This document discusses various cybersecurity threats and best practices for protection. It begins by defining key cybersecurity terminology. It then describes the spectrum of cyber threats from personal to global levels, including viruses, worms, Trojans, and types of hacking like phishing, spoofing and hacktivism. Examples of cyberwarfare and its purposes are provided. The document recommends developing literacy about threats, protecting vulnerabilities in devices, software and user behavior, and describes approaches for secure environments like backups and system updates. Cyber threats targeting students are also outlined.
3. Syllabus Objectives
• Describe the broad spectrum of cyber threats and how
they affect you and your students.
• Define essential terminology used in discussing cyber
security.
• Through discussion, participants will share their
experiences concerning data security.
• Identify to students using lecture, lab or discussion,
three or more data security risks they may encounter.
• Describe 3 “best practices” you can use to limit risk
from a cyber threat.
• Create anti-matter (no… not really).
Upon completing this presentation, you shall be able to:
4. Spectrum of threat
Personal Global
Virus on my PC
Tracking people
My data stolen
Work National
Ineffective/slow
computer
Resource usage
Corporate data
Intellectual
Property
Infra-structure
Privacy (Personal
& Corporate)
Economic
impact, piracy,
intelligence
Cyberwarfare
Hacktivisim
Financial
5. Purpose of Cyberwarefare attacks
• Disable websites and networks
• Disrupt or disable essential services
• Steal or alter classified data
• Cripple financial systems
(source: searchsecurity.techtarget.com)
Cyberwarfare is Internet-based conflict involving politically motivated
attacks on information and information systems.
6. Global Cyberwarefare Examples
• Iranian nuclear espionage
Stuxnet (June 2010) – ruined appox. 1/5 of
their centrifuge systems.
(Wikipedia, n.d.); (globalresearch)
• "GhostNet“, a spy network, accessed
confidential information belonging to both
governmental and private organizations in
over 100 countries around the world.
• In 2007, in Estonia, a botnet of over a million
computers brought down government,
business and media websites.
(searchsecurity.techtarget.com)
7. Hacktivism – “hack” & “activism”
• Defacing websites who
oppose their ideology.
• Development of PGP was in
response to bill permitting
government to obtain plain
text content.
(Wikipedia, n.d.)
… the act of hacking, or breaking into a computer system, for a politically or
socially motivated purpose.
(source)
8. Hacktivism examples
• During the 2009 Iranian election
protests, Anonymous played a
role in disseminating
information to and from Iran by
setting up the website
Anonymous Iran; they also
released a video manifesto to
the Iranian government.
• Anonymous - Message to the
American People
https://www.youtube.com/watc
h?v=HrXyLrTRXso
• Google helped SayNow and
Twitter to provide
communications for the
Egyptian people in response to
the government sanctioned
internet blackout during the
2011 protests. The result, Speak
To Tweet, was a service in which
voicemail left by phone was
then tweeted via Twitter with a
link to the voice message on
Google's SayNow.
9. Domestic Cyber threats
• Intellectual Property theft
from both government and
businesses.
(Source: The Dragon and the Computer: Why Intellectual Property
Theft is Compatible with Chinese Cyber-Warfare Doctrine)
• Infra-structure – electrical
grid, water systems,
communications,
transportation.
10. Malware stories
• Target cyber attack
– "memory-parsing" software known as
a "RAM scraper," -- it steals the
transaction data from a credit or
debit card's magnetic strip during a
brief unencrypted moment in the
transaction process .
(AP Photo/Steven Senne)
11. Data Security – Surveillance? Privacy?
• NSA wireless transmitter
NSA’s malware program,
codenamed QUANTUM.
Uses a secretly installed
radio transmitter. Affected
computers do not need to
be connected to the
Internet.
12. Data Security Examples
• FBI could remotely and secretly activate video
cameras on devices.
(From a web article that cites a Washington Post report.)
• Students at John Hopkins discovered how to disable
the LED on a Mac so that the camera could take
pictures without indicating it was on.
• Student doctoral research details how he accessed
network through a CISCO VoIP phone.
