1 / 22

Malicious websites by search term type Source: Symantec Corporation

Malicious Websites. Malicious websites by search term type Source: Symantec Corporation. Internet Surfing "Real or Fake?". 1. Spam e-mail was circulating in January 2009 containing factual information about the Israeli/Hamas conflict

hubert
Download Presentation

Malicious websites by search term type Source: Symantec Corporation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Malicious Websites Malicious websites by search term typeSource: Symantec Corporation

  2. Internet Surfing "Real or Fake?" 1

  3. Spam e-mail was circulating in January 2009 containing factual information about the Israeli/Hamas conflict It appeared to originate from CNN & contained a link to a website posing as CNN, which contained what looked like a video file All links on the website actually resolved to the valid CNN website Visitors who attempted to view the video were prompted to update to a new version of the Adobe Flash Player Update was actually malicious code IRS initiated Content Filtering to block the e-mail Only 11 of 38 AV products could detect stage one Only 2 of 38 AV vendors’ signatures could detect stage two Analysis revealed 36 IRS systems visited the fraudulent CNN website (Stage One) Additional analysis identified 1 IRS system issuing HTTP GET requests to the Russian IP address every 20 minutes (Stage Two) Further analysis confirmed that no data was exported Internet Surfing "Fake" 2

  4. Zero-Day Exploit 3

  5. Tool Kit Attacks

  6. From Patch to First Attack Oct. 17, 2000 Patch MS00-078 Sept. 18 2001 Nimda 336 Days Jul. 24, 2002 Patch MS02-039 Jan. 25 2003 Slammer 185 Days Aug. 11 2003 Jul 16, 2003 Patch MS03-026 Blaster 26 Days Apr. 13, 2004 Patch MS04-011 April 30 2004 17 Days Sasser June 2005 0-Day JView Jul. 12, 2005 Patch MS05-037 5

  7. SOCIAL NETWORKING HOW TO PROTECT YOURSELF: • Limit the amount of personal information you post. • Remember that the internet is a public resource • Be wary of strangers • Be skeptical - Don't believe everything you read online. • Evaluate your settings - Take advantage of a site's privacy settings. • Be wary of third-party applications • Use strong passwords • Check privacy policies • Keep software, particularly your web browser, up to date • Use and maintain anti-virus software Widows Live Spaces My Space Facebook Twitter YouTube Flicker

  8. Organization database attacks Social engineering via e-mail, web site, telephone or postal mail Dumpster diving & trash collection Man in the middle web site attacks Skimmer (black box) – Portable Magnetic strip card – takes a second to skim through the device. Can be carried in a pocket. Can carry up to a thousand numbers – can be purchased on line - Can be used by anyone, Cabdriver, Waiter, Rental Car etc… Hooked up later to a computer to pull up all your information. They can use a credit card encoder to clone your card. Bank ATM modifications Equipment disguised to look like normal ATM Wireless “skimmer” & video camera transmit scanned card information & PIN Criminals clone cards & use PINs to withdraw cash Capturing Card Number & Pin

  9. Equipment being installed on top of existing bank card slot. Wireless Scanner 8

  10. PIN reading camera being installed on the ATM is housed in an innocent looking leaflet enclosure. Wireless Video Camera 9

  11. Intrusion Worm Virus Blended Threat + + = Emerging Threats • Mobile Malware (Blackberry, iPhone, iPad) • Memory Based root kits & other malware • Cloud Computing • Cross Platform Malware • Infrastructure & Contractor Outsourcing • Includes virtualized environments • Blended Threats (multiple vectors)

  12. Difficulties in Defending Against Attacks • Speed of Attacks • Greater sophistication of attacks • Simplicity of attack tools • Detect vulnerabilities more quickly • Delay in patching • Distributed attacks • User Confusion

  13. Fraud Activity Trends • The most frequently spoofed organization was banks, which accounted for 56 percent of phishing attacks blocked in 2010. • Credit cards were the most commonly advertised item for sale on underground servers known to Symantec, accounting for 22 percent of all goods and services advertised—an increase from 19 percent in 2009. • The United States was the top country advertised for credit cards on known underground servers, accounting for 65 percent of the total; this is a decrease from 67 percent in 2009. • The top three spam botnets that delivered the highest volume of spam in 2010 were Rustock, Grum, and Cutwail. • India was the leading source of botnet spam in 2010, with 8 percent of the worldwide total. • Approximately three quarters of all spam in 2010 was related to pharmaceutical products.(74%)

  14. Symantec Internet Security Threat Report 2010 • 286M+ Threats • 93%Increase in Web Attacks • 260,000 Identities Exposed per Breach • 1M+ Bots • $0.07 to $100 per Credit Card • 6,253 New Vulnerabilities • 74%Pharmaceutical Spam • $15 per 10,000 Bots • 42% More Mobile Vulnerabilities • 14 New Zero-Day Vulnerabilities

  15. Trojan Spreading Through Facebook Replaces Antivirus Programs: Security researchers warn about a Trojan spreading through Facebook and having an unusually sophisticated payload which involves replacing the legit antivirus programs used by its victims. The malware hijacks the Facebook sessions of its victims and sends messages to their friends via the website's chat function. Once installed on the computer, the Trojan blocks notifications from the firewall, Windows update or the legit antivirus and displays a pop-up asking the user to reboot the system. The Trojan uses the bcdedit.exe utility to force the computer into Safe Mode upon reboot, where the un-installation of the legit antivirus starts. Unlike most malware, this malware configures itself to run in Safe Mode so it is always in control of the machine. The computer is rebooted again and a fake antivirus mimicking the real one is executed. This is meant to trick users into believing that they are still protected, while the Trojan freely downloads and installs more malware in the background. Anonymous Hacks Booz Allen Hamilton, Steals 90,000 Military Emails. The hacker group Anonymous claims it has stolen information from government contractor Booz Allen Hamilton that it says will help it hack into resources of other contractors and security consultants. Latest News Sony Hacked Again, 1 Million Passwords Exposed Hacker group LulzSec releases 150,000 Sony Pictures records, including usernames and passwords, in latest setback for consumer electronics giant. A group of hackers behind the recent PBS website breach said they've now hacked into a Sony website. The hackers, who call themselves LulzSec or the Lulz Boat, said they exploited the Sony Pictures website via a SQL injection attack. We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts," the group said in a Pastebin post. "Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons By Mathew J. Schwartz InformationWeekJune 03, 2011 11:36 AM 100,000 Credit Cards Compromised By Data Breach CitySights NY tour operator was storing card security codes in apparent violation of payment card industry regulations. By Mathew J. Schwartz InformationWeekDecember 22, 2010 01:43 PM Online Dating Site Breached PlentyOfFish.com has been compromised and the company is blaming the messenger. Online dating Web site has been hacked, exposing the personal information and passwords associated with almost 30 million PlentyOfFish.com accounts. However, the site's founder Markus Frind claims that only 345 accounts were successfully stolen. By Thomas Claburn InformationWeekJanuary 31, 2011 04:50 PM Cyber Attack Hits European Commission Malware was blamed for the "major" breach, launched on the eve of a summit focusing on euro instability, the war in Libya, and nuclear safety. On Wednesday, a large cyber-attack was launched against the European Commission, mere hours before a two-day Brussels summit focused on the European debt crisis and Portugal, as well as the war in Libya and nuclear safety concerns. By Mathew J. Schwartz InformationWeekMarch 25, 2011 02:05 PM Sony Sued Over PlayStation Network Hack A class action lawsuit charges that Sony failing to protect personal information and credit card numbers of up to 77 million users.Sony faces public condemnation as its PlayStation Network (PSN) outage enters its seventh day, combined with a security breach of users' personal information that may have exposed the credit card details of up to 77 million customers. By Mathew J. Schwartz InformationWeekApril 27, 2011 04:05 PM Anonymous Claims Hack On NATO Servers The hacktivist group said it's holding 1 gigabyte of Information from the international alliance, as it would be "irresponsible" to release most of it. Hacktivist group Anonymous was at it again Thursday, claiming it had breached the servers of the North Atlantic Treaty Organization (NATO), but that it likely would not reveal most of the 1 gigabyte of information it said was stolen By Elizabeth Montalbano InformationWeekJuly 21, 2011 12:51 PM TJX, T.J. Maxx, And Marshalls In February 2007, TJX, parent company of discount stores T.J. Maxx and Marshalls, disclosed that thieves had stolen information on possibly tens The company first thought its systems had been compromised for about but it turned out the vulnerability might have lasted for almost a year longer than that. The incident wound up costing TJX millions of dollars paid to the FTC, credit card companies, banks, and consumers. Oh, and 11 hackers were eventually arrested for the break-in. Security breaches have only increased in scope and frequency in recent years, as more businesses store their data in digital files and thieves become increasingly sophisticated in how they gain access to those files. But sometimes the attacks aren't sophisticated at all -- sometimes they just occur because someone got careless with a physical object. That's old-school data theft, no hacking required. Nasdaq Confirms Servers Breached Malware may have been targeting insider information From 10,000 senior executives who use the compromised Directors Desk app. By Mathew J. Schwartz InformationWeekFebruary 07, 2011 01:00 PM

  16. IT Security Policy Reminders NEVER • Never consider e-mail secure. Do not include taxpayer, SBU, or PII info in e-mail or attachments unless you use encryption (Outlook Secure Messaging) • Never put sensitive information in the subject line which is not encrypted. • Never send SBU data by electronic mail to taxpayers or their representatives. • Never Use words in the dictionary or that has common facts about you when establishing your password. • Never reveal or share your password with anyone, • Never change password to something someone has suggested or requested. • Never use another person’s login and password. • Never process SBU or PII data on IRS laptops in public places. • Never store laptop in checked luggage. ALWAYS • Change password if you think someone else knows • construct strong passwords. • store passwords in a secure location. • use a cable lock to secure their laptops at all times. (Not required to use cable lock at home). • keep cable lock attached or store in a locked cabinet or drawer at the end of the day. • use cable lock when off-site (taxpayer sites) and when in travel status. IRM 1.10.3, Standards for Using E-mail

  17. IT Security Policy Reminders • Access only authorized data (need-to-know). • Secure sensitive papers, data files and software. • Backup your critical files on a regular basis to your Home directory (“I” drive or “D” drive) or government purchased removal media. • Scan all media from taxpayers for viruses on a stand alone system. • Always log off or lock your computer screen when leaving your computer unattended. • The IRS restricts the use of personally owned IT equipment, software, and media. Exceptions have been granted for the use of personally owned Bluetooth Headsets and computer monitors. Only certified government-owned IT equipment, software, and media may be used on IRS systems. 2) Prohibited: Personal communication on blogs and social networking sites such as MySpace, Facebook, Yahoo! 360°, Twitter, etc.; 5) Prohibited: Downloading, copying, or installing of unauthorized application (e.g., executable code), such as: Screen savers, Software products, Computer games etc… 15) Prohibited: Any access to non-IRS e-mail accounts through the Internet (i.e., accessing personal AOL accounts, accessing company accounts, etc. through the IRS Internet firewall); 16) Prohibited: Inappropriate use of IRS e-mail account's), such as: Transmitting files larger than 1 megabyte, Any correspondence for personal gain, Chain letters or other unauthorized mass mailings regardless of the subject matter; etc…

  18. Cyber Attacks on SCADA SCADA (supervisory control and data acquisition) generally refers to industrial control systems: computer systems that monitor and control industrial, infrastructure, or facility-based processes, as described below: • SCADA systems are highly distributed systems used to control geographically dispersed assets. Systems consist of hardware, software and communications components. • SCADA systems are used in distribution systems such as electrical power grids, water distribution and wastewater collection systems, oil and natural gas pipelines, and railway transportation systems. • These control systems, which are highly interconnected and mutually dependent systems, are critical to the operation of the U.S. critical infrastructures. • It is interesting to note that approximately 90% of the nation’s critical infrastructures is privately owned and operated. • There have been numerous asserted cyberattacks on critical infrastructures, especially since 9/11. Many of these are known to be urban legends. • It is believed that many attacks against SCADA has never been reported by the Federal Government. • The United States now has various layers of Security protecting US infrastructure. • The attacks to infrastructure were unexpected and bizarre then. It could be possible for a sophisticated cyberattack to again cause serious system failures. 17

