authentication ensures that the individual is who s/he claims to be and not an imposter. - Passwords are a weak form of authentication.
What Would an Attacker Do?
- Because of the limitations of online guessing, most password attacks today use offline cracking. - When a password is created, a digital representation of the password called a digest is created. The digest is created by a hash algorithm and is stored on the computer and\or Web site.
command and control (C&C)
- Bot herder issues commands to a zombie through. - Today, the C&C mechanism primarily uses the Hypertext Transfer Protocol (HTTP), which is the standard protocol for internet usage. This works to the advantage of the attacker because botnet traffic is more difficult to detect and block.
Offline Cracking Technique (Two Main offiline cracking techniques)
- Brute Force Attack - Dictionary Attack
Brute Force Attacks (cont.)
- Brute Force attacks are the slowest most thorough method. The attacker is often able to set parameters such as • password length: the minimum and maximum length of a password - often a range - say 1 to 42 • character set the set of letters, symbols, and characters that make up a password • language: Such as Arabic, Dutch, English, French, German, Italian, Polish, Portuguese, Russian, Spanish, Swedish, etc. • mask: If any part of the password is known, a pattern can be entered to reduce the number of passwords generated. Ex. So that if the first two letters of a six-character password were known to be sk, the pattern could be sk???? This is similar to the idea of regular expressions which you may/may not have seen. • skips: because most passwords are wordlike combinations of letters, the program can be set to skip nonsensical combinations of characters.
Maintaining productivity
- Cleaning up after an attack diverts resources. - Attacks can cost a company a lot of money.
Firewalls: Construction
- Commercial buildings, apartments, and other similar structures are required by local and national building codes to have a firewall. - In building construction, a firewall is usually a brick, concrete, or masonry unit positioned vertically through all stories of the building whose purpose is to contain a fire and prevent it from spreading.
Setting Social Networking Defenses
- Consider the Information You Post BE CAUTIOUS ABOUT WHAT INFORMATION YOU POST Security - Posting travel plans can invite burglary. Perception - Consider your boss and mother reading the post
Dumpster Diving
- Digging through trash receptacles for useful information. - Can find things such as: Calendars: A calendar can reveal which employees are out of town at a particular time. Inexpensive computer hardware (USBs or portable hard drives): These devices are often improperly disposed of and may contain valuable information. Memos: Can provide small bits of useful information for an attacker who is building an impersonation Organizational charts: These identify individuals within the organization who are in positions of authority. Phone directories: Can provide the names and telephone numbers of individuals in the organization to target or impersonate. Policy manuals: May reveal the true level of security within the organization. System manuals: Can tell an attacker the type of computer system that is being used so that other research can be conducted to pinpoint vulnerabilities.
How Attackers Steal Personal Information
- Dumpster Diving: Discarded credit card statements, charge receipts, and bank statements can be retrieved for personal information. - Phishing: Attackers convince victims to enter their personal information at an imposter Web site after receiving a fictitious e-mail from a bank - Change of address form: Using a standard change-of-address form the attackers divert all mail to their post office box so that the victim never sees any charges made. - Pretexting: An attacker who pretends to be from a legitimate research firm asks for personal information. - Stealing: Stolen wallets and purses contain personal information that can be used in identity theft.
Weak passwords
- Even when users attempt to create stronger passwords, they generally follow predictable patterns of • Appending: adding a number of mark of punctuation only to the end of a password • Replacing: - substituting a "0" for an "o - passw0rd - substituting a "1" for an "i" - N1ck - substituting a "$" for an "s" - $tiffler - Attackers are aware of the weak "ciphertext" and can search for them in passwords, making it easier to break them.
Products
- Form the physical security around the data. - May be as basic as door locks - or as complicated as network security equipment.
Cybercriminals
- Generic Definition: People who launch attacks against other users and their computers. - Specific Definition: A loose network of highly motivated attacks, many of which belong to organized gangs of attackers.
Cyberterrorists
- Goals of a cyberattack: • Deface electronic information (spread misinformation and propaganda) • Deny service to legitimate computer users • Cause critical infrastructure outages and corrupt vital data. - Attacks may be ideologically motivated
Types of User Accounts
- Guest: Intended for users who need temporary use of a machine. There are very few settings that can be changed from a guest account. - Standard: Designed for everyday computing activities and allows for some settings to be modified. - Administrator (root): The highest level of user account. The provides (almost) total control over a computer.
Ashley Madison
- In July 2015, a group calling itself "The Impact Team" stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. - On August 18th and 20th, the group leaked more than 25 gigabytes of company data, including user details. - Because of the site's policy of not deleting users' personal information - including real names, home addresses, search history and credit card transaction records - many users feared being publicly shamed.
Bug Bounties
- In recent years several software vendors have started financially rewarding individuals who uncover vulnerabilities in their software and then privately report it back to the vendors so that the weaknesses can be addressed. - Some vendors even sponsor annual competitive contents called "Bug Bounties" and handsomely pay those who can successfully attack their software in order to reveal vulnerabilities
Impersonation
- In the context of social engineering impersonation means to create a fictitious character and then play out the role of that person on a victim. - Some common roles that are often impersonated include: • repairman • IT support • Exterminator • Manager • or other trusted third party
Program virus
- Infects program executable files. - When the program is launched the virus is activated
Availability
- Information has value if the authorized parties who are assured of its integrity can access the information. - Availability ensures that data is accessible to authorized users.
Macro virus
- Is written in a script known as a macro. - A macro is a series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks. - Can be written by using a macro language such as Visual Basic for Applications (VBA) - Are stored within a user document. And once the document is opened, the virus is activated.
Confidentiality
- It is important that only approved individuals are able to access important information. - Confidentiality ensures that only authorized parties can view the information.
Malware Objectives
- It is often hard to classify the different types of malware. - One line of reasoning is to classify malware according to its objective. • Spreading - Goal is to rapidly spread its infection to as many systems as possible. • Concealing - Goal is to conceal its existence and purpose. • Profiting - Goal is to make profit for its creators.
Kali Linux
- Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools aimed at various information security tasks, such as Penetration Testing, Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company. - Kali Linux was released on the 13th March, 2013 as a complete, top-to-bottom rebuild of BackTrack Linux, adhering completely to Debian development standards.
Creating Strong Passwords
- Length is more important than complexity. - Longer passwords are stronger (exponential) than more complex passwords (linear).
Malware
- Malware, short for malicious software, is software that enters a computer system without the user's knowledge or consent and then performs an unwanted and usually harmful action. - Malware is a general term that refers to a wide variety of damaging/annoying software programs.
Security
- Necessary steps to protect a person or property from harm. Examples: Security for home from Burglary (Man) or Hurricanes (Natural) - Security is inversely proportional to convenience -As security increases, convenience decreases
Worm Actions
- Older worms were benign and designed simply to spread quickly and not corrupt the systems they infected. These worms only slowed down the network through which they were transmitted by replicating so quickly that they consumed all network resources. - Newer worms have become much more aggressive, often leaving a payload similar to a virus that can • Allow the infected computer to be controlled remotely. • Delete files on the infected computer.
Identity Theft: Fictitious IRS Claims
- One of the largest growing areas of identity theft. - In 2011, 1.5 million undetected false returns were processed resulting in $6.5 billion in refunds. - Thieves often assume the identity of a: • deceased person, • child, or • someone who would not normally file a claim.
Spies
- People hired to break into a computer and steal information. - They do not randomly attack unsecured computers. They are hired to attack a specific computer system. Goals: • Break into a computer or system. • Take information without drawing attention to their actions. - Skill: Generally possess excellent computer skills.
Variations on Phishing
- Pharming - Automatically redirects users to a fake Web site. Attackers penetrate the servers that direct traffic. - Spear phishing - Targets specific users, often tailoring the scheme by using the recipients name and personal information. - Whaling - Is a refined form of spear phishing that targets wealthy individuals. - Vishing - (voice phishing) Uses telephone communication rather than e-mail.
Phishing
- Phishing is sending an e-mail or displaying a Web announcement that falsely claims to be from a legitimate enterprise, in an attempt to trick the user into surrendering private information. -Users are asked to respond to an e-mail or are directed to a Web site, where they are requested to update personal information such as: • passwords • credit card numbers • Social Security numbers • bank account numbers • etc.
