CYBER SECURITY 101

AN INTRODUCTION TO INFOSEC

Travis Good

Introduction This session will provide you with

suggestions on how to protect your personal information and devices and what you need protection from

Topics:What is Cyber Security?ThreatsBest Practices & Protecting your identityWhat to look for and what to do if something

goes terribly wrong

What is Cyber Security? Cyber = Digital Protection of information systems from

theft or damage to the hardware, the software, and the information on them

Includes disruption or misdirection of the services they provide

What is a Cyber Crime? Illegal access Illegal Interception System Interference Data Interference Misuse of devices Fraud

Threats Malware Hackers Social Engineering Espionage

Malware Any software used to disrupt, gather

information, gain access, extort money, or display advertising

Viruses, Trojans, Spyware, Worms Often disguised as normal files Affects all systems – Windows, OS X,

Android, iOS

Malware - CryptoLocker

Hackers “Trespass” into computers or systems Use compromised computers to:

Send spam or virusesGather data

○ Credit Cards, SSNsGather credentialsSell access (botnets)

Hackers – BotNets BotNets are groups of

compromised computers Sold on black markets Often used in DDoS

attacks Average cost is $67

for 24 hours

Hackers - BotNets Distributed Denial of Service Attacks

disrupt services

Social Engineering Attacks that rely on human interaction Usually revolve around tricking people

into performing actions or divulging information

Most common attacks:Baiting – real-world Trojan HorseVishing – calls about a “virus”Phishing

Phishing Emails disguised as an official

notification Usually attempt to create a sense of

urgency Generally in search of credentials

Phishing

Espionage Governments

Classified documents & archivesStrategic plansCorruption

CorporationsTrade secretsR&D of new technologyFinancial data

Espionage Norse Attack Map

http://map.norsecorp.com/#/

High Profile Attacks Target Celebrity iCloud Ashley Madison Sony Stuxnet

Target Breach – 2013 Gained credentials via a Phishing

campaign on 3rd party HVAC firm Installed malware on thousands of POS

systems for 2 months 40 million credit and debit cards 70 million customer records 50% profit drop that quarter CEO and CIO resigned

Celebrity iCloud Breach - 2014 Weakness in iCloud’s API allowed

attackers to make unlimited login attempts

Brute-force tools were successful Attackers were able to download entire

backups without ever accessing victims’ iPhones

Backups included documents, contacts, texts, and pictures

Ashley Madison Breach - 2014 Hacktivists “Impact Team” attacked

because of moral/ethical reasons Believed to have gained entry from

former employee 32 million users’ account details dumped

online New websites built specifically to search

through data dump

Sony Breach - 2014 Attackers gained credentials from fake

Apple ID phishing emails Many high-level executives used same

passwords Once in, attackers spread across

network with new “Wiper” malware Attackers had access for more than a

year, stole 100 terabytes of data Connected to North Korean government

Stuxnet - 2009 Believed to be world’s first

“cyberweapon” with physical fallout Developed by US & Israeli governments Specialized worm developed to

sabotage Iranian nuclear program Targeted computer systems controlling

uranium centrifuges Destroyed over 1,000 centrifuges, set

back program by 2 years

Best Practices Install OS/Software Updates Run Anti-Virus Software Practice Good Password Management Turn On Personal Firewalls Know How To Spot a Phish

Install Updates 80% of exploit instances are crimes of

opportunity 70% of last year’s breaches exploited a

known vulnerability at least 1 year old Always Update Windows and OS X Commonly exploited programs:

JavaAdobe Flash PlayerIE & Safari

Automatic Updates - Windows

Automatic Updates – OS X

Run Anti-Virus Software Over 100,000 known variants of

malware across all operating systems Antivirus Firms give each variant a

unique identifier called a “signature” Antivirus programs detect programs

based on these signaturesRemove virusesQuarantine infected filesPrevents future infections

Antivirus Programs Avira

Mac and PC Sophos

Multiple computers from a single interface Malwarebytes Anti-Malware

Good second line of defense

Password Don’ts Never use your name Don’t use information about you

BirthdayPhone NumberLocation

Never give your password to anyone at any time

Don’t use the same password for multiple services

Password Do’s Long password that is easy to

rememberLength generally the most important factor

Use upper and lower case Use a symbol or a number Best method: use a short phrase or

sentenceInclude spaces and punctuation

Breaking Passwords Brute Force Attack

aaaaaa, aaaaab, etc.Thousands of tries per second

Dictionary AttackWord lists

Hybrid AttackDictionary + Brute Force

Password Strength “Buffalo!”

8 characters Upper & Lower case Special CharacterEasy to remember

Strong password?Let’s check

○ https://howsecureismypassword.net/

Password Strength “Buffalo!”

Password Strength “I love cold beer.”

17 charactersUpper & Lower case4 special charactersEasy to remember

Strong password?

Password Strength “I love cold beer.”

Further Protection Two-Factor Authentication

Combination of 2 forms of identification from separate categories

Most common method uses SMS codes

Two-Factor Authentication Most major sites now offer it as an

optional settingFacebookGmail, Yahoo, MicrosoftTwitterInstagramTumblrMost Banks

Turn On Personal Firewalls Protective barriers between computers

and the internet Hackers search the internet by sending

out pings and waiting for responses Stop your system from replying

Enabling Firewall - Windows

Enabling Firewall – OS X

What To Look For Know the signs of being compromised If you get an official notice of

compromise, take it seriously Pay attention to media reports Listen to your gut Know how systems and apps run

normally, take notice when they don’t

Know How to Spot a Phish

Did I Get Owned? Signs of compromise:

Computers○ Sudden appearance of popups○ System running very slow○ Browsers redirecting to weird pages○ Files corrupt, or simply won’t open○ Antivirus suddenly disappears or stops

working

Did I Get Owned? Signs of compromise:

Accounts○ Loss of access○ Strange activity

Unfamiliar sent itemsMessages disappearingRandom transactions

- Can be many small purchases or a few large transfers

Okay, I Got Owned. What to do if compromised:

Computer○ Disconnect from the internet immediately○ Run anti-virus scans with multiple products

Use another computer or recruit a friend○ If the scans find anything, clean and reboot○ If the scans don’t find anything, backup

personal files and restore to a previous OS version

System Restore - Windows

Time Machine – OS X

Okay, I Got Owned. What to do if compromised:

Accounts○ Reset passwords immediately

Start with emailIf email is compromised, reset all accounts

associated with it○ Regain access to hacked accounts

Most sites have means of reclaiming○ If account is banking related, contact bank

ASAP

Okay, I Got Owned. What to do if compromised:

Identity○ Contact all 3 major credit bureaus: Equifax,

Experian, and TransUnionOrder credit reportsFile initial fraud alert

○ Contact local police and report identity theft○ Request all new banking cards○ Closely monitor future monthly statements

and credit

To Summarize Cyber Security is critical

Reliance on technology will continue to increase

As security measures become more effective, so will the threats○ APTs

Information is a commodity

To Summarize Protecting yourself is your responsibility

Stay up to datePractice good password managementKeep your eye out for strange activityIf unsure, ask!

○ Google is your friend○ So am I

If compromised, act quickly

Questions? Email me any time! tggood@wtamu.edu