7 Effective Habits whenusing the Internet

Philip O’Kane

1

Introduction

Who are the players?

The Attackers

IT Support/Department

End-user

Attack Surface

What is an attack surface

How well are you protected?

Myths about Malware (Virus, Worm, Trojan, etc.)

Seven Effective Habits

2

The Players

IT Department Multifunction Resolve Issues Protect User, Assets and Networks

User Carry out Business function Protect Asset

Attacker(Malware)

Assets Personal Information Account Details IPR

Firewall

3

Attack Surface

4

Firefox

InternetExplorer

Chrome

Java AppsEmail

Web Browser

Flash Player

Vulnerability(Bug or Poor configuration)

Assets Personal Information Account Details IPR

Attacker(Malware)

Attacks

The End-user PC is inside the firewall

It inherits the trusted status of the PC and can access sensitive information

Use privileged protocols to access data

Spread to others using privileged protocols

Email everyone in your contacts with malware attachments

Backdoor access – can send data to the attackers

Used as part of a Botnet to attack others (DDOS)

5

Attacks on Corporates

Bank Dbase hacked $45 Million in ATM (Dec 2013)

RSA Security,40 million employee records

stolen (March 2011)

Sony's PlayStation Network (April 2011)

77 million accounts hacked

Sony site was down for a month

6

Attacks on the Individual

Mobile Ransomware (2014)

Spam Emails

PayPal (URLs).

Emails with attachments

Zip, SCR, EXEC

CryptoLockers/Ransomware

Backdoors

USB

Found or given a USB at a show

7

IT Departments/Defence Solutions

Firewall configuration

Internet protocols

Open ports

Patch Deployment

Centralised vulnerability remediation as exploitations are on the internet within 8 hours of patch deployment (Patch Tuesday)

Permitting open policies for privileged user authority

70% of stolen data via USBs

8

Myths

I will know when I’m infected

Malware is just for Windows

Email attachments from known persons are safe

Visiting only reputable sites is completely safe

Malware is not a problem, I have nothing important on my PC

9

I will know when I’m infected

Malware Detection Rate over 30 Days

10

0->25% 26->50% 51->75% 76->90% 91->100%Key

Day 1 8 15 22 30

McAfee 22% 53% 85% 86% 86%

Kaspersky 22% 87% 91% 92% 92%

AVG 13% 85% 92% 92% 93%

Virus Buster 10% 30% 46% 74% 74%

Symantec 21% 36% 43% 46% 47%

Trend Mirco 17% 29% 32% 32% 38%

Poor Good

"Cyveillance testing finds AV vendors detect on average less than 19% of malware attacks", Aug, 2010, https://www.cyveillance.com/web/blog/press-release/cyveillance-testing-finds-av-vendors-detect-on-average-less-than-19-

of-malware-attacks.

Zero Day

Malware is just for Windows

Window is the biggest target

Windows 8 release - a firm announced a zero-day vulnerability that circumvents all new security enhancements in Windows 8 and Internet Explorer 10

Mobile phone

Study claims 614% increase last year.

Android accounts for 92% of total infections (June 2013)

Apple Mac

Small volume of malware to date

11

Email attachments from known persons are safe

Do not execute untrusted programs

Internet protocols

Open ports

Email attachments

Who can you trust?

Has your friend been hacked?

Embedded URLs

(Spear) Phishing Emails

PayPal scam etc.

12

Visiting only reputable sites is completely safe

Advice such as ‘Do not visit risky websites’

It is good advice

The converse is not necessary true

Reputable websites can be hacked

NBC Media website hacked, which installed fake antivirus software (Feb 2013).

msn.co.nz website hacked to re-directed to a site that hosts pictures of Bill Gates (MS) with pie on his face.

EA games web server hacked to host phishing website, users where asked to enter their Apple IDs and personal information.

13

Malware in not a problem, I have nothing..

Malware is not a problem, I have nothing important on my PC

Even if your computer has nothing important stored on it

Address books can be used to send out spam and malicious emails

Malware can record all of your keystrokes and steal your usernames and passwords. When the malware authors have that information, they can use it to cause severe damage ranging from financial loss to identity theft.

Bank account details Social media website to scam friends

14

Reduce your Attack Surface

Browser

Use the latest browser

Update your security regularly

Browser controls

Games and Apps

Do you need those apps?

Where to get apps?

15

Reduce your Attack Surface

Portable media

Two-thirds of lost USB drives carry malware – from a survey of USB drives in a lost and found department

Beware of USBs you find lying around

Malware infected USB drives handed out at a trade show

16

Seven Effective Habits

You can’t disengage your brain

Be safe both at work and home

Update your software to include latest patches

Use the latest software

Don’t install software you don’t use

Be careful about the apps you download - Games etc.

Run with minimum privileges

17