Cyberterrorism
- Premeditated, politically-motivated attacks against computer systems. - Intended to cause panic, provoke violence, or cause financial catastrophe
Introduction Chapter 3
- Protecting personal devices (desktop, laptop, tablet, smartphone) is challenging. - There are many different types of attacks that can be launched, and attackers are constantly modifying these attacks as well as creating new ones. - There is no single defensive program that can provide total protection. - Instead, we must use several different defenses
Ransomware
- Ransomware a type of malicious software designed to block access to a computer system until a sum of money is paid. • Ransomware typically propagates as a Trojan. • The program then runs a payload which typically takes the form of a scareware program. • Payloads may display a fake warning purportedly by an entity such as a law enforcement agency, falsely claiming that the system has been used for illegal activities, contains content such as pornography and "pirated" media, or runs a on-genuine version of Microsoft Windows.
Sarbox
- Sarbox covers the corporate officers, auditors, and attorneys of publicly traded companies. - Stringent reporting requirements and internal controls on electronic financial reporting systems are required. - Corporate officers who willfully and knowingly certify a false financial report can: • fined up to $5 million, and • serve 20 years in prison.
Types of Concealing Malware
- Several types of malware have the primary objective of hiding their presence from the user, as opposed to rapidly spreading a virus or worm. - Concealing malware includes: • Trojan • Rootkit • Backdoor • Arbitrary Code Execution
State notification and security laws
- Since the passage of California's Database Security Breach Notification Act in 2003, all other states (with the exception of New Mexico and South Dakota) have passed similar notification laws. - These laws require businesses to inform residents within a specific period of time (typically 48 hours) if a breach of personal information has or is believed to have occurred. - Some states are more stringent • Must encrypt all data if transmitting over the internet/usb • Notify victims within 90 days and offer one year of identity theft prevention services.
Script Kiddies
- Skiddies are attackers who lack the knowledge necessary to perform an attack on their own. They often use automated attack software, often referred to as an "exploit kit" from other attackers. - Over 40% of attacks require low or no skills.
Pretexting
- Social engineering pretexting is creating an invented scenario (a pretext) to persuade the victim to perform an action or provide confidential information. - While it involves lying, pretexting is considered to be much more than just creating a lie; it can fabricate an entirely new identity to use in the attack.
Software Keylogger
- Software keyloggers are programs installed on the computer that silently captures sensitive information. - The software, often installed as a Trojan or by a virus, can routinely send captured information back to the attacker through the Internet.
Uses of Botnets
- Spamming: A botnet consisting of thousands of zombies enables an attacker to send massive amounts of spam. Some botnets can also harvest e-mail addresses. - Spreading malware: Botnets can be used to spread malware and create new zombies and botnets. Zombies have the ability to download and execute a file sent by the attacker. - Manipulating online polls: Because each zombie has a unique Internet Protocol (IP) address, each "vote" by a zombie will have the same credibility as a vote cast by a real person. Online games can be manipulated in a similar way. - Denying services: Botnets can flood a Web server with thousands of requests and overwhelm it to the point that it cannot respond to legitimate requests.
Spyware
- Spyware is a general term used to describe software that spies on users by gathering information without consent, thus violating their privacy. - The Anti-Spyware Coalition defines spyware as tracking software that is deployed without adequate notice, consent, or control by the user. (Ari Scwartz)
Spyware's Impairment of User Control
- Spyware is implemented in a ways that impair the user's control over: • The use of system resources, including what programs are installed on their computers • The collection, use, and distribution of personal or otherwise sensitive information • Material changes that affect the user experience, privacy, or system security
Aaron Swartz (Hacktivist)
- Swartz downloaded about 2.7 million federal court documents stored in the PACER (Public Access to Court Electronic Records) database managed by the Administrative Office of the United States Courts. - The Huffington Post "Swartz downloaded public court documents from the PACER system in an effort to make them available outside of the expensive service. The move drew the attention of the FBI, which ultimately decided not to press charges as the documents, were, in fact, public." - PACER was charging 8 cents per page for information that Carl Malamud, who founded the nonprofit group Public.Resource.org, contended should be free, because federal documents are not covered by copyright.
Is Targeted Advertising Adware?
