• Home

  • Documents

  • Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim...
21
Cyber Hygiene Practices 11/30/17 Bloustein Local Government Research Center 1 2017 Annual Governmental Accounting & Auditing Update Conference Rutgers Business School By Marc Pfeiffer, Assistant Director Bloustein Local Government Research Center Rutgers University Recognizing, Detecting and Preventing Cyber Security Threats

Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

  • Upload
    others

  • View
    4

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 1

2017AnnualGovernmentalAccounting&AuditingUpdateConference

RutgersBusinessSchoolByMarcPfeiffer,AssistantDirectorBlousteinLocalGovernmentResearchCenter

RutgersUniversity

Recognizing,DetectingandPreventingCyberSecurityThreats

Page 2: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 2

BOTTOMLINE▪ Criminalstrytomanipulatepeopleinto

divulgingpersonalorbusinessinformationortrickthemintoschemestodefraud

▪ Criminalscanbeindividualsorpartofindustrialized,cybercrimebusinesses

Nosinglefixsincethethreatskeepchanging;It’saperpetutalbattle

Page 3: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 3

WHYSHOULDICARE?

•60%ofemployeeswillclickaphishinglink

•30%ofthemwillactuallygiveuporganizationcredentials

•20%statedtheywouldselltheirorganizationalpassword

REALITY:thebulkofsuccessfulattackscomebecauseanemployeeclickedon

somethingtheyshouldn’thave

TypesofAttacksandThreats• TargetedAttacks– Governmentagenciesaregenerallytargets– Italsohappensifsomethinggoeswrong

• MassAttacks– Thisstemsfromsuccessfulemailphishing,socialengineering,plus“bruteforce”attacksonnetworks

• Man-in-the-MiddleAttack:– Alinktoalog-insitethatlookslegit,butisfraudulentandwillstealyourcredentials

• Unsecurehumans– Clickingonthewronglink/openingthewrongfile– Anemployeewhostealsdataforresaleorillegaluse

Page 4: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 4

SomeCommonTerms

Malware

Destructiveformofcomputersoftwaretransmittedbyemailandwebsitelinks

Viruses,Trojans.Rootkits.Worms.Spyware.Crimeware. Adware

Page 5: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 5

Phishingaformofsocialengineeringthatappearsasemailoratextmessagethatattackersusetogainlogincredentialsoraccountinformation

Anditsevilcousin,thetargetedSpear-PhishorVish,usingvoicetofoolyou

PHISHINGEMAILSEXAMPLES

Phishingemailposesasanimportantemailfromatrustedorganization

– Anotificationfromthepostoffice,UPS,FedExshippinginformingtherecipientofadelivery

– Amessagefromautilityproviderorretaileraboutanoverduebill

– Analertabouttherecipient’staxreturn– Invoicesornoticesforgoodsandservices(Amazon,Costco)

– Fakecreditcardrewardschemes– Directionfromyouremployer,i.e.,needtolog-inbecauseyoulostsomepermission

Eachvariationreliesonourinstincttoactonmessagesthatappeartobeurgent

Page 6: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 6

• Clickingonanattachmentoralinkembeddedinasuspiciousemaillaunchesaprogramthatencrypts(orrewrites)yourfiles.

Page 7: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 7

THISISRANSOMWARE!SOWHATHAPPENS?

• Thefilesareheldforransom;thehackerwhosenttheemailwillrequireapaymentfromyoubeforetheywill(hopefully)sendyouthekey(alineofcomputercode)thatdecryptsthefilesandrestorethem.

• Hopeyouhavebackupstorestoreyoursystem;otherwiseyoupay!

• Nowknowntohackersasavictimandwillbesubjecttofutureattacks

Page 8: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 8

WHEN EMAIL TURNS EVIL!!!

EMAILASSOURCEOFMALWARE?

- Embedded,butfakelinksenticeyoutoopenharmfulwebsites

- Spoofed“from”addresses

- Attachmentscanhaveembeddedvirusesormalware;MSOfficedocumentscanhavemaliciousmacrosinthemorrequeststolinktootherfilesfromafileyoudownloaded.Otherattachmentsincludehtmlandzip.

