Download - Thane Barnier MACE 2016 presentation
![Page 1: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/1.jpg)
It Takes More than a Firewall
Thane BarnierIT / Web Development Manager
Sioux Falls Area Chamber of Commerce
![Page 2: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/2.jpg)
A network is like a castle
![Page 3: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/3.jpg)
A network is like a castle The medieval castle model: Build the walls thick, stockpile supplies
and laugh as attacks bounce off the walls. It’s a siege.
A good firewall can stop a brute force attack.
![Page 4: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/4.jpg)
A network is like a castle How do you break down a castle’s
defenses? Attack from multiple sides Go over or under the walls Add more siege engines to overwhelm
the walls. But the best way to get in…
![Page 5: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/5.jpg)
A network is like a castle Get someone inside to open the gates!!
![Page 6: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/6.jpg)
It wasn’t me, I swear!
![Page 7: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/7.jpg)
It wasn’t me, I swear! The Melissa macro virus hit in March
1999.
![Page 8: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/8.jpg)
It wasn’t me, I swear! High traffic generated by this virus
brought mail servers to their knees. Antivirus software was ineffective
against this attack vector. In short, we weren’t ready!
![Page 9: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/9.jpg)
It wasn’t me, I swear! The LoveLetter
worm hit in 2000. Because of its
destructiveness and virulence, many still consider it the most dangerous virus ever.
![Page 10: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/10.jpg)
It wasn’t me, I swear! It destroyed JPG files, overwriting them
with copies of itself. Difficult to remove because it self-
replicated within the computer, cloning itself.
Launched a Denial of Service attack on the official White House website.
50 million infections in the first 10 days. Est. 10% of internet-connected
computers infected worldwide.
![Page 11: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/11.jpg)
It wasn’t me, I swear! Mid 2000’s sees the rise of Spyware,
Adware and Trojan Horse programs. Hard to detect because they are
relatively passive. Steal information covertly without
triggering Antivirus software.
![Page 12: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/12.jpg)
It wasn’t me, I swear! Most versions don’t use email to
spread, rather they exploit holes in browser security to install.
Not generally self replicating. Trojan’s can create zombie computers
to form botnets for DDoS attacks. Wide variety of attack vectors, striking
from multiple sides. (get more siege engines)
![Page 13: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/13.jpg)
It wasn’t me, I swear! 2009 – RogueWare/Fake Antivirus!!!
![Page 14: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/14.jpg)
It wasn’t me, I swear! A new approach to malware with one
goal in mind: $$$$ FakeAV Software, warnings of reporting
illegal activities, Porn Pop-ups. Played on user fear to invoke an emotional response.
Required user interaction to install, thereby circumventing most antivirus systems.
![Page 15: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/15.jpg)
It wasn’t me, I swear! Users who paid requested prices would
find their credit cards charged, AND stolen.
A 2010 report estimated creators were making $35 million PER MONTH.
Nearly impossible to remove safely at the time. Disabled REAL Antivirus software.
Employ the nuclear option.
![Page 16: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/16.jpg)
What do all these attackshave in common?
SOCIAL ENGINEERING
![Page 17: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/17.jpg)
Social Engineering
![Page 18: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/18.jpg)
The Devil made me do it!
![Page 19: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/19.jpg)
The Devil made me do it! A hacker’s most effective tool is good
SOCIAL ENGINEERING. The trick is to get one of us to open our
gates without realizing we’re doing it. As people catch on, hackers quickly
adapt their techniques .
![Page 20: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/20.jpg)
The Devil made me do it! The Email Worms use tricks to get the
user to open the attached file.
![Page 21: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/21.jpg)
The Devil made me do it! Antivirus programs begin to strip them
off, so hackers move to embedded links which lead to malware payloads.
![Page 22: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/22.jpg)
The Devil made me do it! Emails begin to look more realistic,
making them harder to spot.