- Targeted advertising is a form of advertising that focuses on certain traits of the consumer, these traits are based on the product or person the advertiser is promoting. They are located in areas where consumers with those traits are likely to come upon. - Sometimes this kind of behavior is preferable, for instance, if you have a strong interest in computer/video games, an ad featuring the latest AAA release may be less obtrusive than an ad on home decorating.
GLBA
- The Gramm-Leach-Bliley Act (GLBA) like HIPAA protects private data. - GLBA requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. - All electronic and paper data containing personally identifiable financial information must be protected. - The penalty for noncompliance for a class of individuals is up to $500,000.
HIPAA
- The Health Insurance Portability and Accountability Act of 1996 (HIPAA). - Under HIPAA, healthcare enterprises must guard protected healthcare information and implement policies and procedures to safeguard it, whether it be in paper or electronic format. - Those who wrongfully disclose individually identifiable health information can be • fined up to $50,000 for each violation up to a maximum of $1.5 million per calendar year, and • sentenced up to 10 years in prison.
PCI DSS
- The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that all companies that • process, • store, or • transmit - credit card information must follow. - PCI DSS applies to any organization or merchant, regardless of its size or number of card transactions, that processes transactions either online or in person. - The maximum penalty for noncompliance is $100,000 per month.
Password Weaknesses
- The primary deficiency with passwords lie with the users who employ them. • Human beings can only memorize a limited number of items. • Long, complex passwords are difficult to memorize. • Users must remember multiple passwords for multiple accounts. • Users may take shortcuts that compromise security.
Passwords
- The primary means of authentication on a computer system has two components: • username - a unique string identifying the user. • password - a string (not necessarily unique) that authenticates the user - A password is a combination of letters, numbers, and special characters known only to the user.
Nigerian 419 Advance Fee Fraud
- The scam typically involves promising the victim a significant share of a large sum of money, contingent on the victim providing a small up-front payment. If a victim makes the payment, the scamming party either invents a series of further fees for the victim, or simply disappears. - The 419 is the section of the Nigerian Criminal Code that deals with fraud.
Malware that Spreads
- The two types of malware that have the primary objective of spreading are • Viruses, and • Worms - These are some of the earliest types of malware to have an impact on personal computer systems.
Attacks on Passwords
- There are a variety of attacks used on passwords - One technique that is NOT used is online guessing. - Although possible, it is impractical for an attacker to attempt to guess a password.
Possible Cyberterrorist Targets
- Traffic Lights - Banking - Air Traffic Controls
Difficulties in Defending Against Attacks (5 Reasons)
- Universally Connected Devices - Increased Speed of Attacks - Greater Sophistication of Attacks - Availability and Simplicity of Attack Tools - Faster Detection of Vulnerabilities
Differences between a Trojan and a Virus/Worm
- Unlike viruses which infect a system without the user's knowledge or consent, a Trojan program may be installed on a computer system with the user's approval. - Trojans typically do not replicate themselves to the same computer (like a virus) or to another computer (like a worm).
User Account Control (UAC)
- User account control is a security function that notifies the user when the operating system is about to perform an event. - UAC aids in preventing Trojan's from making unauthorized changes by asking a user with Administrator privileges to grant the OS permission before any changes are made.
Computer Virus
A computer virus is malicious computer code that reproduces on a single computer. A computer virus inserts itself into a file (data file or program). This can be done in several ways: • Appender infection • Swiss-cheese infection
Social Engineering
A means of gathering information for an attack by relying on the weaknesses of individuals.
Password Management Tool
A password management application is a program that lets a user create and store multiple strong passwords in a single user database file that is protected by one stronger master password.
Security Patch
A security patch (a.k.a. update) is a general software security update intended to cover vulnerabilities that have been discovered since the program was released.\
Service Pack
A service pack is software that is a cumulative package of all security updates plus additional features.
Defenses Against Attacks on Personal Security
A strong defense requires you to • Utilize strong passwords, • Be able to recognize phishing attacks, • Take necessary steps to avoid identity theft, • Secure social networking sites.
Account Privileges
A user account indicates the privilege level of a user. • Which files and folders may be accessed • What configuration changes can be made
Trojan (history)
According to legend, the Greeks won the Trojan War by hiding soldiers in a large hollow wooden horse that was presented as a gift to the city of Troy. Once the horse was wheeled into the fortified city, the soldiers crept out of the horse during the night and attacked the unsuspecting defenders.