- Couponsandadvertisementswith“hiddenagendas”

- Alwayswithsuggestionthatyouneedsomething,orcouldgetsomethingforabargain.

Page 9: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 9

PROTECTYOURSELFFROMEVILEMAIL

Page 10: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 10

• Learntohoverandreadlinks!

• Besuspiciousofunexpectedemails

• Donotdownloadoropenattachmentsyouarenotexpecting:• Confirmfirstwiththesenderifitlooksimportant• Orjustdeleteit

• Alwaysbesuspicious(donotletyourguarddown)

• Ifitdoesn’tlookright,it’snotright

• Donotlogintoanaccountfromanemaillinkunlessyouverifyit’salegitemailandsite

• Neverunsubscribefromagroupthatyouareunfamiliarwithordidnotsubscribeto

Page 11: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 11

• Usestrongpasswordsorbetteryetpass-phrases; donotusenames,dateofbirths,oranythingknownaboutyou.Andvarythem.– Particularlyforfinancialsites,siteswithyourcreditcardinformation,andemail.

– Changethemperiodically(annuallyforkeyones)• Donotsharepasswords!– Anythingthathappensonthataccountgetstreatedasifyoudidit.

– Ifyoudoshareapasswordchangeittosomethinggenericbeforeandbacktosomethingcomplexafter;orchangeitafterit’suse

• Useapersonalpasswordmanager

MakingandManagingStrongPasswords

Page 12: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 12

SAFEWEBBROWSING

Page 13: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 13

HTTP

HTTPS

Page 14: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 14

http://masterupdate.net/.....

Ifyouareunsureaboutthistypeofpop-up,searchfor“flashupdate”andgotoanadobe.com sitetocheck.Don’tdownloadfromapop-upthat’snotfromtheadobe.comwebsite.

Page 15: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 15

• DONOTCLICKONsuspiciouspop-upsorunexpectedmessageswhenbrowsing!– Ifatwork,callIT;ifathome,closethewindowor,disconnect

fromnetwork

– Workiswork,nothome!

– Rememberyourwebbrowsingactivitiesaretracked(evenifyouclearthebrowserhistory)!

– DON’TCLICKonthatpop-up!

– DON’TCALLthenumberonthescreen

SafeBrowsing:@Workand@Home

• Thingsthataretoogoodtobetrue,aren’ttrue.Don’tclickonthemordeletethem

• Caughtinaloop?Shutdownandreboot

• StaySafe:Browsetrusted sites:• Knowtheaddress:HTTPvs.HTTPS,andnopasswordsonnon-https sites

• Usetwo-factorauthenticationwhenoffered• Don’tdownload“toolbars”orcleaners,unlessknownorcheckedout.Youprobablydon’tneedthem

KEEPYOURCOMPUTERUPTODATEKeepwindows,antivirus,andbrowser

updatedwithlatestversions

Page 16: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 16

FormsofSocialEngineering

• In-person• Phone• Digital

Page 17: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 17

BEWAREOF……phonecallersaskingforconfidentialemployeror

personalinformation,eveniftheyclaimtobefromIToravendor.ReferthemtoITsupportorhangup.

'Canyouhearme?'phonescamAdangerousnewphonescamisspreadingacrossthecountry,withfauxtelemarketersaskingunwillingvictimstorespondwithasinglewordto"Canyouhearme?"