![Page 23: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/23.jpg)
The Devil made me do it! Fake Antivirus programs created by
experienced programmers look and feel like real commercial software.
![Page 24: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/24.jpg)
The Devil made me do it! Ransomware plays on users’ fears.
![Page 25: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/25.jpg)
The Devil made me do it! Malvertising offers a sophisticated
attack vector which is impossible to detect until it’s too late.
![Page 26: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/26.jpg)
CRYPTOLOCKER
The new face of EVIL!
![Page 27: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/27.jpg)
CRYPTOLOCKERThe new face of evil
![Page 28: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/28.jpg)
CRYPTOLOCKERThe new face of evil
Hit in 2013. Caught us unprepared and defenseless. No one had an answer.
Unlike anything we’d ever seen before. Ransomware for real.
Literally kidnaps your files. Encryption which is virtually
unbreakable. RSA-4096. Multiple variants. CryptoWall,
TorrentLocker, etc. Antivirus virtually non-effective.
![Page 29: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/29.jpg)
CRYPTOLOCKERThe new face of evil
May 2014 – FBI announced it had shutdown the Zues Botnet, and the Cryptolocker network.
The media declared Cryptolocker dead and stopped talking about it.
New variants, new botnets started appearing in the “darknet”.
Oct. 2015 - The FBI’s official response…pay the ransom.
![Page 30: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/30.jpg)
CRYPTOLOCKERThe new face of evil
Feb 2016 – Hollywood Presbyterian Medical Center hit by ransomware attack.
CT scans, documentation, lab work, pharmacy functions and electronic communications out of commission.
Radiation & Oncology shut down, ER “sporadically impacted”. Luckily no one died.
After a week of fighting it, the hospital paid over $17,000 to get their files back.
![Page 31: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/31.jpg)
ALL your files are belong to us! Removal tools can strip the virus, but
will do nothing to fix encrypted files. The program MUST be installed in order
to pay the ransom and decrypt the files. Backups. Backups. Backups.
Redundancy. If you don’t have backups, pay the
ransom and hope it works. That’s the only way to unencrypt your files. NOT A Guarantee!!!
![Page 32: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/32.jpg)
ALL your files are belong to us! If a PC does get infected, kill the
power immediately and disconnect it from the network before it infects other systems.
If you don’t have an IT staff, call a pro! Dealing with CryptoLocker takes finesse.
![Page 33: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/33.jpg)
IT’s worse than that, he’s dead Jim!
![Page 34: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/34.jpg)
IT’s worse than that, he’s dead Jim!
![Page 35: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/35.jpg)
IT’s worse than that, he’s dead Jim! User waited hours to report it. In 4
hours Cryptolocker decimated our network.
Every document, image, pdf, spreadsheet etc. on the computer was encrypted.
200,000+ files encrypted on 6 different network shares, across 3 servers.
Almost 2 tb of data. Our main membership database.
![Page 36: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/36.jpg)
IT’s worse than that, he’s dead Jim! We had just purchased a new backup
system. Though the software reported it was
working perfectly, none of the backups were valid for restoration.
The software company, responded that apparently it wasn’t working correctly. They offered no other support.
![Page 37: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/37.jpg)
IT’s worse than that, he’s dead Jim! Using Volume Shadow Copy, I was able
to restore all of the file shares, except our main membership database.
We worked for 48 straight hours restoring systems and trying to recover the membership database.
In the end…we had no choice but to pay the ransom. It worked!
![Page 38: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/38.jpg)
IT’s worse than that, he’s dead Jim! It all started with one email that
looked like a FedEx receipt.
![Page 39: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/39.jpg)
CryptoWall – The second coming
![Page 40: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/40.jpg)
CryptoWall – The second coming Hit Friday at 1:43 PM. By 2:45 it had encrypted 275,000 files,
875GB of data. Safety measures put in place for
Cryptolocker were completely circumvented.