Accounting
Accounting provides tracking ("audit trail") of events. This includes a record of who accessed what resources at what time.
Adware
Adware is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user. The adware program may infect a computer as the result of a virus, worm, or Trojan.
brute force attack
An automated attack, in which every possible combination of letters, numbers, and characters is used to create "candidate" passwords that are matched with those in the stolen password file.
Surface Web
Anything that can be found and indexed by a search engine
Hacktivists
Are motivated by ideology. They typically attack specific websites to promote a political agenda, or to retaliate for a specific prior event.
Greater Sophistication of Attacks
Attack tools vary their behavior so the same attack appears differently each time.
Faster Detection of Vulnerabilities
Attackers can discover security holes and hardware or software more quickly.
Increased Speed of Attacks
Attackers can launch attacks against millions of computers within minutes.
How can this Information be Used?
Attackers can: • Produce counterfeit checks or debit cards to remove money from an account. • Establish phone service in victim's name. • File for bankruptcy under victim's name to avoid eviction. • Purchase big-ticket items with stolen credit card numbers. • Open bank or credit accounts in victim's name. • Apply for loans in the victim's name. - The victim will often suffer from a damaged credit history, which in turn can be cause for being denied a job or being turned down for loans (car, school, home).
Universally Connected Devices
Attackers from anywhere in the world can send attacks.
Attackers want the Digest file
Attackers try to steal the file with the password digests and then compare them with the digests of known passwords. If a match occurs, then the password has been broken.
Distributed Attacks
Attackers use thousands of computers in an attack against a single computer or network.
Availability and Simplicity of Attack Tools
Attacks no longer limited to highly skilled attackers.
Authorization
Authorization is providing permission or approval to specific technology resources.
Computer Defenses Overview
Because of the large number of different types of attacks, there are several security protections that a computer should have installed and configured to resist attacks: • Managing patches • Installing antivirus software • Configuring personal firewalls • Using User Account Control • Protecting against theft • Creating data backups • Knowing steps for recovering from an attack
Bot Herder
Botnets are under the control of the attacker, known as a bot herder.
Default Options
By default, disable most sharing options and enable them only when necessary.
Recognizing Phishing Attacks
Common traits of phishing e-mails: • Official Logos • Web Links • Urgent Request
Varying Levels of Access
Consider allowing acquaintances and business associates access to a limited version of your profile.
Deep Web
Content that cannot be found by a search engine but only through a search dialog box on the site
Who is affected by cyber crime?
Cybercrime has affected over 400 million adults this year. -14 people per second
Virus Actions
Each time the infected program is launched or the file is opened, either by the user of the computer's operating system, the virus performs two actions. 1. It tries to reproduce itself by inserting its code into another file on the same computer. 2. It unloads a malicious payload and performs an action.
Legislation to Help Users Monitor Financial Information
Fair and Accurate Credit Transactions Act (2003): - Allows consumers free access to credit report. - Consumers can report inaccuracies, and the agency must investigate and respond.
Vulnerability
Flaw or weakness that allows a threat agent to bypass security.
Social Networking
Grouping individuals and organizations into clusters bases on their likes and interests is called social networking.
What is Identity Theft?
Identity theft involves using someone's personal information, such as their name, Social Security number, or credit card number, to commit financial fraud.
AV: Dealing with Viruses
If a virus is detected, AV software typically provides three ways of dealing with the threat: • Clean the infected file of the virus, • Quarantine the infected file, or • Delete the file.
AAA
In addition to the CIA triad, another set of protections must be implemented to secure information. These are authentication, authorization, and accounting - or AAA.
Appeal of Botnets for an Attacker
In many ways a botnet is the ideal base of operations for an attacker • Zombies are designed to operate in the background. Often without raising the suspicion of the user. • Botnets offer a means for covering the bot herder's tracks. Any trace would lead back to the zombie machine. • By maintaining a low profile, botnets are able to remain active and operational for years. • The growth of always-on-Internet services ensures that a large percentage of zombies in a botnet are accessible at a given time.
Dark web
Information that has been intentionally hidden and cannot be accessed through a standard web browser
Integrity
Integrity ensures that the information is correct and no unauthorized person or malicious software has altered the data.
Avoiding Legal Consequences
Laws protecting electronic data privacy: • The Health Insurance Portability and Accountability Act of 1996 (HIPAA) • The Sarbanes-Oxley Act of 2002 (Sarbox) • The Gramm-Leach-Bliley Act (GLBA) • The California Database Security Breach Act (2003)
Risk
Likelihood that a threat agent will exploit a vulnerability. Three options for dealing with risk: accept, diminish, transfer.
Early Attacks
Many early computer attacks were malicious in nature: they were intended to ease a user's data on the computer or corrupt the hard disk so that the computer could not properly function. These types of attacks are similar to vandalism, where the goal is to deface or destroy.
Psychological Approaches
Many social engineering attacks rely on psychology, which is a mental and emotional approach, rather than a physical one. Methods of persuasion • Ingratiation (flattery/insincerity) • Conformity (do what everyone else is) • Friendliness
Weak Security Update Distribution
Many software products lack a means to distribute security patches in a timely fashion.
Government Agencies
May instigate attacks against own citizens or foreign governments. Examples: • Malware Flame - targeted computers in Eastern Europe. • Malware Stuxnet - targeted a nuclear power plant near Persian Gulf. • Iranian government reads e-mail messages of 30,000 citizens.
What kind of devices are prone to cyber crime other than PC/Mobile?
Medical Devices: Insulin pump and Defibrillator Vehicles: Tire Pressure Monitoring System (TPMS) Progressive Snapshot
Virus Detection
Most AV software identifies malware on a computer by matching it to a known pattern or "signature" of the malware. For this reason, it is imperative to have up-to-date signature files (a.k.a. virus definitions).
Automatic Updates
Most modern operating systems have the ability to perform automatic patch updates to their software.
Data Backups: Software & Strategy
Most operating systems come equipped with some means of performing automatic backups, as well as third party software that provides additional functionality.
Recovering from an Attack
Not if but when? - Your system will fail, it may be due to an attack, hardware failure, software corruption, etc. - Be prepared, have a recovery disc for your operating system, and backup all personal files (all the time).
Scareware Tactics
Often this software tries to impel the user to take some action by providing a "service" to correct some fictitious deficiency. Scareware often • Uses legitimate trademarks or icons • Pretends to perform a security scan and find serious problems • Offers a "premium service" that requires payment in order to fix the deficiency
Brief History of Rootkits
Originally the term rootkit referred to a set of modified and recompiled tools for the UNIX operating system. A root is the highest level of privileges available in UNIX, so a rootkit described programs that an attacker used to gain root privileges and to hide the malicious software.
Do Passwords Provide a Strong Defense?
Passwords are not considered a strong defense against attackers. • Passwords can be weak. • Passwords are subject to different types of attacks.
Security Settings
Pay attention to information about new or updated security settings.
Threat Agent
Person or element with power to carry out a threat.
Policies and Procedures
Plans and policies established by an organization to ensure that people correctly use the products.
Scareware
Scareware is software that displays a fictitious warning to the user in an attempt to "scare" the user into an action.
Asset
Something of value.
Spyware's Negative Affect on the Computer
Spyware also has a negative affect on the computer itself: - Slow computer performance: Spyware can increase the time to boot a computer or surf the internet. - Create system instability: Spyware can cause a computer to freeze frequently or reboot. - Add browser toolbars and menus: Spyware may install new Web browser menus or toolbars. - Add shortcuts: New shortcuts on the desktop or in the system tray may indicate the presence of spyware. - Hijack a home page: An unauthorized change in the default home page on a Web browser can be caused by spyware. - Increase pop-ups: Pop up advertisements that suddenly appear are usually the result of spyware.
Exploit
Taking advantage of the vulnerability.
Rootkits and the OS
The alarming thing for the user is that once a rootkit is operational, the user can no longer trust their own computer. A rootkit may actually be in charge and hide what is occurring on the computer. There is no way to know exactly what functionality is being compromised.
dictionary attack
The attacker creates a digest of common dictionary words, and then compares them against those in the stolen password file. This strategy is successful because users often create passwords that are simple dictionary words.
Ransomware Cryptovirology
The cryptovirology form of the attack has ransomware systematically encrypt files on the system's hard drive, which becomes difficult or impossible to decrypt without paying the ransom for the decryption key.
Characteristics of Weak Passwords
The following exemplify characteristics common among weak passwords: • Use a common word. • Short passwords • A predictable sequence of characters • Use personal information in a password. • A static password or the same password for multiple accounts.
Hardware Keylogger
The keylogger is installed between the computer keyboard and a USB port.
Shoulder Surfing
The practice of spying on the user of an ATM, computer, or other electronic device in order to obtain their personal access information.
G2A
The problem is that this business model is fundamentally flawed and facilitates a black market economy. I've spoken to a merchant on G2A about how he's making $3-4k a month, and he outlined the core business model: • Get ahold of a database of stolen credit cards on the darkweb • Go to a bundle/3rd party key reseller and buy a ton of game keys • Put them up onto G2A and sell them at half the retail price
Data Backups
The process of creating a data backup involves copying files from a computer's hard drive onto other digital media that is stored in a secure location. - As well as protecting against computer attacks because they can restore an infected machine to its properly functioning state, backups also protect against • hardware malfunction, • user error, • software corruption, and • natural disasters.
Types of Malware that Profits
There are five main types of malware whose primary goal is to bring profit to the attacker. They are: • botnets, • spyware, • adware, • scareware, and • ransomware.
Password Authentication
There are three main types of authentication: • What you have • What you are • What you know. Example: man locks his car and enters health club. • Key fob (what he has) used to lock car. • Desk attendant recognizes him and lets him in (what he is) • Uses memorized combination to open locker (what he knows)
Avoiding Identity Theft
There are two basic steps for avoiding identity theft: 1. Deter theft by safeguarding information. 2. Monitor financial statements and accounts
Can Macs not get viruses
There exists a misconception that attacks only occur on Windows operating systems. Trojan BackDoor.Flashback, commonly referred to as the Flashback Trojan, is a Trojan running Mac OS X. The first variant of Flashback was discovered by antivirus company
Using non-keyboard characters
These are accessed by holding down the "Alt" key while typing a number on the numeric keypad.
People
Those who implement and properly use security products to protect data.
Today's Attacks
Today's attacks differ in that they are • Designed to steal information (usually for financial gain), • Directed at a wide group of users, • Affect a wide variety of devices and operating systems.
Today's Attacks: Business implications
Two main considerations: • Financial Loss - Average cost ~$7.2 million • Implications regarding potential customers
Threat
Type of action with potential to cause harm.
User Confusion
Users are required to make difficult security decisions with little or no instruction.
Delays in Security Updating
Vendors are overwhelmed trying to keep pace by updating their products against attacks.
Typo Squatting
What happens when a user makes a typing error when entering a uniform resource locator (URL) address in a web browser, such as: • typing goggle.com, a misspelling • typing google.net, an incorrect domain - Often, the user will be directed to a fake look-alike site. - These fake sites exists because attackers purchase the domain names of sites that are spelled similarly to actual sites. This is called typo squatting a.k.a. URL hijacking. - An even larger problem is that of email from these fake sites
What happens in the background?
When a user enters their password to log on, the same hash algorithm used to create the digest is applied to the user supplied password and then compared with the stored version; if it matches, the user is approved.
Botnets
When hundreds, thousands, or even hundreds of thousands of zombie computers are gathered into a logical computer network under the control of an attacker, this creates a botnet.
Rule of thumb for Firewalls
When in doubt block everything and create exceptions for known connections.
Brokers
individuals who uncover vulnerabilities, do not report them to the software vendor, but instead sell them to the highest bidder
buffer
is a storage area on a computer that contains the return address for the computer processor.
Tailgating
is one of the most common and innocent security breaches - an employee opening a door and holding it open for others, visitors without badges, or the passive acceptance of a uniformed worker.
Antivirus (AV)
software can scan a computer's hard drive for infections as well as monitor computer activity and examine all new documents such as e-mail attachments, that might contain a virus.
The 414s
were a group of friends and computer hackers who broke into dozens of high-profile computer systems, including ones at Los Alamos National Laboratory, Sloan-Kettering Cancer Center, and Security Pacific Bank, in the early 1980's.