{ }

Page 18: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 18

UNFORGETTABLES

• Donotlogonandoffacomputerwhenaskedbyanotheremployeeoroutsideperson–unlessidentityisverified

• CallerIDcanbe“spoofed”• Usetwo-factorauthenticationtransactionswheneveritsavailable

• FiscalandHRpeople:POSTIVELYconfirmallemaileddirectionsforanything(especiallyforpersonnelinformationandpaymentdirection)

• Usepasscodeonmobiledevices35

Page 19: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 19

• Nosystemis100%perfect- sincethreatsarealwayschanging

• Stayaware:stop,think,thenconnect• CallyourITsupportpersonwhenindoubt• Athome:www.malwarebytes.com ifyougetinfected

UH,NOPE

PUTTINGITALLTOGETHER

• Don’tbecurious– justdon’tclick• Online;freeisneverfree• Besuspicious– hoverfirstandcheckitout• Ifyoudidn’taskforit,youdon’tneedit• Never openattachmentsfromunknownpeople• Don’tinstinctivelyopenfilesfrompeopleyouknowbutwerenotexpecting;checkwiththemfirst

• LockyourPCwhenawayfromyourdesk– “Ctrl+Alt+Del>Enter”or“Windows+L”

• Testyourself:searchfor“PewCybersecurityQuiz”• www.pewinternet.org/quiz/cybersecurity-knowledge/

Page 20: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 20

Youknowwhattheysay…

Formoreinformationforworkorhomeorschool:www.stopthinkconnect.org

Page 21: Recognizing, Detecting and Preventing Cyber Security Threats...•Now known to hackers as a victim and will be subject to future attacks. ... •No system is 100% perfect -since threats

CyberHygienePractices 11/30/17

Bloustein Local Government ResearchCenter 21

Forfurtherdiscussionandcomments

MarcPfeiffer,AssistantDirectorBloustein LocalGovernmentResearchCenterBloustein SchoolofPlanningandPublicPolicyRutgersUniversityMarc.Pfeiffer@rutgers.edu

• SeetheTechnologyRiskManagementPapersbysearchingfor“Bloustein TechnologyRisk”


Professional Hackers

Professional Hackers

Technology
What’s the Biggest Risk to Your Business? It’s Not Cyber-Security Threats, Malware, or Hackers – It’s the Financial Effect Those Have on Your Business

What’s the Biggest Risk to Your Business? It’s Not Cyber-Security Threats, Malware, or Hackers – It’s the Financial Effect Those Have on Your Business

Technology
ONLINE FILE W9.1 Application Case HACKERS PROFIT FROM …wps.prenhall.com/wps/media/objects/13310/13629484/... · 4. Mobile phone threats, especially against the iPhone and VoIP

ONLINE FILE W9.1 Application Case HACKERS PROFIT FROM …wps.prenhall.com/wps/media/objects/13310/13629484/... · 4. Mobile phone threats, especially against the iPhone and VoIP

Documents
Hackers, Heroes of the Computer Revolution - Higher Intellectcdn.preterhuman.net/.../Hackers,_Heroes_of_the_Computer_Revolution.pdf · HACKERS, HEROES OF THE COMPUTER REVOLUTION 2

Hackers, Heroes of the Computer Revolution - Higher Intellectcdn.preterhuman.net/.../Hackers,_Heroes_of_the_Computer_Revolution.pdf · HACKERS, HEROES OF THE COMPUTER REVOLUTION 2

Documents
Hacks & hackers

Hacks & hackers

Technology
Hackers vs Hackers

Hackers vs Hackers

Software
Hackers Desk

Hackers Desk

Documents
Hiring Hackers

Hiring Hackers

Technology
Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities

Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities

Documents
INTERNET SECURITY AND PRIVACY THREATS, AS PERCEIVED BY ... · personal security and information from internet predators, hackers, and other technology-driven sources, and what they

INTERNET SECURITY AND PRIVACY THREATS, AS PERCEIVED BY ... · personal security and information from internet predators, hackers, and other technology-driven sources, and what they

Documents
Itu regional workshop...Many threats Cyber criminals, hacktivists,terrorists, state-sponsored, hackers, amateurs, insiders, trusted partners and many other Cyber Security is an unclear

Itu regional workshop...Many threats Cyber criminals, hacktivists,terrorists, state-sponsored, hackers, amateurs, insiders, trusted partners and many other Cyber Security is an unclear

Documents
Improving security, centralised command center ... · • Protecting data against sophisticated virtual attacks and cyber penetration threats to cut off hackers access to data and

