Upload File

recognizing, detecting and preventing cyber security threats...•now known to hackers as a victim...

  • Home
  • Documents
  • Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats
21
Cyber Hygiene Practices 11/30/17 Bloustein Local Government Research Center 1 2017 Annual Governmental Accounting & Auditing Update Conference Rutgers Business School By Marc Pfeiffer, Assistant Director Bloustein Local Government Research Center Rutgers University Recognizing, Detecting and Preventing Cyber Security Threats

Upload: others

Post on 12-Jul-2020

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 1

2017AnnualGovernmentalAccounting&AuditingUpdateConference

RutgersBusinessSchoolByMarcPfeiffer,AssistantDirectorBlousteinLocalGovernmentResearchCenter

RutgersUniversity

Recognizing,DetectingandPreventingCyberSecurityThreats

Page 2: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 2

BOTTOMLINE▪ Criminalstrytomanipulatepeopleinto

divulgingpersonalorbusinessinformationortrickthemintoschemestodefraud

▪ Criminalscanbeindividualsorpartofindustrialized,cybercrimebusinesses

Nosinglefixsincethethreatskeepchanging;It’saperpetutalbattle

Page 3: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 3

WHYSHOULDICARE?

•60%ofemployeeswillclickaphishinglink

•30%ofthemwillactuallygiveuporganizationcredentials

•20%statedtheywouldselltheirorganizationalpassword

REALITY:thebulkofsuccessfulattackscomebecauseanemployeeclickedon

somethingtheyshouldn’thave

TypesofAttacksandThreats• TargetedAttacks– Governmentagenciesaregenerallytargets– Italsohappensifsomethinggoeswrong

• MassAttacks– Thisstemsfromsuccessfulemailphishing,socialengineering,plus“bruteforce”attacksonnetworks

• Man-in-the-MiddleAttack:– Alinktoalog-insitethatlookslegit,butisfraudulentandwillstealyourcredentials

• Unsecurehumans– Clickingonthewronglink/openingthewrongfile– Anemployeewhostealsdataforresaleorillegaluse

Page 4: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 4

SomeCommonTerms

Malware

Destructiveformofcomputersoftwaretransmittedbyemailandwebsitelinks

Viruses,Trojans.Rootkits.Worms.Spyware.Crimeware. Adware

Page 5: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 5

Phishingaformofsocialengineeringthatappearsasemailoratextmessagethatattackersusetogainlogincredentialsoraccountinformation

Anditsevilcousin,thetargetedSpear-PhishorVish,usingvoicetofoolyou

PHISHINGEMAILSEXAMPLES

Phishingemailposesasanimportantemailfromatrustedorganization

– Anotificationfromthepostoffice,UPS,FedExshippinginformingtherecipientofadelivery

– Amessagefromautilityproviderorretaileraboutanoverduebill

– Analertabouttherecipient’staxreturn– Invoicesornoticesforgoodsandservices(Amazon,Costco)

– Fakecreditcardrewardschemes– Directionfromyouremployer,i.e.,needtolog-inbecauseyoulostsomepermission

Eachvariationreliesonourinstincttoactonmessagesthatappeartobeurgent

Page 6: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 6

• Clickingonanattachmentoralinkembeddedinasuspiciousemaillaunchesaprogramthatencrypts(orrewrites)yourfiles.

Page 7: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 7

THISISRANSOMWARE!SOWHATHAPPENS?

• Thefilesareheldforransom;thehackerwhosenttheemailwillrequireapaymentfromyoubeforetheywill(hopefully)sendyouthekey(alineofcomputercode)thatdecryptsthefilesandrestorethem.

• Hopeyouhavebackupstorestoreyoursystem;otherwiseyoupay!

• Nowknowntohackersasavictimandwillbesubjecttofutureattacks

Page 8: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 8

WHEN EMAIL TURNS EVIL!!!

EMAILASSOURCEOFMALWARE?

- Embedded,butfakelinksenticeyoutoopenharmfulwebsites

- Spoofed“from”addresses

- Attachmentscanhaveembeddedvirusesormalware;MSOfficedocumentscanhavemaliciousmacrosinthemorrequeststolinktootherfilesfromafileyoudownloaded.Otherattachmentsincludehtmlandzip.

- Couponsandadvertisementswith“hiddenagendas”

- Alwayswithsuggestionthatyouneedsomething,orcouldgetsomethingforabargain.