![Page 41: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/41.jpg)
CryptoWall – The second coming Our triple redundancy backup system
worked great. We were able to restore all but 6 files. A/V, Security Policies, Firewalls – it got
past them all. Still, it could have been prevented.
![Page 42: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/42.jpg)
Don’t take ZIP filesfrom strangers!
![Page 43: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/43.jpg)
Don’t take ZIP filesfrom strangers!
So how do we defend against this? We must combat this Social
Engineering with our own Social Engineering.
We all need to learn what to look for and what to do if we do get infected.
Think before you act.
![Page 44: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/44.jpg)
Don’t take ZIP filesfrom strangers!
Email is still the most common threat vector.
Despite all our filtering, things still can and do get through.
In the end, the best countermeasure we have is ourselves.
![Page 45: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/45.jpg)
Don’t take ZIP filesfrom strangers!
Even if you know the sender of an email, were you expecting it?
Would this person really send you a ZIP file?
Never open anything with a .scr, .vbs or .exe extension. (elfbowling.exe)
![Page 46: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/46.jpg)
Don’t take ZIP filesfrom strangers!
![Page 47: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/47.jpg)
Don’t take ZIP filesfrom strangers!
Amazon, UPS, USPS, FedEx, PayPal – companies we use everyday are commonly spoofed emails.
VERY prevalent around the holidays. On first glance, these fake emails are
so well crafted you’d never notice a difference.
Suspicion and couple seconds will reveal the difference.
![Page 48: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/48.jpg)
Don’t take ZIP filesfrom strangers!
Warning Signs that this is a fake email: Bad grammar or misspellings. Do the links really go where they say? HTTP:// vs. HTTPS:// These companies will never send you
an attachment!!! Rather than clicking the link in the
email, go to the site itself. ALWAYS be wary. If you have doubts
don’t open it, don’t click it.
![Page 49: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/49.jpg)
My password = PASSWORD
![Page 50: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/50.jpg)
My password = PASSWORD There are 10 Immutable Laws of
Network Security. Law #5: Weak passwords trump strong
security. There are many ways to crack your
password. Key Loggers and Malware. Phishing.
![Page 51: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/51.jpg)
My password = PASSWORD Social media harvesting and Google
hacking : Used to create tables of pertinent
information used in automated guessing attacks.
Using the names of people, places, things and dates that means something to us makes these attacks possible.
![Page 52: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/52.jpg)
My password = PASSWORD Brute Force Password Attacks: What a hashed password looks like: BF733889685D4B3068EE38CF7D1CE36131D6CFE0D16AE931B73C59D7E0C089C0
vikings: 2 seconds Vikings: 6 minutes Vikings28: 55 days VikingsSuck!: 1397612 years, 6 months
![Page 53: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/53.jpg)
My password = PASSWORD Minimum 12 Characters Complex (3 of 4: uppercase, lowercase,
number or symbol) Don’t use things that are easily
identifiable from social media. Don’t use your work password at home. Don’t just change 1 number each time.
![Page 54: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/54.jpg)
It takes more than a firewall
![Page 55: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/55.jpg)
It takes more than a firewall With so many threats, so many attack
vectors, we fight a multi-front war. 7-Character complex passwords aren’t
enough anymore. Enterprise Antivirus software is
essential, but it isn’t enough. A strong Firewall is essential, but it isn’t
enough. Security must be a responsibility of
every user, not just the IT guys.
![Page 56: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/56.jpg)
It takes more than a firewall Keep staff updated of new threats. Acknowledge their successes in
spotting and avoiding danger, don’t just berate them when they fail.
We must keep users engaged; they MUST become a part of the security process.
Our users are our biggest vulnerability, but they are also our most effective line of defense.
![Page 57: Thane Barnier MACE 2016 presentation](https://reader036.vdocument.in/reader036/viewer/2022062902/58eed03f1a28abcc408b4567/html5/thumbnails/57.jpg)
Build yourself a Cyber Militia!