13. Business attacks
• Taking over web sites
– To harm reputation
– To redirect customers
– To capture login credentials or financial information
• Stealing Intellectual Property or Trade Secrets
• Disruption operations both internally and externally,
such as with a Distributed Denial of Service (DDoS)
14. Schools & Colleges Data Security
• Grade and transcripts
modifications
Blackboard - Dutch company
Online24 reports vulnerability
that student could alter grades.
(http://www.utwente.nl/onderwijssystemen/nieuwsarchief/ni
euwsberichten/blackboard_veiligheid_eng/)
• Changes to financial records
Unauthorized access to student records
15. Targeting your Devices & Information
Motivation for creating malware
Outcome Computer action
“bragging rights” / name
recognition
System access or proliferation of malware
Obtaining personal data Identity theft / social engineering attacks /
account access
Using / Controlling computer E-mail SPAM campaigns; DDoS attacks; bot-nets
Financial benefit Directs user to buy software to repair / recover
Spying / Voyeurism Secretly listen or watch people
16. Description
Purposes to create another copy of
itself as part of its function.
It must be run or executed as code
by exploiting a weakness in the OS,
a program or trick the user.
Analogy
As implied by the name, a molecular
virus attaches to a healthy cell and
injects its viral nucleic acids so that the
healthy cell regenerates the virus cell.
Malware explained - Viruses
17. Description
Appearing as a legitimate program, a
Trojan infection installs unwanted,
often harmful additional program.
Trojans are not self-replicating like
viruses.
Trojans drop a ‘payload’ – keyloggers,
Remote Access Trojans (RATs), back-
doors, Internet Relay Chats (IRC). Can
be used to create bot-nets.
Analogy
The threat from the classical “Trojan
Horse” was not the horse, but the
armies that were inside and released.
Malware explained - Trojans
18. Description
Worms, similar to viruses, make
copies of themselves. However,
worm infections do not attach to
other programs, requiring you to
“run” them.
Often Worms will replicate through
networks using e-mails.
Analogy
Tapeworm eggs eaten by flea larvae, in
turn create a cyst in flea, ingested by
dog during grooming, eggs excreted by
dog and cycles again.
Malware explained - Worms
19. Spoofing
Impersonating another person or
web site in an effort to trick
someone into giving up
information or install some form of
malware.
Entire web sites have been
duplicated and their domain
redirected to the false site.
Spoofing
20. Phishing
Here the sender is targeting a person to
give up sensitive information.
An e-mail that asks the user to click on a
link and verify their login information,
but the link is to a spoofed web site.
A phone call where the support agent
reports that he is with Microsoft and
they have detected a problem with the
computer and want you to allow them a
remote support session to fix it.
Phishing
21. Aurora Botnet
Fake Malware Alerts
Virus repair utility is actually a dropper
that creates a bot-net.
Description of how the “Aurora
Botnet” infected and used other
systems.
https://blog.damballa.com/archives/tag
/aurora-botnet
22. Literacy – learn about the threats; how to minimize
exposure; and how to fix if infected.
Protect three areas of vulnerabilities
1. Access to your devices – both physically and electronically.
2. Use of security software – Firewall, AV, encryption, backup,
system updates, etc.
3. Realize the YOU can be the “weakest link”
Register devices; use location apps like “find iPhone”
Protection & Solutions
23. Access to your devices
• Keep device(s) with you; in a
locked/secure area when you
are not using them.
• Know about the networks
you are using – wired,
wireless, or both.
• Follow “good practices” with
regard to passwords. And for
sensitive/confidential data,
consider multi-factor
authentication.
24. Security Software
• Anti-Virus – Free ones are
good; consider one for
mobile devices; Mac and
iPhone have low risk, but
viruses are possible.
• Anti-Spyware – spyware
can slow down a computer;
threats are not usually as
severe.
25. What is a Firewall and why do I need it?
Simplify the function of your firewall to be that of a
security guard at the entrance to a community.
Your cars get a sticker which tells the guard it is OK to let
you by. And perhaps there is the local pizza guy or a
friend can come in, but you need to let the guard know
and provide him a name or number.
The security would not work if you agreed to mail out
access stickers to someone who sent you an email
saying they wanted to drop off a package.