Page 9: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 9

PROTECTYOURSELFFROMEVILEMAIL

Page 10: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 10

• Learntohoverandreadlinks!

• Besuspiciousofunexpectedemails

• Donotdownloadoropenattachmentsyouarenotexpecting:• Confirmfirstwiththesenderifitlooksimportant• Orjustdeleteit

• Alwaysbesuspicious(donotletyourguarddown)

• Ifitdoesn’tlookright,it’snotright

• Donotlogintoanaccountfromanemaillinkunlessyouverifyit’salegitemailandsite

• Neverunsubscribefromagroupthatyouareunfamiliarwithordidnotsubscribeto

Page 11: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 11

• Usestrongpasswordsorbetteryetpass-phrases; donotusenames,dateofbirths,oranythingknownaboutyou.Andvarythem.– Particularlyforfinancialsites,siteswithyourcreditcardinformation,andemail.

– Changethemperiodically(annuallyforkeyones)• Donotsharepasswords!– Anythingthathappensonthataccountgetstreatedasifyoudidit.

– Ifyoudoshareapasswordchangeittosomethinggenericbeforeandbacktosomethingcomplexafter;orchangeitafterit’suse

• Useapersonalpasswordmanager

MakingandManagingStrongPasswords

Page 12: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 12

SAFEWEBBROWSING

Page 13: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 13

HTTP

HTTPS

Page 14: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 14

http://masterupdate.net/.....

Ifyouareunsureaboutthistypeofpop-up,searchfor“flashupdate”andgotoanadobe.com sitetocheck.Don’tdownloadfromapop-upthat’snotfromtheadobe.comwebsite.

Page 15: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 15

• DONOTCLICKONsuspiciouspop-upsorunexpectedmessageswhenbrowsing!– Ifatwork,callIT;ifathome,closethewindowor,disconnect

fromnetwork

– Workiswork,nothome!

– Rememberyourwebbrowsingactivitiesaretracked(evenifyouclearthebrowserhistory)!

– DON’TCLICKonthatpop-up!

– DON’TCALLthenumberonthescreen

SafeBrowsing:@Workand@Home

• Thingsthataretoogoodtobetrue,aren’ttrue.Don’tclickonthemordeletethem

• Caughtinaloop?Shutdownandreboot

• StaySafe:Browsetrusted sites:• Knowtheaddress:HTTPvs.HTTPS,andnopasswordsonnon-https sites

• Usetwo-factorauthenticationwhenoffered• Don’tdownload“toolbars”orcleaners,unlessknownorcheckedout.Youprobablydon’tneedthem

KEEPYOURCOMPUTERUPTODATEKeepwindows,antivirus,andbrowser

updatedwithlatestversions

Page 16: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 16

FormsofSocialEngineering

• In-person• Phone• Digital

Page 17: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 17

BEWAREOF……phonecallersaskingforconfidentialemployeror

personalinformation,eveniftheyclaimtobefromIToravendor.ReferthemtoITsupportorhangup.

'Canyouhearme?'phonescamAdangerousnewphonescamisspreadingacrossthecountry,withfauxtelemarketersaskingunwillingvictimstorespondwithasinglewordto"Canyouhearme?"

{ }

Page 18: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 18

UNFORGETTABLES

• Donotlogonandoffacomputerwhenaskedbyanotheremployeeoroutsideperson–unlessidentityisverified

• CallerIDcanbe“spoofed”• Usetwo-factorauthenticationtransactionswheneveritsavailable

• FiscalandHRpeople:POSTIVELYconfirmallemaileddirectionsforanything(especiallyforpersonnelinformationandpaymentdirection)

• Usepasscodeonmobiledevices35

Page 19: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 19

• Nosystemis100%perfect- sincethreatsarealwayschanging

• Stayaware:stop,think,thenconnect• CallyourITsupportpersonwhenindoubt• Athome:www.malwarebytes.com ifyougetinfected

UH,NOPE

PUTTINGITALLTOGETHER

• Don’tbecurious– justdon’tclick• Online;freeisneverfree• Besuspicious– hoverfirstandcheckitout• Ifyoudidn’taskforit,youdon’tneedit• Never openattachmentsfromunknownpeople• Don’tinstinctivelyopenfilesfrompeopleyouknowbutwerenotexpecting;checkwiththemfirst

