Ransomware, Malware and Viruses; How to Protect Yourself

Ransomware, Malware and Viruses; How to Protect YourselfPresented by Ben Jones Technical Stream One

Ransomware, Malware and Viruses/seminars

Agenda

Cybercrime – What, Why and How?

Prevention – Avoiding Infection

Recovery – Dealing With Infection

Cybercrime1

Cybercrime

“Criminal activities carried out by means of a computer”

What is Cybercrime?

Cybercrime

Currently at a bigger risk than ever

What is Cybercrime?

Cybercrime

Currently at a bigger risk than ever

Over 140m new malware samples recorded in 2015

What is Cybercrime?

Cybercrime

Estimated as a $400bn industry in 2015, rising to $2tn by 2019

The Numbers Behind Malware

Cybercrime

Typically, only 4% of malware alerts are investigated

Cybercrime

Typically, only 4% of malware alerts are investigated

Malware-laced emails claim victims within 82s on average

Cybercrime

Forms of Malware

Cybercrime

Forms of Malware

Cybercrime The Internet Of Things

Cybercrime

Rootkit

Forms of Malware

Cybercrime

Rootkit

Trojan Horse

Forms of Malware

Cybercrime

Rootkit

Trojan Horse

Forms of Malware

Cybercrime

Rootkit

Trojan Horse

Ransomware

Forms of Malware

Cybercrime Ransomware

“The ransomware is that good… To be honest, we often just advise people to pay the ransom”

-Joseph Bonavolonta

Cybercrime Ransomware

“The ransomware is that good… To be honest, we often just advise people to pay the ransom”

-Joseph Bonavolonta

Cybercrime

Ransomware can – and does – stop businesses functioning

Ransomware

Cybercrime

It’s effective and lucrative for attackers

Ransomware

Cybercrime Ransomware – As A Service

Cybercrime

“Safe” platforms like mobile, macOS, Linux etc. are viable

Ransomware

Cybercrime

Cryptolocker extorted around $30m in it’s first 100 days

Ransomware

Cybercrime

It will use your infrastructure against you!

Ransomware

Cybercrime

It will use your infrastructure against you!

Impact caused by downtime can be significant

Ransomware

Cybercrime

How does ransomware execute itself?

Is it possible to tell when ransomware is encrypting files?

Isn’t it just bluffing?

What Does Ransomware Look Like In Action?

Prevention2

Prevention Prevalent Methods of Attack In Education

These are the most common attack vectors RM have seen:

• Opened a malicious email attachment

• Browsed infected sites/ads with outdated plugin versions

• USB pen drive

Brute force attacks on RDP sessions have also been seen

Prevention Where Are You Vulnerable?

Firewalls, Security Appliances and Infrastructure

Wireless networks

Wired network points

Anti-Virus solution

Software

End users

Passwords

Wireless networks

Anti-Virus solution

Software

End users

Passwords

Your security is only as strong as the weakest link in the chain

Prevention What’s The Best Solution?

There’s no single “best solution” to malware prevention

Prevention What’s The Best Solution?

There’s no single “best solution” to malware prevention

A balance of software, hardware and education works best

Prevention Firewalls and Security Appliances

Patches for bugs and security exploits

Default passwords

Ineffectively/incorrectly configured

Default passwords

Ineffectively/incorrectly configured

Unsupported and EoL products

Wireless networks

Prevention Wireless Networks

Signal can reach outside your premises

Use secure methods of authentication and encryption

Segregate guest networks from data network

Use managed wireless rogue detection capabilities

Wireless networks

Prevention Wired Network Points

Disconnect/Disable any unused network points

Prevention Wired Network Points

Disconnect/Disable any unused network points

Employ MAC address based port security

Wireless networks

Anti-Virus solution

Prevention Anti-Virus Solution

Centralise management in large environments

Definition updates

Product updates

Prevention Anti-Virus Product Updates

“These vulnerabilities are as bad as it gets. They don’t require any user interaction…”

-Tavis Ormandy, Project Zero

Wireless networks

Anti-Virus solution

Software

Prevention Software

Software patches often fix security flaws, they are important!

Prevention Software

Flash Player and Java are often exploited for weaknesses

Prevention Software

Make updating software part of regular NMTs

Prevention Software

Make updating software part of regular NMTs

Macros are often exploited – disable them in Group Policy

Wireless networks

Anti-Virus solution

Software

End users

Prevention End Users

External storage (pen drives)

Prevention Pen Drives

Prevention USB Pen Drive Study

Prevention Disabling External Drives

Block external drives by Group Policy Object

TEC4341616

Personal devices

Social Engineering

Prevention Social Engineering

“You could spend a fortune purchasing technology and services… And your network infrastructure could still remain vulnerable to old-fashioned manipulation”-Kevin Mitnick

Prevention Psychology Of Social Engineering

Social engineers prey on basic human instincts:

• Fear

• Obedience

• Fear

• Obedience

• Urgency

• Fear

• Obedience

• Urgency

• Sympathy

• Fear

• Obedience

• Urgency

• Sympathy

• Greed

• Fear

• Obedience

• Urgency

• Sympathy

• Greed

Often more than one of these emotions are combined

Prevention Phishing Emails

Prevention Social Engineering – Cloned Web Sites

Prevention Social Engineering – Cookies and Identity Theft

“Cookies are insecure, no matter what you do…‘Authentication cookies’ are often exploitable”

-Kevin Fu

Prevention Social Engineering – Cookies & Identity Theft

Prevention Social Engineering Countermeasures

EDUCATION!!!

https://www.sonicwall.com/phishing/

EDUCATION!!!

