Esta presentación tiene como fin analizar los vectores de amenazas online, tales como: ataques basados en correo electrónico, plataformas web, redes sociales, ingeniería social, botnets, y también vectores de amenazas offline, tales como: vulnerabilidades de USB y las emanaciones electromagnéticas. Asimismo, las vulnerabilidades de días cero y las infracciones más grandes divulgadas por la compañía; es así como, bajo esta problemática, dará a conocer las medidas para proteger los datos y luchar contra el fenómeno de la ciberdelincuencia.

1. Latest challenges in the field of cybersecurity.
Analyzing online and offline cyber threats.
Assoc. Prof. Dr. Ioan-Cosmin MIHAI
“Al. I. Cuza” Police Academy, ROMANIA
Cyber Security Protection Summit
June 11, 2019, Lima, Peru
#ProtectionPeru2019

2. THE SPEAKER
The University Politehnica of Bucharest
Associate Professor
The Romanian Centre of Excellence for
Cybercrime (CYBEREX)
Trainer
The Romanian Association for Information
Security Assurance (RAISA)
Vice President
The Quality, Reliability and Information
Technology Laboratory (EUROQUAL)
Researcher
“Carol I” National Defence University
Associate Professor
“Alexandru Ioan Cuza” Police Academy
Associate Professor
The CT University of India
Honorary Professor
The Romanian National Institute of
Magistracy (NIM)
Trainer
The Romanian Superior Council of
Magistracy (SCM)
Trainer
The European Union Agency for Law
Enforcement Training (CEPOL)
Trainer
The Romanian National Computer Security
Incident Response Team (CERT-RO)
Trainer
The General Inspectorate of Romanian Police
The Cybercrime Unit (GIRP)
Trainer

3. AGENDA
• The technical challenges in cybersecurity:
• Software challenges;
• Hardware challenges;
• Cyber agents and their motivation;
• Solutions for fighting the cyber threats.
#ProtectionPeru2019

4. SOFTWARE CHALLENGES
Source: ENISA Threat
Landscape Report 2018

5. MALWARE STATISTICS
Source: AV-TEST Institute
Total malware Android malware
MacOS malware

6. MOST AFFECTED OPERATING SYSTEMS
Source: CERT-RO
0.44%
7.76%
20.65%
30.13%
41.02%
0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00% 40.00% 45.00%
Windows
UPnP OS
Network Devices Firmware/OS
Unix
Linux
#ProtectionPeru2019

7. GEOGRAPHY OF LOCAL MALWARE ATTACKS
Source: Kaspersky
Chile – 19,0%
Colombia – 23,3%
Brazil – 29.8%
Ecuador – 32,2%
Peru – 36,6%
Venezuela – 40,0%
Bolivia – 40,6%

8. FINANCIAL TROJANS
The most important financial trojans:
• Zeus (2006)
• Ramnit (2011)
• Citadel (2012)
• Dridex (2014)
• Dorkbot (2015)
• BackSwap (2018)
• Cobalt (2016)
#ProtectionPeru2019

9. CARBANAK / COBALT
Source: EUROPOL
#ProtectionPeru2019

10. RANSOMWARE
The most important ransomware:
• CryptoLocker (2013)
• CTB-Locker (2014)
• Locky (2016)
• WannaCry (2017)
• Petya (2017)
• Bad Rabbit (2017)
• PUBG (2018)
#ProtectionPeru2019

11. NO MORE RANSOM PROJECT
Source: https://www.nomoreransom.org

12. CRYPTOJACKING
The most important cryptojacking threats:
• Coinhive (2017)
• Cryptoloot (2017)
• JSEcoin (2017)
• XMRig (2017)
• Cgminer (2017)
• Authedmine (2017)
• RubyMiner (2017)

13. CRYPTOJACKING
Source: https://hackernoon.com

14. BOTNETS
The most important botnets malware:
• Conficker (2008)
• Mariposa (2008)
• Kraken (2008)
• ZeroAccess (2011)
• Necurs (2012)
• Windigo (2013)
• Mirai (2016)

15. BOTNETS
Source: www.emsisoft.com

16. TECHNICAL CHALLENGES
• Glitch (CVE-2018-10229)  GPU
• Spectre (CVE-2017-5753)  CPU
• Meltdown (CVE-2017-5754)  CPU
• Rowhammer (CVE-2015-3693)  RAM
• BadUSB (CVE-2014-4115)  USB ports
16

18. ONLINE ATTACK VECTORS

19. EMAIL BASED ATTACKS
Spear-phishing campaigns
Source: Symantec
• Spamming;
• Spoofing;
• Phishing;
• Spear-phishing;
• Clone phishing;
• Whaling;
• Bombing;
• Chain-letters.