Data traffic uses TCP/IP communication protocols with port numbers to communicate with
software services. The firewall uses rules and, at times, behaviors to determine which
connections should be allowed.
26. Backup (Most ignored advice)
• Malware attacks quite often result in a loss of data.
Either the files are deleted or infected or the drive
needs to be erased to fully clean the system.
• Backup strategies that work best involve:
– Automated scheduled backups… local or in the cloud.
– Periodic full backups to an alternate location (to protect
against corrupt backups being unusable).
– Password protect and for sensitive data; encrypt.
27. Encrypting Data
• Making data unreadable except by the encryptor
• Used for data “in transit” (being transferred) or “at
rest” (stored)
• cryptographic algorithms (you may see these along the
way – only a sampling)
– AES (Advanced Encryption Standard)
– SHA (Secure Hash Algorithm)
– DSS (Digital Signature Standard)
28. Encryption basics
• A cipher is used in an
algorithm to code the
message. As a simple
example, shift three letters
down the alphabet.
• “Hello” becomes “Khoor”
• The cipher is the key.
29. Using encryption keys
• Send your lock to me open; I put
my stuff in, lock it, and send it
back to you. You use your key to
open and access.
• The process:
– Two “keys” are made, one public; one
private.
– Files can be encrypted with the public
one.
– Only the holder of the private key can
decrypt.
30. Public Key - aka Asymmetric cryptography
It is "impossible"
(computationally
unfeasible) for a properly
generated private key to be
determined from its
corresponding public key.
Keys are used to encrypt
files or validate digital
signatures.
31. Digital signatures
• Validates the originator or
the sender – ensures three
aspects of data security:
– Authentication
Verifies the identity of the
sender.
– Non-repudiation
One cannot claim the data has
changed.
– Integrity
Message was not altered in
transit.
32. Internet Protocol Security (IPSec )
• IPSec is a general-purpose security technology
(protocol) that can be used to help secure network
traffic in many scenarios.
• Operates below the “application” layer in the protocol
stack at the Internet Layer. Secure Sockets
Layer (SSL), Transport Layer Security (TLS) and Secure
Shell (SSH) operate in the “Application” layer.
• Handles authenticating and encryptingeach IP
packet of a communication session.
• Establishes mutual authentication between agents at
the beginning of the session and negotiation
of cryptographic keys to be used during the session.
• IPsec can be used in protecting data flows between a
pair of hosts (host-to-host), between a pair of security
gateways (network-to-network), or between a security
gateway and a host (network-to-host).[1]
• Applications do not need to be specifically designed to
use Ipsec because they sit “a top”.
(Source: Wikipedia.org)
34. Protecting you from… you
• Getting tricked by phishing
scams.
• Opening malware in e-
mails.
• Downloading & installing
“free” software or utilities.
• Poor passwords
management.
• Securely disposing of old
equipment.
• Not aware of or ensuring
use of secure protocols
(e.g. https, SSL, SSH)
• Backup strategy missing or
weak.
35. Social Engineering
• social engineering hacker—
someone who tries to gain
unauthorized access to
your computer systems
• Tailgates past security door.
• Distracts user away from
computer so that malware
can be installed.
• Collects organizational
information to engage in
credible discussions about
getting access.
36. How to remove threats
• Turn-off or disconnect to prevent further loss
(consider backing up data before repairs)
• Using another device, “Google” symptoms
• Boot off a Rescue CD or USB (free downloads)
• Safest is to recover, restore image or reinstall.
37. Approaches to secure environments
• Use of UAC on a PC and other
security settings.
• Browser security settings.
• Use of a “sandbox” and/or
virtual machines.
• Programs that reboot to stored
image – Deep Freeze. (Mac &
PC)
• Boot from IDP or utility CD/DVD,
Linux OS; does not mount C:
drive; support Internet.
• Monitor updates of virus
protection and system.
• Periodically scan from rescue
CD.
• Regularly create a System
Images along with any needed
support files.
• Test your “Restore” process –
many backup programs create
proprietary files and
incremental files.
38. Security Essentials for Students
• Cloud apps and storage
– Their data is outside their control, on another device
– Typically not encrypted
• Being connected is a MUST - trying to get
Internet access often leads one to compromise
good practices.
