CYBER SECURITY 101

aparks@njstatelib.org

TOPICS

• Past Present and Future • Vulnerability, Attack, Defense

– Network– Password– Social Engineering– Design

• Resources

The First Virus

In 1969 the first message was sent on the pre-cursor to the ARPANET a precursor to the modern internet.

In 1971 the creeper virus was created. It replicated itself across the ARPANET and installed on the local system displaying the message. “IM THE CREEPER. CATCH ME IF YOU CAN”. Another programmer wrote a program “REAPER” to seek out and destroy the CREEPER virus.

In December 2013 Microsoft moved to take down the ZeroAccess botnet comprised of ~ 3 million infected computers.

CYBER THREATS

Hard Drive Size: 500 GB GB = Giga ByteGiga = 1.0 E 9 = Billion = 1000 millionByte = 8 bits = Memory to store ~ 1 character “a”Bit = Binary digit = 1 or 0Nibble = 4 bits or half a byte

MP3 Size: 3.5 MB MB = Mega ByteMega = 1.0 E 6 = Million = 1000 thousand

SCALE

Trojan: 100 KB KB = Kilo Byte = 1.0 E 3 = thousand

VIRUS• A self replicating program• installs itself in another program. • not necessarily malicious

• Harm may result due to its method of infection

• Memory in a computer is a approximate thing.

• Viruses exploit this to infect a program. • empty space in memory blocks• Compress a program to make

room• Delete parts of program and insert

its code• Dispersal amongst many files using

multiple methods.

MUTATION

• Viruses, Trojans and worms can infect each other

• May be accidental or intentional

• Popular viruses may be exploited by other virus writers.

• May work in tandem or conflict.• Exploit the same flaw• Exploit resultant flaws• Delete and replace existing

infection

Ex. Cholera/CTX is the cholera virus infected with the CTX mass mailing worm. Mutations are rarely viable, but still a threat. Doubly so since they present an additional challenge of detection, and malfunction.

TROJAN HORSE

• non replicating• uses subterfuge to infect• Usually not destructive in and

of themselves, • Tend to open backdoors for

• more malicious programs • monitoring • Remote control• Stealing personal

information• Key logging

• Vectors• attachment in a email• free program to

download movies• Fake AV pop up

• May perform as advertised or appear to fail to do anything

ZEUS / SPYEYE

There was a crackdown on ZEUS/SPYEYE in 2010. It was used to steal information from NASA, Bank of America, CISCO, Amazon.

• Easy to install • User friendly• Difficult to attribute

Worms

• Self replicating • propagate by exploiting vulnerabilities

• open network ports, • flaws in software design.

• Incidental cost due to transmission method

• consumes excessive bandwidth while searching for new targets

• This suspicious traffic makes it easier to spot

grey area

There’s some overlap in the definition of different types of malware. The distinction doesn’t really matter since the goal is to prevent infection and keep your system secure.

No system is perfect but there’s a great deal the average user can do to thwart attackers and protect themselves.

Social engineering is a big part of malware. If you encounter a fake AV program, or PHISHING attempt it is intentionally alarmist. It covers most your screen with a flashing dire warning and counters racking the total number of infections found.

Spear phishing is becoming more common too. It’s hard to avoid putting information out there as a public institution. Encountering a Cyber threat is inevitable, but most attempts are fairly transparent.

Vitek Boden :

Machony shire, Australia In 2001 millions of tons of sewage were dumped into natural parks by the Queensland waste management system. At first they thought it was a malfunction but after the problem persisted they realized they were subject to an cyber attack.

The stations had remotely controllable nodes and they noticed a pattern of the attacks and setup a sting capturing 49 year old Vitek Boden in his car with a laptop and some propriety hardware for the accessing sewage systems controls.

Lulsec:

Was a group of hackers who gained notoriety in 2011 for a series of high profile attacks against corporations. Most members were caught after their leader outted himself to an FBI informant and assisted in there capture.

AV : AntivirusThey operate by scanning your system against there database of malware signatures. There’s no reason not to have one.

They can be bothersome due to system resource consumption and permission conflicts but their settings can be tweaked to reduce their resource usage and when installing programs from a trusted source they can be disabled.

Still they should be installed. Scans should be run at least weekly and virus definitions updated daily.

Firewall

Controls network traffic flow. What programs can communicate on which ports, and filters incoming traffic.

Stand alone equipment, and most O/S have one built in.