Example in Information Security
• Asset - Employee database • Threat - Steal data • Threat Agent - Attacker,virus,flood • Vulnerability - Software defect • Exploit - Send virus to unprotected email server • Risk - Information will be stolen
Example: non-technical setting
• Asset - Rims • Threat - Steal rims from car • Threat Agent - Thief • Vulnerability - Faulty garage door • Exploit - Lift garage door • Risk - Rims will be stolen
Recommendations for Strong Passwords
• Avoid dictionary and phonetic words • Avoid birthdays, names, addresses or personal information • Avoid repeating characters • Use a minimum of 12 characters • Consider using a passphrase
Building a Comprehensive Security Strategy (Four Key Elements)
• Block attacks • Update Defenses • Minimize Losses • Send Secure Information
The following are examples of virus actions
• Causing a computer to crash repeatedly • Displaying an annoying message • Erasing files from the hard drive • Making copies of itself to consume all space on the hard drive. • Turning off security settings • Reformatting the hard drive
Three protections that must be extended (CIA triad)
• Confidentiality • Integrity • Availability
Who are the Attackers?
• Cybercriminals • Script Kiddies • Brokers • Spies • Insiders • Cyberterrorists • Hacktivists • Government Agencies (a.k.a. state sponsored agencies)
Adware Actions
• Display pop-ups and banners • Open Web browsers at random intervals • May display objectionable content • May interfere with user productivity • May track and monitor user actions
Data Backups: Where?
• External hard drive • Disc Storage (DVD) • Network-attached storage (NAS) • Cloud-based storage
Psychological social engineering approaches often involve:
• Impersonation, • Phishing, and • Hoaxes.
Other Capabilities of Password Management Tools
• In-memory protection • Key files • Lock to user account • Import and Export • Password groupings • Random password generator
Targets of Cybercriminals
• Individuals and businesses Steal and use: stolen data, credit card numbers, online financial account information, SSN OR: spam emails to peddle counterfeit drugs, pirated software, fake watches, and pornography. • Businesses and governments Bus: Attempt to steal research (Imitators do not have to spend the development $$$) Gov: Government secrets such as Missile Defense
Swiss Cheese Infection
• Injects portions of its code throughout the program's executable code instead of only at the end of the file. • Any overwritten original code is transferred and stored inside the virus code for proper execution of the host program after the infection.
Challenges of Securing Information
• No single simple solution exists for protecting computers and securing information. • The variety of attacks that can occur. • The difficulties associated with defending against these attacks
Additional Risks of Social Networking Sites
• Personal data can be used maliciously. • Users can be too trusting. • Social networking security is lax or confusing. • Accepting friends may have unforeseen consequences.
Goals of Information Security
• Preventing data theft • Thwarting identity theft • Avoiding legal consequences • Maintaining productivity • Foiling cyberterrorism
Information protected by three layers:
• Products • People • Policies and procedures
Types of Viruses
• Program virus • Macro virus
Steps to Prevent Identity Theft
• Shred financial documents • Avoid carrying your Social Security card in wallet • Secure personal information at home • Do not provide personal information over the phone or via e-mail • be alert to sign of unusual activity in accounts
Identity Theft examples
• Stealing a person's information • Using information to impersonate the victim • Usually motivated by financial gain
Data theft examples
• Stealing business information • Stealing personal credit card number
Information security must protect devices that:
• Store, • Process, and • Transmit information
Information Security
• Task of securing information in a digital format • Ensures protective measures are properly implemented • Protects information of value to people and organizations
Appender Infection
• The virus attaches or "appends" itself to the end of a file. • It then changes the beginning of the original file with a "jump" instruction point to the virus code. • When the program is launched, the jump instruction redirects control to the virus.
Payment Card Thieves
• Thieves can determine if a stolen card number is active by making a small purchase. • Some black market sellers will provide a guarantee that the stolen card numbers will remain active for a specific period of time or for purchases up to a specific value. • Black-market sellers will often monitor how their customers use the stolen cards. • Stolen card numbers that also include personal information are worth more
Data Backups: What?
• User files - (My Documents, My Music, etc) - Any user specific files that would be hard to replace. • Configuration files - (.vimrc, .bashrc, .pam_environment, etc) - Personalized configuration files that tie in to system files/programs. • System files - (C:Windows32) - System files necessary for the operating system to run. • All three