Implement digital controls to mitigate/block risks

EDUCATION!!!

Destroy paper and digital records securely

EDUCATION!!!

Employ the Principle of Least Privilege

EDUCATION!!!

Employ the Principle of Least Privilege

CC4 Networks – Check your privileged users!

Wireless networks

Anti-Virus solution

Software

End users

Passwords

Prevention Passwords

Passwords are effectively the keys to your network

Encourage, enforce and follow good password practice

Enforcing too much complexity can make things worse

Consider using passphrases rather than passwords

Prevention How Secure Is My Password?

T1ddles14

4 Days

Prevention How Secure Is My Passphrase?

my cat is called tiddles

4 Sextillion Years

Password managers minimise risk from website hacks

Configure account lockouts for privileged accounts

Treat your password like a toothbrush. Don’t let anyone else use it, and get a new one every six months.

-Clifford Stoll

Recovery3

Recovery Despite All Best Efforts…

Prevention is still better than cure

Recovery Despite All Best Efforts…

Prevention is still better than cure

Typical mindset needs to change during an attack

Recovery Identify, Isolate, Remove, Restore

Identify the affected user and/or workstation

Recovery Identifying – File Ownership

Recovery Share And Storage Management

Disable the user account, and disconnect the PC

Find out how the malware got in, and deal with it

Recovery Scanning Files and Websites

http://www.virustotal.com

Rebuild infected PCs to remove all traces

Restore any affected network files from backup

Recovery What If A Server Is Infected?

Server infections will require more careful planning

Like PCs, servers should be disconnected from the network

Depending on the severity, DR may be the fastest option

Without a DR process, full recommissions may be required!

Check if a decryption tool exists as a last resort

Recovery Backup Considerations

Backups are the only guaranteed method of recovery

Don’t rely on backups which are accessible on your LAN

Follow the 3-2-1 rule

Check regularly with test restores

Backups only protect backed up servers, not workstations

Don’t rely on Shadow Copies, Snapshots or Cloud Sync!

Recovery Disk To Disk To Tape Backup Model

Recovery Disk To Disk To Cloud Backup Model

Summary5

Summary Cybercrime

Cybercrime can take many shapes and forms

Summary Cybercrime

The best method of prevention is to reduce the attack surface

Summary Cybercrime

The best method of prevention is to reduce the attack surface

It’s important to educate yourselves and others

Summary How Can RM Help?

Network Vulnerability Testing

Summary Network Vulnerability Testing

Free Online Safety Review

Summary Online Safety Review

http://bit.ly/2eKhWOG

Managed Anti-Virus Solutions

Backup Solutions

Secure Broadband

Summary

Think, then click.

Not the other way around.

Ransomware, Malware and Viruses; How to Protect YourselfPresented by Ben Jones Technical Stream One

Ransomware, Malware and Viruses; How to Protect Yourself

Documents

Transcript of Ransomware, Malware and Viruses; How to Protect Yourself

SPLUNK SECURITY USE CASE DETECTING UNKNOWN … · WHITE PAPER SPLUNK SECURITY USE CASE DETECTING UNKNOWN MALWARE AND RANSOMWARE Detecting unknown malware and ransomware…

Malware Viruses Ransomware. Can my computer be infected by just visiting certain websites in my windows browser? How can I be sure my computer and.

Beware of Ransomware: How To Prevent Computer Viruses

Understanding and Responding to Ransomware Attacks · Understanding and Responding to Ransomware Attacks Ransomware is a malware, which prevents users from accessing the system or

Malware, Spyware, and Viruses

Benchmarking Deception Technologies - FireCompass · Malware (including ransomware): Deception solutions can help prevent the spread of malware/ransomware by luring the malware to

Complete Protection for All Devices from Internet Threats€¦ · against cyber threats such as viruses, malware, spyware, ransomware, phishing, and Internet scams. Includes award-winning

Viruses. Malware versus Virus Viruses belong to a larger category of software known as Malware, which is short for “malicious software” Computer viruses.

How to Protect Your Networks from Ransomare… · Protecting Your Networks from Ransomware . Protecting Your Networks from Ransomware . Ransomware is the fastest growing malware threat,

Evaluation Metric for Crypto-Ransomware Detection Using ... · Crypto Encryption Evaluation Machine learning Metric Ransomware Detection ABSTRACT Ransomware is a type of malware that

WHAT IS RANSOMWARE?? - Datto · ‘Malware’ is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses,

Raj Kumar - ITU€¦ · $1.5 to $2 billion $80 to $120 million What does a stealth bomber cost? ... Malware •Malware-as-a-Service •IoT Malware •Mobile Malware •Ransomware

Email keeps getting us pwned - Avoiding Ransomware and malware

Malware: Scanners, Sniffers, Viruses, Worms, Mobile Code

Viruses, Spyware , Malware and Phishing

WHAT IS RANSOMWARE? - Datto · ‘Malware’ is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses,

MOBILE MALWARE EVOLUTION 2016 - Securelist · PDF fileMobile ransomware ... This malware simultaneously installs its modules in the system directory, ... to mobile malware products,

Protect your · support Trend Micro offers comprehensive protection against ransomware, malware, viruses, spearfishing, spyware, bots, trojans and other threats; all are identified

Protecting Your Network from Malware - Akamai...Protecting Your Network from Malware The threat landscape is becoming increasingly hostile. Malware and ransomware campaigns, phishing

Title: Ransomware: How consumers and businesses value ...... · latest threat trends including vulnerabilities, exploits, active attacks, viruses and other malware, spam, phishing,