Importance of Cyber Security

 The Internet allows an attacker to work from anywhere on

the planet.

 Risks caused by poor security knowledge and practice:

 Identity Theft
 Monetary Theft
 Legal Ramifications (for yourself and your organization)
 Sanctions or termination if policies are not followed

 According to the SANS Institute, the top vectors for

vulnerabilities available to a cyber criminal are:
 Web Browser
 IM Clients
 Web Applications
Excessive User Rights
Cyber Security

• Cyber security refers to the body of technologies,

processes, and practices designed to protect networks,
devices, programs, and data from attack, damage, or
unauthorized access.
Cyber Security Domains
Threats and Vulnerabilities
 What are we protecting our and our stakeholders
information from?
Threats: Any circumstances or events that can
potentially harm an information system by
destroying it, disclosing the information stored on
the system, adversely modifying data, or making
the system unavailable
Vulnerabilities:Weakness in an information system
or its components that could be exploited.
  Phishing and Spear-
phishing Attacks
 Social Engineering Scams
WHAT KINDS  Common Malware and
OF Ransomware
THREATS  Business Email
Compromise
ARE THERE?
Fake websites that steal
data or infect devices
 And much more
 Phishing
Phishing refers to the practice of creating fake emails or SMS that appear to
come from someone you trust, such as: Bank, Credit Card Company, Popular
Websites
 The email/SMS will ask you to “confirm your account details or your
vendor’s account details”, and then direct you to a website that looks just
like the real website, but whose sole purpose is for steal information.
 Of course, if you enter your information, a cybercriminal could use it to
steal your identity and possible make fraudulent purchases with your
money.
Phishing Statistics
 Verizon DBIR 2020: Phishing is the biggest cyber threat for
SMBs, accounting for 30% of SMB breaches
 KnowBe4: 37.9% of Untrained Users Fail Phishing Tests
 84% of SMBs are targeted by Phishing attacks
 A new Phishing site launches every 20 seconds
 74% of all Phishing websites use HTTPS
 94% of Malware is delivered via email
Example of Phishing
Social Engineering

 When attempting to steal information or a

person’s identity, a hacker will often try to
trick you into giving out sensitive information
rather than breaking into your computer.
 Social Engineering can happen:
 Over the phone
 By text message
 Instant message
 Email
Malware

 Malware = “malicious software”

 Malware is any kind of unwanted software that is
installed without your consent on your computer
and other digital devices.
Viruses, Worms, Trojan horses, Bombs, Spyware,
Adware, Ransomware are subgroups of malware.
Viruses

A virus tries to infect a carrier, which in turn

relies on the carrier to spread the virus around.
A computer virus is a program that can replicate
itself and spread from one computer to
another.
Viruses cont.
 Directinfection: virus can infect files every time a user
opens that specific infected program, document or
file.
 FastInfection: is when a virus infects any file that is
accessed by the program that is infected.
 Slowinfection: is when the virus infects any new or
modified program, file or document.
 Great way to trick a antivirus program!
 Sparse Infection: is the process of randomly infecting
files, etc. on the computer.
 RAM-resident infection: is when the infection buries
itself in your Computer’s Random Access Memory.
Bombs
 LogicBombs: is programming code that is designed to
execute or explode when a certain condition is
reached.
 Most the time it goes off when a certain time is reached or a
program fails to execute. But it these bombs wait for a
triggered event to happen.
 Most common use of this is in the financial/business world.
 MostIT employees call this the disgruntled employee
syndrome.
Trojans
 Trojan horse: is a program or software designed to look like a
useful or legitimate file.
 Once the program is installed and opened it steals information or
deletes data.
 Trojan horses compared to other types of malware is that it
usually runs only once and then is done functioning.
 Some create back-door effects
 Another distribution of Trojans is by infecting a server that hosts
websites.
 Downfall of Trojans: very reliant on the user.
Worm
s
 Worms and viruses get interchanged commonly in the
media.
 In reality a worm is more dangerous than a virus.
 User Propagation vs. Self Propagation
 Worm is designed to replicate itself and disperse
throughout the user’s network.
 Email
Worms and Internet Worms are the two most
common worm.
Email Worm

 Emailworm goes into a user’s contact/address book

and chooses every user in that contact list.
 It then copies itself and puts itself into an attachment;
then the user will open the attachment and the process
will start over again!
 Example: I LOVE YOU WORM
Internet Worms
 AnInternet Worm is designed to be conspicuous to the
user.
 Theworms scans the computer for open internet ports
that the worm can download itself into the computer.
 Onceinside the computer the worms scans the
internet to infect more computers.
Zombie & Botnet
 Secretly takes over another networked computer
by exploiting software flows
 Builds the compromised computers into a zombie
network or botnet
a collection of compromised machines running
programs, usually referred to as worms, Trojan horses,
or backdoors, under a common command and control
infrastructure.
 Uses it to indirectly launch attacks
E.g., DDoS, phishing, spamming, cracking
Adware and Spyware
 Adware is a type of malware designed to display
advertisements in the user’s software.
 They can be designed to be harmless or harmful; the adware
gathers information on what the user searches the World Wide
Web for.
 With this gathered information it displays ads corresponding to
information collected.
 Spyware is like adware it spies on the user to see what
information it can collect off the user’s computer to display pop
ads on the user’s computer.
 Spyware unlike adware likes to use memory from programs
running in the background of the computer to keep close watch
on the user.
 This most often clogs up the computer causing the program or
computer to slow down and become un-functional.
Exploit Kit
Identity Theft
 Identity Theft
 Impersonation by private information
 Thief can ‘become’ the victim
 Reported incidents rising
 Methods of stealing information
 Shoulder surfing
 Snagging
 Dumpster diving
 Social engineering
 High-tech methods
Identity Theft
 Loss of privacy
 Personal information is stored electronically
Purchases are stored in a database
 Data is sold to other companies
 Public records on the Internet
 Internet use is monitored and logged
 None of these techniques are illegal
Denial of Service
Attack
Ransomware
 Ransomware is a type of
malware that restricts your
access to systems and files,
typically by encryption and then
demands a ransom to restore
access.
 Often, systems are infected by
ransomware through a link in a
malicious email. When the
user clicks the link, the
ransomware is downloaded to
the user’s computer,
smartphone or other device.
Ransomware may spread
through connected networks.
Ransomware

Top Ransomware Vulnerabilities:

• RDP or Virtual Desktop endpoints without MFA
• Citrix ADC systems affected by CVE-2019-19781
• Pulse Secure VPN systems affected by CVE-2019-11510
• Microsoft SharePoint servers affected by CVE-2019-0604
• Microsoft Exchange servers affected by CVE-2020-0688
• Zoho ManageEngine systems affected by CVE-2020-10189
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare
-
Ransomware Controls
 Weapons-Grade Data Backups
 Religious Patch Management
 Plan to Fail Well (Incident Response Plan)
 Know who to call!
 Training and Testing Your People
 Don’t Open that Email Link/Attachment
Business Email Compromise
Business Email Compromise
COVID-19 Cyber Threats

• Google: 18+ Million COVID-19 emails in just the one week, in

addition to 240M daily COVID-19 spam messages
• Phishing up 667% right now
• FBI IC3: 4x complaints per day (1K before COVID-19, now 3k-4k
per day)
• 148% spike in ransomware attacks due to COVID-19
• 30%-40% increase in attacker interest relating to RDP (as
measured by Shodan)
• 26% increase in e-comm web skimming in March
• Healthcare, Financial Services, Medical Suppliers and
Manufacturing, Government and Media Outlets all seeing a
large increase in cyber threats
 Cyber Crime

Cyber Crime is a generic term that refers to all criminal activities

done using the medium of communication devices, computers,
mobile phones, tablets etc. It can be categorized in three ways:
•The computer as a target – attacking the computers of others.
•The computer as a weapon- Using a computer to commit
“traditional crime” that we see in the physical world.
•The computer as an accessory- Using a computer as a “fancy
filing cabinet” to store illegal or stolen information.
Hacking
 Financial (theft,
fraud, blackmail)
 Political/State (state
level/military)
 Fame/Kudos
(fun/status)
 Hacktivism (cause)
 Pen Testers (legal
hacking)
 Police
 Insider
 Business
System Hacking
 System hacking is a vast subject that
consists of hacking the different software-
based technological systems such as laptops,
desktops, etc.
 System hacking is defined as the
compromise of computer systems and
software to access the target computer
and steal or misuse their sensitive
information.
 Here the malicious hacker exploits the
weaknesses in a computer system or
network to gain unauthorized access to its
data or take illegal advantage.
 Hackers generally use viruses, malware,
Trojans, worms, phishing techniques, email
spamming, social engineering, exploit
operating system vulnerabilities, or port
vulnerabilities to access any victim's
system.
Cybercrime as a Service
Cybercrime as a Service
Web, Deep Web & Dark Web
What does a Cyber Security Professional look like?
How We Protect Information?
 People
 Training, education, awareness, repetition

 Process
 Governance, oversight, policy, reporting

 Technology
 Firewalls, IDS/ISP, SIEM, anti-malware
 Strong passwords, Logging/monitoring

 Which is the weakest link?

Sun Tzu on the Art of War

 If you know the enemy and

know yourself, you need not
fear the result of a hundred
battles.
 If you know yourself but not
the enemy, for every victory
gained you will also suffer a
defeat.
 If you know neither the enemy
nor yourself, you will
succumb in every battle.
WHAT IS FOOTPRINTING?
 Definition: the gathering of information
about a potential system or network (the
fine art of gathering target information)
 a.k.a. fingerprinting
 Attacker’s point of view
 Identify potential target systems
 Identify which types of attacks may be useful
on target systems
 Defender’s point of view
 Know available tools
 May be able to tell if system is being
footprinted, be more prepared for possible
attack
 Vulnerability analysis: know what
information you’re giving away, what
weaknesses you have
WHAT IS FOOTPRINTING?
 System (Local or Remote)  Networks / Enterprises
 IP Address, Name and Domain  System information for all
 Operating System hosts
 Type (Windows, Linux, Solaris,  Network topology
Mac) Gateways
 Version (XP/Vista/7/10, Firewalls
Redhat, Fedora, SuSe, Ubuntu,
OS X) Overall topology
 Usernames (and their  Network traffic information
passwords)  Specialized servers
 File structure  Web, Database, FTP, Email,
 Open Ports (what etc.
services/programs are running  Social Media
on the system)
Summary
• Cybersecurity will require a
significant workforce with deep
domain knowledge.
• Almost everything is hooked up
to the internet in some sort of
form.
• Recent events have widened
the eyes of many security
experts.
• The ability to gain access to
high security organizations,
infrastructures or mainframes
has frightened many people.
• Could one click of the mouse
start World War III?
 ou !
k y
an
Th