SPAM is such a problem that this is a de-facto feature of most mail clients and AV applications, but it’s worth noting. They can operate intelligently parsing mail based on algorithms ranging from strong to weak or in conjunction with whitelist/blacklist.

Whitelisting is inclusive, you designate what domains, or addresses can pass through to your mailbox.Blacklist are exclusive, designating what domains or addresses cannot send mail to your mailbox.

Spam Filters

System Permissions

Operate using the lowest permission level possible.• An infection operates with the same permissions it is running under.• It’s possible to limit the scope of infections by using an account with standard

permissions• If your system is infected as an admin, your whole system is now

vulnerable• As a standard user it may be limited to that profile

• The default account created usually is an Administrator regardless of its name

Phishing is an attempt to gain access to credentials, account information, or funds directly. Usually they’re SPAMMed in bulk.

Spear PHISHING is a target phishing attempt. The message will be tailored towards a specific group of users. In either case the same principles of avoidance apply.

• Grammar • Check the sender address. • Mouse-over links• If you get an email from a vendor

and you thinks it’s illegitimate. Just go to the site.

Spotting Spam

Mobile Devices

Increasingly targeted by cyber attackers• They face the same threats as computers

(viruses, worms, trojans, etc)• Unsecure Apps

• Gather personal information• Create security holes• Embedded malware

• Anti Virus Apps

SpyGold.A

• Trojan • Targets Android OS• Forwards copies of txt messages and phone calls onto a remote

server.• Installs/Uninstalls apps• Makes phone calls• Sends TXTs• Can operate at a bot

Cyber Security Tips

• Passwords• Updates• Trusted Sources• Constant Vigilance

Cracking Passwords

3 General Methods• Brute force: every possible password• Dictionary: common passwords and iterations• Capture:

• deciphering the encrypted password• Spoofing an active session

(also some combination of the three)

Password Policy

• Don’t use a common phrases or words

• Don’t use the same password in multiple places

• Make it Complex• Change it occasionally• Make it Easy to remember

http://www.huffingtonpost.com/2014/01/22/most-common-passwords-2013_n_4646352.html

Password Re-use

• Cascade– Attackers won’t stop at exploiting one account– Using different passwords prevents limits the scope of successful attacks

• Varying levels of encryption– Not every site stores passwords with the same level of security– Not every site needs a strong password

• Online Banking: Yes• Candy Crush : No• Candy Crush with saved credit card: Yes

• Open Sessions– After logging into a website a session is created– Attackers can bypass authentication by capturing this session information

• Don’t keep multiple tabs or windows open when accessing secure sites• Logout when you’re finished working on a site • Routinely clear internet history• Avoid storing passwords in the browser

Creating a strong, easy to remember password

• Simple phrase: what day is it again?• Remove spaces: whatdayisitagain?• Capitol Letters: wHatdayisitagain?• Numbers: wHatd7ayisitag4ain?• Special Characters: wHatd7!ayisitag4ain?• Extra letters wHatd7!ayisihtag4ain?

Final Word• Explore your computer while it’s working so you’ll know when it’s not• What accounts are on the machine?

• What permission levels do they have?• What programs and services are running ?

• Start automatically ?• What files (pictures, documents, etc) are important ?

• When was the last time you backed them up ?• Are they backed up online and offline ?• Is the online backup secure ?

• Antivirus program• How up to date is the program ?• Up to date Virus definitions ?• Routine Scan schedule ?

• Firewall is running • What programs are allowed through

• What internet browser(s) do you use ?• Are they up to date ?• What Plugins, Toolbars, Add-Ons does it have ?

• Are they from a trusted source ?• Are they up to date ?• Do they collect personal information and what ?

• What version of• Adobe Reader• Adobe Flash

• ActiveX or Plugin • Java

Free AV Applicationshttp://www.malwarebytes.org/mwb-download/http://www.kaspersky.com/virus-scannerhttp://www.avg.com/us-en/free-antivirus-download

Wild listhttp://www.virusbtn.com/vb100/latest_comparative/index

National Institute of Standard and Technologyhttp://csrc.nist.gov/

Department of Homeland Securityhttps://www.us-cert.gov/ncas/tipshttps://www.dhs.gov/cybersecurity-tipshttp://www.us-cert.gov/publications/securing-your-web-browser

Password Strength Checkerhttps://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx

Sophos A-Z Threatshttp://www.sophos.com/en-us/security-news-trends/security-trends/threatsaurus.aspx

Resources

CYBER SECURITY 101

aparks@njstatelib.org