• LockyourPCwhenawayfromyourdesk– “Ctrl+Alt+Del>Enter”or“Windows+L”

• Testyourself:searchfor“PewCybersecurityQuiz”• www.pewinternet.org/quiz/cybersecurity-knowledge/

Page 20: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 20

Youknowwhattheysay…

Formoreinformationforworkorhomeorschool:www.stopthinkconnect.org

Page 21: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 21

Forfurtherdiscussionandcomments

MarcPfeiffer,AssistantDirectorBloustein LocalGovernmentResearchCenterBloustein SchoolofPlanningandPublicPolicyRutgersUniversityMarc.Pfeiffer@rutgers.edu

• SeetheTechnologyRiskManagementPapersbysearchingfor“Bloustein TechnologyRisk”


Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities

Vulnerability Areas Hackers Scan For When Choosing Their Next Victim

Itu regional workshop...Many threats Cyber criminals, hacktivists,terrorists, state-sponsored, hackers, amateurs, insiders, trusted partners and many other Cyber Security is an unclear

INTERNET SECURITY AND PRIVACY THREATS, AS PERCEIVED BY ... · personal security and information from internet predators, hackers, and other technology-driven sources, and what they

Car hackers

hackers 2 hackers conference III · hackers 2 hackers conference III voip (in)security integrity attacks *caller-id spoofing *problem: easily spoofable/ not always checked / systems

Avoid ecoming a Victim of Holiday Fraud - Constant Contactfiles.constantcontact.com/7084d4fc001/05b9f69c-6bc...Avoid ecoming a Victim of Holiday Fraud Tis the season for hackers, fraudsters,

Hackers Attitude

2014 Car Hackers Handbook - OpenGarages Car Hackers Handbook - OpenGarages

AR EXCLUSIONS AND CYBER THREATS FROM STATES AND …€¦ · War Exclusions and Cyber Threats from States and State-Sponsored Hackers Vincent J. Vitkowsky ... Richard Ledgett, a deputy

AR EXCLUSIONS AND CYBER THREATS FROM STATES AND …€¦ · 1 War Exclusions and Cyber Threats from States and State-Sponsored Hackers Vincent J. Vitkowsky Introduction States and

Hackers Basic

Hackers, Heroes of the Computer Revolution - Higher Intellectcdn.preterhuman.net/.../Hackers,_Heroes_of_the_Computer_Revolution.pdf · HACKERS, HEROES OF THE COMPUTER REVOLUTION 2

Hiring Hackers

Hackers to Hackers Conference 4th. Ed. - Events

ONLINE FILE W9.1 Application Case HACKERS PROFIT FROM …wps.prenhall.com/wps/media/objects/13310/13629484/... · 4. Mobile phone threats, especially against the iPhone and VoIP

Reference Hackers

Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals

Hacking,hackers,hackin effects,top hackers,harmfull effects of hacking

Preventing “Internal Threats in the modern world · 2018. 2. 3. · Preventing “Internal Threats” in the modern world Security Simplified . 2 ... Viruses Spam Hackers Malware

Hackers & hacktivism

Cyber Claims Brief - Willis · Cyber Claims Brief Winter 2016 ... How do hackers infiltrate victim computer networks? The means by which outside attackers gain unauthorized access

What’s the Biggest Risk to Your Business? It’s Not Cyber-Security Threats, Malware, or Hackers – It’s the Financial Effect Those Have on Your Business

Lisp Hackers

Tracking Hackers

Mobile Security Overview Spring 2013. Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users

Brain Hackers

Improving security, centralised command center ... · • Protecting data against sophisticated virtual attacks and cyber penetration threats to cut off hackers access to data and

Growth Hackers

Protect your company data from mobile threats€¦ · security measures in place, hackers are having a heyday. Organizations are challenged with visibility into malicious threats,

Hacks & hackers

i is Easy , is the e i - WatchGuard · common traps set by hackers. In addition to external threats, student networks must be segmented from the In addition to external threats, student

Model Instruction Plan · Web viewLan Wan Operating systems Hackers F. Security threats III. Students should be taking notes as you are showing the Networks and Hackers Presentation

Move Cyber Threats On To Another Target Encrypt Everything ...ISC)2_eSymposium_S… · HACKERS ACTIVELY TARGETING INSIDER ACCOUNTS BIG DATASTATES CLOUD/SAAS NATION CRIMINAL HACKERS

Modern Hackers