A Small Business and Internet User’s Guide to Cyber Attacks

E: BANK 456 789 A SMALL BUSINESS AND INTERNET USER'S GUIDE TO CYBER ATTACKS OVERVIEW Millions of cyber attacks occur every day Targeting: Individuals Small Major Corporations Your Grandma Governmental Businesses Agencies MOST COMMON TYPES OF CYBEPR ATTACKS: 55% Phishing and social engineering 46% Denial of Service and Botnets 43% Advanced Malware/Zero Day Attacks 33% Traditional Viruses and Malware 31% Compromised devices 25% Malicious Insider 16% Application-level attacks 12% Web-based attack (Numbers add up to more than 100% due to many attacks utilizing multiple channels) THE BAD GUYS: Most major organization cyber attacks are inside jobs: Origin of attacker Inadvertent Insider: Actor: 60% 15.5% Outsider: 40% Malicious Insider: 44.5% Though individuals and small businesses are often targeted indiscriminately en masse. Мust-kuow CVBER ATTACK МЕТНОDS O BUFFER OVERFLOW YEAR DISCOVERED: 1970 LANGUAGES: C, C++, Fortran, Assembly OPERATING SYSTEMS: All NAME EMAIL [email protected] Jay Leno JLXXXXXXXXN0@malicious_code.exe DESCRIPTION: When a program seeks to place data in or beyond a buffer – often from input that is much longer than the implementer of the code intended - By overflowing a buffer, attackers bypass input restrictions, often introducing a return pointer on the stack that points to the overflowed data can crash a attackers malicious code. program, invoke malicious behaviors, or corrupt data. COMMON CAUSES: • Code that relies on external data to control its behavior • Code that depends on data properties beyond its immediate scope FALLOUT: • Crashed Program • Corrupted Data • Execution of • Code too complex for the programmer to accurately predict behavior malicious Code 9 EXPLOIT KITS YEAR DISCOVERED: 2006 SETTING: Browsers, outdated browser plugins and software (particularly Flash and Adobe Reader) www.ReputableSite.com DESCRIPTION: Insecure websites load malicious websites in iframes, or malicious advertisements send users to malicious websites. Once on the malicious sites, users' browsers are scanned to locate MALICIOUS AD outdated software and plugins. Malware suited to the users machine is then downloaded. +C www.InfectedSite.com FALLOUT: Odd behavior from software or hardware Site that has loaded a malicious site in an iframe. COMMON EXPLOIT KITS: Angler EK RIG EK Nuclear EK Magnitude EK Hanjuan EK Neutrino EK YEAR DISCOVERED: 1974 TROJANS SETTING: Operating System NetBus, a famous trojan from the 90's, was installed Hea 1.20. e DESCRIPTION: Trojans are one of the most prevalent social engineering ploys, rhot Ope C through pretending to be a whack-a-mole M pes where a malicious Litan game. Once installed attackers could application (or part of an application) is portrayed as a benign application. Once users install the "trojan" application, the malicious software can provide a back-door into your computer, destroy records, etc. e coneecten control the infected computer. COMMON CAUSES: • Downloading unknown software • Opening an image that is an executable with a changed final extension • Downloading trojan video codes to view videos on shady sites YEAR DISCOVERED: 1988 WORMS SETTING: Software, Email, Hardware, P2P Networks, Social Networks, The Stuxnet worm is one of the most famous. This Israeli-US joint cyberweapon was used to attack and control programmable logic centers in Iranian nuclear centrifuges. By using zero-day security holes in Windows and Siemens software, the worm was Compromised Sites, Operating Systems DESCRIPTION: Worms are a type of trojan that can replicate themselves and travel from system to system. They do this through not needing a host file to latch onto. Rather, once arriving and executing on a host system, they can do a variety of tasks, including dropping other malware, copying able to control centrifuges and cause them to physically tear themselves apart by rapidly spinning. FALLOUT: • Further Malware infection • Stopping or crashing of system • Disabling of Safe Mode • Enabling of back-doors • