ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT 2014.
-
Upload
leonel-penwell -
Category
Documents
-
view
218 -
download
5
Transcript of ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT 2014.
COMPUTER SECURITYCOMPUTERS AND NETWORKS WERE ORIGINALLY DEVELOPED TO FACILITATE ACCESS,
NOT TO RESTRICT IT.
SOFTWARE/HARDWARE SYSTEMS KNOWN AS FIREWALLS ARE OFTEN USED TO PROVIDE “CHOKE POINTS” FOR COMPUTER SYSTEMS.
• THEY PREVENT UNAUTHORIZED LOGINS FROM THE OUTSIDE WORLD.
• THEY AUDIT THE TRAFFIC ENTERING AND EXITING THE SYSTEM.
• THEY MAY BE USED TO BLOCK OUTGOING DATA TO UNAUTHORIZED DESTINATIONS.
INTERNET SECURITYIS 376OCTOBER 28, 2014 PAGE 2
INTERNET SECURITYIS 376OCTOBER 28, 2014 PAGE 3
DENIAL OF SERVICE ATTACKS“DENIAL OF SERVICE” ATTACKS CONSIST OF THE CONSUMPTION OF A
LIMITED RESOURCE, USUALLY NETWORK CONNECTIVITY, IN AN EFFORT TO DENY LEGITIMATE ACCESS TO THAT RESOURCE.
IN THIS TYPE OF ATTACK, THE ATTACKER BEGINS THE PROCESS OF ESTABLISHING A CONNECTION TO THE VICTIM MACHINE, BUT DOES IT IN
SUCH A WAY AS TO PREVENT THE ULTIMATE COMPLETION OF THE CONNECTION.
IN THE MEANTIME, THE VICTIM MACHINE HAS RESERVED ONE OF A LIMITED NUMBER OF DATA STRUCTURES
REQUIRED TO COMPLETE THE IMPENDING CONNECTION.
THE RESULT IS THAT LEGITIMATE CONNECTIONS ARE DENIED WHILE THE VICTIM MACHINE IS WAITING TO COMPLETE BOGUS "HALF-OPEN" CONNECTIONS.
INTERNET SECURITYIS 376OCTOBER 28, 2014 PAGE 4
VIRUSESA VIRUS IS A COMPUTER PROGRAM FILE CAPABLE OF ATTACHING TO
DISKS OR OTHER FILES AND REPLICATING ITSELF REPEATEDLY, TYPICALLY WITHOUT USER KNOWLEDGE OR PERMISSION.
SOME VIRUSES ATTACH TO
FILES SO WHEN THE INFECTED
FILE EXECUTES, THE VIRUS ALSO
EXECUTES.
OTHER VIRUSES SIT IN A COMPUTER'S
MEMORY AND INFECT FILES AS THE
COMPUTER OPENS, MODIFIES OR
CREATES THE FILES.
SOME VIRUSES DISPLAY SYMPTOMS, AND SOME VIRUSES DAMAGE FILES AND COMPUTER SYSTEMS.
INTERNET SECURITYIS 376OCTOBER 28, 2014 PAGE 5
WORMSWORMS ARE PARASITIC COMPUTER PROGRAMS THAT
REPLICATE, BUT UNLIKE VIRUSES, DO NOT REQUIRE ACTION ON THE PART OF HUMAN USERS IN ORDER TO SPREAD.
WORMS CAN CREATE COPIES ON THE SAME COMPUTER, OR CAN SEND THE COPIES TO OTHER
COMPUTERS VIA A NETWORK.
WORMS OFTEN SPREAD VIA E-MAIL OR CHAT APPLICATIONS, TAKING ADVANTAGE OF FILE
OR INFORMATION TRANSPORT FEATURES TO SPREAD UNAIDED BY HUMAN ACTION.
INTERNET SECURITYIS 376OCTOBER 28, 2014 PAGE 6
TROJAN HORSESA TROJAN HORSE IS A MALICIOUS PROGRAM THAT
PRETENDS TO BE A BENIGN APPLICATION.
A TROJAN HORSE PROGRAM PURPOSEFULLY DOES SOMETHING
THE USER DOES NOT EXPECT.
TROJAN HORSES ARE NOT VIRUSES SINCE THEY DO NOT REPLICATE, BUT THEY CAN BE
JUST AS DESTRUCTIVE.
ONE TYPE OF TROJAN HORSE, KNOWN AS A LOGIC BOMB, IS SET TO EXECUTE WHENEVER A SPECIFIC EVENT OCCURS (E.G., A CHANGE IN A FILE, A
PARTICULAR SERIES OF KEYSTROKES, A SPECIFIC
TIME OR DATE).
INTERNET SECURITYIS 376OCTOBER 28, 2014 PAGE 7
WATERING HOLE ATTACKSWITH INCREASED VIGILANCE AGAINST MALWARE ATTACKS, SOME
ATTACKERS HAVE RESORTED TO INDIRECT WATERING HOLE ATTACKS.
• THE ATTACKERS INJECT AN “EXPLOIT” CONTAINING MALWARE ONTO A TRUSTED SITE THAT THEIR INTENDED TARGET OFTEN VISITS.
• WHEN THE TARGET VISITS THE SITE, THE EXPLOIT DROPS ITS MALWARE ONTO THE VICTIM’S SYSTEM.
• THE ATTACKERS CAN THEN LAUNCH THEIR MALICIOUS ATTACK VIA THEIR LAUNCHED MALWARE.
INTERNET SECURITYIS 376OCTOBER 28, 2014 PAGE 8
ZERO DAY VULNERABILITIESWHEN ATTACKERS DISCOVER A VULNERABILITY IN A SOFTWARE
SYSTEM BEFORE THE SYSTEM DEVELOPERS DO (OR AT LEAST BEFORE THEY FIX IT), THE ATTACKERS TRY TO DEVELOP “EXPLOITS” (I.E.,
STRATEGIES FOR TAKING ADVANTAGE OF THAT VULNERABILITY) ON “DAY ZERO” OF AWARENESS OF THE VULNERABILITY.
AFTER SOME SOFTWARE DEVELOPERS TOOK OVER FOUR YEARS TO ADDRESS KNOWN VULNERABILITIES, HEWLETT-PACKARD’S ZERO DAY INITIATIVE WAS SET UP TO REWARD RESEARCHERS WHO REPORTED VULNERABILITIES TO ZDI,
WHICH WOULD TRY TO WORK WITH THE VENDOR TO DEVELOP A PATCH FOR THE PROBLEM.
IN ANY CASE, THE DEVELOPER WOULD HAVE NO MORE THAN 180 DAYS TO FIX THE VULNERABILITY BEFORE ZDI WOULD
RELEASE THE INFORMATION TO THE PRESS.
INTERNET SECURITYIS 376OCTOBER 28, 2014 PAGE 10
UNSOLICITED COMMERCIAL E-MAIL (SPAM)E-MAIL IS SENT TO A VAST NUMBER OF USERS, WITH THE HOPES THAT SOME SMALL
PERCENTAGE OF THEM WILL RESPOND TO AN “IRRESISTIBLE” OFFER AND PURCHASE WHAT TURNS OUT TO BE A BOGUS PRODUCT AT A “BARGAIN” PRICE.
INTERNET SECURITYIS 376OCTOBER 28, 2014 PAGE 12
ZOMBIE ARMIES (BOTNETS)ZOMBIE COMPUTERS, VIRUS-INFECTED COMPUTERS THAT
PERFORM MALICIOUS TASKS UNDER REMOTE DIRECTION, ARE THE
MAJOR DELIVERY METHOD OF SPAM.
INTERNET SECURITYIS 376OCTOBER 28, 2014 PAGE 13
SPAM RED FLAGSAMONG THE TELLTALE SIGNS THAT AN E-MAIL MESSAGE COULD BE
SPAM:
• FREQUENT USE OF CHARACTERS THAT ARE NEITHER NUMBERS NOR LETTERS.
• TRANSMISSION TIME IN THE WEE HOURS OF THE NIGHT.
• USE OF HUSTLE PHRASES, LIKE “DOUBLE YOUR INCOME” OR “LOSE WEIGHT FAST”.
INTERNET SECURITYIS 376OCTOBER 28, 2014 PAGE 14
PHISHING EXPEDITIONPHISHING IS A HIGH-TECH SCAM
THAT USES SPAM OR POP-UP MESSAGES TO DECEIVE WEB USERS
INTO DISCLOSING CREDIT CARD NUMBERS, BANK ACCOUNT
INFORMATION, SOCIAL SECURITY NUMBER, PASSWORDS, OR OTHER
SENSITIVE INFORMATION.
INTERNET SECURITYIS 376OCTOBER 28, 2014 PAGE 15
SPEAR PHISHINGINSTEAD OF SENDING THOUSANDS OF RANDOM E-MAILS, HOPING A FEW VICTIMS WILL
BITE, SPEAR PHISHERS TARGET SELECT GROUPS OF PEOPLE WITH SOMETHING IN COMMON (E.G., WORK AT THE SAME COMPANY, ATTEND THE SAME COLLEGE).
FIRST, CRIMINALS NEED SOME INSIDE INFORMATION ON THEIR TARGETS TO CONVINCE THEM THE E-MAILS ARE LEGITIMATE. THEY OFTEN OBTAIN IT BY HACKING INTO AN ORGANIZATION’S COMPUTER NETWORK OR BY COMBING THROUGH OTHER WEBSITES, BLOGS, AND SOCIAL NETWORKING SITES.
NEXT, THEY SEND E-MAILS THAT LOOK LIKE THE REAL THING TO TARGETED VICTIMS, OFFERING ALL SORTS OF URGENT AND LEGITIMATE-SOUNDING
EXPLANATIONS AS TO WHY THEY NEED YOUR PERSONAL DATA.
FINALLY, THE VICTIMS ARE ASKED TO CLICK ON A LINK INSIDE THE E-MAIL THAT TAKES THEM TO A PHONY BUT REALISTIC-LOOKING WEBSITE, WHERE THEY ARE ASKED TO PROVIDE PASSWORDS,
ACCOUNT NUMBERS, USER IDS, PINS, ETC.
INTERNET SECURITYIS 376OCTOBER 28, 2014 PAGE 16
SPEAR PHISHING WORD CLOUDCERTAIN WORDS ARE USED FREQUENTLY IN SPEAR PHISHING EFFORTS, USUALLY ASSOCIATED WITH URGENCY OR OTHER ATTENTION-GRABBING CONNOTATIONS.
INTERNET SECURITYIS 376OCTOBER 28, 2014 PAGE 17
MOBILE ADWARE (MADWARE)DEVELOPERS MONETIZE MOBILE APPS BY DISPLAYING ADVERTISEMENTS ON THEM. THEY USE AD LIBRARIES THAT HAVE THE ABILITY TO COLLECT INFORMATION ABOUT
THE APP’S USER IN ORDER TO SERVE TARGETED ADVERTISEMENTS.
THIS CAN BE ABUSED AND, DEPENDING
ON WHICH AD LIBRARY
FEATURES THE DEVELOPER CHOOSES TO
USE, PERSONAL
DATA CAN BE LEAKED
THROUGH AN AD LIBRARY.
ADDITIONALLY, AN AD LIBRARY
CAN EXHIBIT ANNOYING BEHAVIORS
SUCH AS DISPLAYING ADS IN THE
NOTIFICATION BAR, CREATING AD ICONS, OR
CHANGING WEB BROWSER
BOOKMARKS.