Improving security, centralised command center ... · • Protecting data against sophisticated virtual attacks and cyber penetration threats to cut off hackers access to data and

Documents
Hackers to Hackers Conference 4th. Ed. - Events

Hackers to Hackers Conference 4th. Ed. - Events

Documents
AR EXCLUSIONS AND CYBER THREATS FROM STATES AND …€¦ · 1 War Exclusions and Cyber Threats from States and State-Sponsored Hackers Vincent J. Vitkowsky Introduction States and

AR EXCLUSIONS AND CYBER THREATS FROM STATES AND …€¦ · 1 War Exclusions and Cyber Threats from States and State-Sponsored Hackers Vincent J. Vitkowsky Introduction States and

Documents
Hackers Basic

Hackers Basic

Documents
MOBILE THREATS AND ATTACKS. Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users web browser

MOBILE THREATS AND ATTACKS. Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users web browser

Documents
Cyber Security Awareness Training v1.4 NEXT · • Broad threats • Individual hackers • Disgruntled employees • Technology and linear driven security strategy • Checking the

Cyber Security Awareness Training v1.4 NEXT · • Broad threats • Individual hackers • Disgruntled employees • Technology and linear driven security strategy • Checking the

Documents
NETWORK THREAT REVIEW. Page 2 Agenda In this section Network threats Worms Hackers Security holes Social engineering

NETWORK THREAT REVIEW. Page 2 Agenda In this section Network threats Worms Hackers Security holes Social engineering

Documents
Today’s hackers launch threats faster than your customers ...americas.as.techdata.com/na/en-us/solutions/Documents/TD-Security... · and Event Management ... security solutions

Today’s hackers launch threats faster than your customers ...americas.as.techdata.com/na/en-us/solutions/Documents/TD-Security... · and Event Management ... security solutions

Documents
hackers 2 hackers conference III · hackers 2 hackers conference III voip (in)security integrity attacks *caller-id spoofing *problem: easily spoofable/ not always checked / systems

hackers 2 hackers conference III · hackers 2 hackers conference III voip (in)security integrity attacks *caller-id spoofing *problem: easily spoofable/ not always checked / systems

Documents
2014 Car Hackers Handbook - OpenGarages Car Hackers Handbook - OpenGarages

2014 Car Hackers Handbook - OpenGarages Car Hackers Handbook - OpenGarages

Documents
AR EXCLUSIONS AND CYBER THREATS FROM STATES AND …€¦ · War Exclusions and Cyber Threats from States and State-Sponsored Hackers Vincent J. Vitkowsky ... Richard Ledgett, a deputy

AR EXCLUSIONS AND CYBER THREATS FROM STATES AND …€¦ · War Exclusions and Cyber Threats from States and State-Sponsored Hackers Vincent J. Vitkowsky ... Richard Ledgett, a deputy

Documents
Growth Hackers

Growth Hackers

Documents
Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats and …hsharp/cis2010/ch8_book.pdf · 2008-03-08 · 8-36 Security and Outside Threats Hackers – knowledgeable computer users

Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats and …hsharp/cis2010/ch8_book.pdf · 2008-03-08 · 8-36 Security and Outside Threats Hackers – knowledgeable computer users

Documents
Protect your company data from mobile threats€¦ · security measures in place, hackers are having a heyday. Organizations are challenged with visibility into malicious threats,

Protect your company data from mobile threats€¦ · security measures in place, hackers are having a heyday. Organizations are challenged with visibility into malicious threats,

Documents
Reference Hackers

Reference Hackers

Education
Vulnerability Areas Hackers Scan For When Choosing Their Next Victim

Vulnerability Areas Hackers Scan For When Choosing Their Next Victim

Services
Hackers Attitude

Hackers Attitude

Documents
Hacking,hackers,hackin effects,top hackers,harmfull effects of hacking

Hacking,hackers,hackin effects,top hackers,harmfull effects of hacking

Education
Hackers 22

Hackers 22

Technology