20. COMPOSITION OF EMAILS
Emails consist of:
• Envelope Headers – automated generated during the
transport of the message;
• Message Headers – contain information required to
deliver the message (information provided by sender);
• Body – the message itself;
• Attachments – attachments to the e-mail (part of the
body).
#ProtectionPeru2019

21. STANDARD HEADERS
Return-path: <user@domain.com>
Envelope-to: user@domain.com
Delivery-date: Tue, 10 Jan 2017 17:53:10 +0200
Received: from …
Message-ID: <54B53F63.5090302@domain.com>
Date: Tue, 13 Jan 2017 17:53:07 +0200
From: User <user@domain.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: user@domain.com
Subject: Plain message
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

22. ENVELOPE HEADERS
Received: from gts4.roserve.net ([128.abc.def.216]:57164)
by gts5.roserve.net with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-
SHA384:256)
(envelope-from <user1@domain1.com>)
id 1YB4bd-0001zn-Fb
for user2@domain2.com; Tue, 10 Jan 2017 18:46:13 +0200
Received: from [77.ab.cd.134] (port=51414 helo=[192.168.0.100])
by gts4.roserve.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128)
(envelope-from <user1@domain1.com>)
id 1YB4ba-0001xz-Ps
for user2@domain2.com; Tue, 10 Jan 2017 18:46:13 +0200
Message-ID: <54B54BD1.9060905@domain1.com>

23. [77.ab.cd.134]
port=51407
helo=[192.168.0.100]
gts4.roserve.net
[128.abc.def.216]:57164
gts5.roserve.net
user2@domain2.com user1@domain1.com

24. EMAIL HEADER ANALYZER
URL: https://toolbox.googleapps.com/apps/messageheader/

25. HOW TO DETECT A PHISHING EMAIL
Don’t trust the display name
of the sender
Be careful with the files
attached to email
Check the salutation Check the links before click
Check for spelling errors
Is the email asking for
personal information?
Check the email signature Beware of urgency

26. WEB BASED ATTACKS

27. GEOGRAPHY OF MALICIOUS WEB ATTACKS
Source: Kaspersky
Colombia – 16,4%
Peru – 16,6%
Bolivia – 16,8%
Ecuador – 16,8%
Chile – 19,2%
Brazil – 21,5%
Venezuela – 35,9%

28. SOCIAL MEDIA BASED ATTACKS
Source: Symantec

29. SOCIAL ENGINEERING

30. INTELTECHNIQUES SEARCH TOOLS
https://inteltechniques.com/menu.html

31. CREATING THE FACEBOOK USER PROFILE
Places visited Places liked
Photos liked Photo comments
Photos by user Photos of-tagged
Posts liked Posts comments
Posts by year Posts tagged
Videos liked Videos comments
Events invited Events attended
Groups Pages liked
Friends Followers
#ProtectionPeru2019

32. OFFLINE ATTACK VECTORS

33. USB MEMORY STICKS
USB Microcontroller
BadUSB
#ProtectionPeru2019

34. ELECTROMAGNETIC EMANATIONS
Source: UC3M

35. THREATS AGENTS AND THEIR MOTIVATION

36. THREAT AGENTS
Cyber-criminals Hacktivists
Insiders Cyber-fighters
Nation States Cyber-terrorists
Corporations Script Kiddies

37. DISTRIBUTION OF TARGETS
Source: www.hackmageddon.com

38. MOTIVATION BEHIND ATTACKS
Source: www.hackmageddon.com

39. FIGHTING CYBER-THREATS
#ProtectionPeru2019

40. LAW ENFORCEMENT vs CYBER CRIMINALS
LAW ENFORCEMENT CYBER CRIMINALS
Laws No rules
Procedures No borders
Bureaucracy Resources
Cooperation Tools & documentation in Darknet

41. DARKNET
Source: Dream Market (2019)

42. DATA BREACHES
Source: CB Insights
COMPANY COMPROMISED ACCOUNTS DATE
Yahoo 3 billions Aug. 2013
Marriott 500 millions Nov. 2018
Yahoo 500 millions Sep. 2016
Friend Finder Network 412 millions Nov. 2016
MySpace 360 millions May 2016
Equifax 143 millions Jul. 2017
EBay 145 millions May 2014
LinkedIn 117 millions May 2016
MyHeritage 92 millions Jun. 2018
JP Morgan Chase 76 millions Oct. 2014
Sony PlayStation 77 millions Apr. 2011
Tumblr 65 millions Feb. 2013
Uber 57 millions Nov. 2017
Facebook 50 millions Mar. 2018

43. WHAT DO WE NEED
 Comprehensive and up-to-date legislation;
 Cooperation mechanisms:
• Sharing information and incidents;
• Public-private-academia partnerships;
 Cyber capabilities:
• Projects research and development;
• Modern trainings and investigation tools;
 Education, prevention, and awareness programs;
 Cybersecurity exercises at national and international level.
43

44. BASIC CYBER HYGIENE
• Minimizing administrative privileges;
• Application directory white listing;
• Application patching;
• System patching;
• Network segmentation and segregation.

45. BEST PRACTICES FOR USERS
• Use security policies;
• Use proactive security solutions;
• Update the operating system;
• Update the applications;
• Backup the important files.
#ProtectionPeru2019

46. CONTACT DETAILS
linkedin.com/in/ICMihai
facebook.com/ICMihai
Assoc. Prof. Dr. Ioan-Cosmin Mihai
cosmin.mihai@raisa.org
0040.729.99.77.23
www.cosmin-mihai.com