• Using public wi-fi. It can be easily monitored,
“sniffed”.
• Use trusted software and utilities. Avoid
temptation to download “free” – programs,
utilities, movies, music, etc.
39. Students continued
• College security and use policies can be restrictive –
students may get frustrated or inadvertently violate.
• Class requirements, downloads. Are the class
downloads virus free?
• Practice safe sex computing – a practical comparison.
• USB passed around or left in the classroom – was it left
on purpose for someone to think they got a free USB?
• Phones can make an unsecured ‘hotspot’.
40. Can a Mac get a Virus?
• Good article on Macs and viruses. (Jan 5, 2013)
http://www.speedupmypcfree.com/blog/should-you-
install-antivirus-on-your-mac/
• Do I need virus protection on a Mac?
Most users do not need antivirus software on their
Mac.
41. Past Apple Troubles
• Apple admits to infections
http://www.speedupmypcfree.com/blog/apple-finally-admits-
defeat-acknowledges-that-pc-viruses-can-infect-macs/
• Flashback virus –
The Flashback virus was able to steal the personal data
of many of these Mac users by redirecting them to
malicious websites on search engine results pages.
42. Smartphone malware
• The malware targeting mobile devices mirrors the malware commonly found on infected desktops and laptops – backdoors, Trojans and Trojan-
Spies. The one exception is SMS-Trojan programs – a category exclusive to smartphones.
• The threat isn’t just growing in volume. We’re seeing increased complexity too. In June we analyzed the most sophisticated mobile malware Trojan
we’ve seen to-date, a Trojan named Obad. This threat is multi-functional: it sends messages to premium rate numbers, downloads and installs other
malware, uses Bluetooth to send itself to other devices and remotely performs commands at the console. This Trojan is also very complex. The code
is heavily obfuscated and it exploits three previously unpublished vulnerabilities. Not least among these is one that enables the Trojan to gain
extended Device Administrator privileges – but without it being listed on the device as one of the programs that has these rights. This makes it
impossible for the victim to simply remove the malware from the device. It also allows the Trojan to block the screen. It does this for no more than 10
seconds, but that’s enough for the Trojan to send itself (and other malware) to nearby devices – a trick designed to prevent the victim from seeing the
Trojan’s activities.
• Obad also uses multiple methods to spread. We’ve already mentioned the use of Bluetooth. In addition, it spreads through a fake Google Play store,
by means of spam text messages and through redirection from cracked sites. On top of this, it’s also dropped by another mobile Trojan – Opfake.
• The cybercriminals behind Obad are able to control the Trojan using pre-defined strings in text messages. The Trojan can perform several actions.
including sending text messages, pinging a specified resource, operating as a proxy server, connecting to a specified address, downloading and
installing a specified file, sending a list of apps installed on the device, sending information on a specific app, sending the victim’s contacts to the
server and performing commands specified by the server.
• The Trojan harvests data from the device and sends it to the command-and-control server – including the MAC address of the device, the operating
name, the IMEI number, the account balance, local time and whether or not the Trojan has been able to successfully obtain Device Administrator
rights. All of this data is uploaded to the Obad control-and-command server: the Trojan first tries to use the active Internet connection and, if no
connection is available, searches for a nearby Wi-Fi connection that doesn’t require authentication.
43. Smartphone & Tablets
• Android – 98.05% of mobile
malware found this year targets
this platform. (Source)
• Only download from a trusted
store.
44. Protecting windows 8
• Microsoft link to protecting your PC
• PCWorld article on anti-virus for Windows 8
• Bitdefender Antivirus comparison list
http://share.inpwrd.com/r9jo
Generally much of the same topics already presented.
(I wanted to include the links in the presentation stack.)
45. Did we meet the objectives?
Survey of cyber threats.
Essential terminology.
Discussion of experiences.
Advice to give students for data security.
“best practices” to reduce risk and resolve issues.
46. Contact Information for Andrew Pond
COLLEGE:
PALM BEACH STATE COLLEGE
PONDA@PALMBEACHSTATE.EDU
BUSINESS:
PRECEPTS EDUCATION CORP. & PRECEPTS COMPUTING
APOND@PRECEPTSCOMPUTING.COM