Esta presentación tiene como fin analizar los vectores de amenazas online, tales como: ataques basados en correo electrónico, plataformas web, redes sociales, ingeniería social, botnets, y también vectores de amenazas offline, tales como: vulnerabilidades de USB y las emanaciones electromagnéticas. Asimismo, las vulnerabilidades de días cero y las infracciones más grandes divulgadas por la compañía; es así como, bajo esta problemática, dará a conocer las medidas para proteger los datos y luchar contra el fenómeno de la ciberdelincuencia.
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Cibernéticas Online y Offline
1. Latest challenges in the field of cybersecurity.
Analyzing online and offline cyber threats.
Assoc. Prof. Dr. Ioan-Cosmin MIHAI
“Al. I. Cuza” Police Academy, ROMANIA
Cyber Security Protection Summit
June 11, 2019, Lima, Peru
#ProtectionPeru2019
2. THE SPEAKER
The University Politehnica of Bucharest
Associate Professor
The Romanian Centre of Excellence for
Cybercrime (CYBEREX)
Trainer
The Romanian Association for Information
Security Assurance (RAISA)
Vice President
The Quality, Reliability and Information
Technology Laboratory (EUROQUAL)
Researcher
“Carol I” National Defence University
Associate Professor
“Alexandru Ioan Cuza” Police Academy
Associate Professor
The CT University of India
Honorary Professor
The Romanian National Institute of
Magistracy (NIM)
Trainer
The Romanian Superior Council of
Magistracy (SCM)
Trainer
The European Union Agency for Law
Enforcement Training (CEPOL)
Trainer
The Romanian National Computer Security
Incident Response Team (CERT-RO)
Trainer
The General Inspectorate of Romanian Police
The Cybercrime Unit (GIRP)
Trainer
3. AGENDA
• The technical challenges in cybersecurity:
• Software challenges;
• Hardware challenges;
• Cyber agents and their motivation;
• Solutions for fighting the cyber threats.
#ProtectionPeru2019
20. COMPOSITION OF EMAILS
Emails consist of:
• Envelope Headers – automated generated during the
transport of the message;
• Message Headers – contain information required to
deliver the message (information provided by sender);
• Body – the message itself;
• Attachments – attachments to the e-mail (part of the
body).
#ProtectionPeru2019
21. STANDARD HEADERS
Return-path: <user@domain.com>
Envelope-to: user@domain.com
Delivery-date: Tue, 10 Jan 2017 17:53:10 +0200
Received: from …
Message-ID: <54B53F63.5090302@domain.com>
Date: Tue, 13 Jan 2017 17:53:07 +0200
From: User <user@domain.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: user@domain.com
Subject: Plain message
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
22. ENVELOPE HEADERS
Received: from gts4.roserve.net ([128.abc.def.216]:57164)
by gts5.roserve.net with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-
SHA384:256)
(envelope-from <user1@domain1.com>)
id 1YB4bd-0001zn-Fb
for user2@domain2.com; Tue, 10 Jan 2017 18:46:13 +0200
Received: from [77.ab.cd.134] (port=51414 helo=[192.168.0.100])
by gts4.roserve.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128)
(envelope-from <user1@domain1.com>)
id 1YB4ba-0001xz-Ps
for user2@domain2.com; Tue, 10 Jan 2017 18:46:13 +0200
Message-ID: <54B54BD1.9060905@domain1.com>
25. HOW TO DETECT A PHISHING EMAIL
Don’t trust the display name
of the sender
Be careful with the files
attached to email
Check the salutation Check the links before click
Check for spelling errors
Is the email asking for
personal information?
Check the email signature Beware of urgency
40. LAW ENFORCEMENT vs CYBER CRIMINALS
LAW ENFORCEMENT CYBER CRIMINALS
Laws No rules
Procedures No borders
Bureaucracy Resources
Cooperation Tools & documentation in Darknet
42. DATA BREACHES
Source: CB Insights
COMPANY COMPROMISED ACCOUNTS DATE
Yahoo 3 billions Aug. 2013
Marriott 500 millions Nov. 2018
Yahoo 500 millions Sep. 2016
Friend Finder Network 412 millions Nov. 2016
MySpace 360 millions May 2016
Equifax 143 millions Jul. 2017
EBay 145 millions May 2014
LinkedIn 117 millions May 2016
MyHeritage 92 millions Jun. 2018
JP Morgan Chase 76 millions Oct. 2014
Sony PlayStation 77 millions Apr. 2011
Tumblr 65 millions Feb. 2013
Uber 57 millions Nov. 2017
Facebook 50 millions Mar. 2018
43. WHAT DO WE NEED
Comprehensive and up-to-date legislation;
Cooperation mechanisms:
• Sharing information and incidents;
• Public-private-academia partnerships;
Cyber capabilities:
• Projects research and development;
• Modern trainings and investigation tools;
Education, prevention, and awareness programs;
Cybersecurity exercises at national and international level.
43
44. BASIC CYBER HYGIENE
• Minimizing administrative privileges;
• Application directory white listing;
• Application patching;
• System patching;
• Network segmentation and segregation.
45. BEST PRACTICES FOR USERS
• Use security policies;
• Use proactive security solutions;
• Update the operating system;
• Update the applications;
• Backup the important files.
#ProtectionPeru2019