  19. SCADA Iran Alleges Espionage Over Internet Worm Senior government official says foreign governments are launching malware dubbed Stars at the country's nuclear facilities. A senior official in Iran has alleged that foreign governments have been targeting the country's nuclear facilities using an Internet-borne worm, dubbed Stars. By Mathew J. Schwartz InformationWeekApril 27, 2011 01:44 PM Malware Spreading Via USB Drives • The Stuxnet rootkit launches even with AutoRun and AutoPlay disabled and is known to affect Windows 7 Enterprise Edition x86 operating systems. Security experts are warning of never-before-seen malware, dubbed Stuxnet, that spreads via USB drives, infecting PCs via an unknown -- aka zero-day -- Windows vulnerability. Unfortunately, the attack works even with AutoRun and AutoPlay disabled, and affects at least Windows 7 Enterprise Edition x86 operating systems. Reportedly, the malware's purpose is to gather any information relating to Siemens SCADA (supervisory control and data acquisition) system software. CIA Admits Cyberattacks Blacked Out Cities The CIA on Friday admitted that cyberattacks have caused at least one power outage affecting multiple cities outside the United States. Alan Paller, director of research at the SANS Institute, said that CIA senior analyst Tom Donahue confirmed that online attackers had caused at least one blackout. The disclosure was made at a New Orleans security conference Friday attended by international government officials, engineers, and security managers from North American energy companies and utilities. "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet." Gas Pipelines in Russia (and the former Soviet Union) 2000 & 1982 In 2000, the Interior Ministry of Russia reported that hackers seized temporary control of the systems regulating gas flows in natural gas pipelines, although it is not publicly known if there was physical damage. The former Soviet Union was victim of an attack to their gas pipeline infrastructure in 1982 when a logic bomb caused an explosion in Siberia. Automobile Plant and the Zotob Worm August 2005 Zotob is a worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability. In August 2005, Zotob crashed thirteen of DaimlerChrysler’s U.S. automobile manufacturing plants forcing them to remain off line for almost an hour. Plants in Illinois, Indiana, Wisconsin, Ohio, Delaware, and Michigan were also forced down. Zotob affected computers by slowing them down and causing them to continually crash and reboot. Infected Windows 2000 computes were potentially left exposed to more malicious attacks, while infected Windows XP computers can only continue to spread the worms. Zotob and its variations also caused computer outages at heavy-equipment maker Caterpillar Inc., aircraft-maker Boeing, and several large U.S. news organizations. 76% Of Energy Utilities Breached In Past Year • Despite the high risks, energy company managers don't understand the importance of IT security, according to 71% of security pros surveyed by Ponemon Institute. • Three-quarters of energy companies and utilities have experienced at least one data breach in the past 12 months, resulting in average clean-up costs of $156,000 per breach. Furthermore, 69% of organizations think that another data breach is very likely to occur within the next year. • Numerous studies have pointed to a continuing increase in online attacks against so-called critical infrastructure providers -- including oil, gas, and electricity suppliers --often driven by political motivations. Furthermore, legislators and government agencies have been increasingly concerned that the nation's critical infrastructure -- which is almost completely controlled by private industry -- is at risk of attacks, not least by terrorists or unfriendly nation states. By Mathew J. Schwartz InformationWeekApril 06, 2011 01:52 PM

  20. Protect Your Home Computer Protect your Computer • Anti-Virus software can scan a computer for virus infections as well as monitor computer activities. Keep anti-virus definitions up to date. Don’t turn off anti-virus. • Firewall is designed to prevent malicious packets. • Software vendors usually deploy a software “fix” every month to address the vulnerabilities in operating systems. Make sure these security updates (patches) are being downloaded to your computer. • Popup Blocker can prevent popups, or small Web browser windows from appearing. • Anti-Spam methods can be installed by an email client or a separate spam-filtering program. • Anti-Spyware • Host Intrusion Detection System (HIDS) compares new behavior against normal behavior. • Back-up files on a regular basis. Keep backups separate from home machine. • Scan all media before using on your computer (thumb drives, CD’s etc..) • Avoid saving any personal information on your computer. (passwords, bank account info etc.) • Use strong passwords and pin numbers on all financial accounts and change them often. Keep your passwords secure safe and strong.

  21. Reporting IT Security Incidents Report security incidents within one hour after they occur to the appropriate agency officials. (There is no penalty for reporting incidents that are questionable) Reportable information systems incidents include, but are not limited to: • Unauthorized disclosure of information; • Viruses, worms, virus hoaxes, and phishing; • Loss and theft of equipment, software, or information; and • Deliberate alteration or destruction of data or equipment. All computer security incidents shall be reported directly to: • Computer Security Incident Response Center (CSIRC), • Inspector General for Tax Administration (TIGTA), • and your immediate supervisor. http://www.csirc.web.irs.gov/reporting/Incident_Reporting_Procedures.pdf

  22. Questions or Comments 21

More Related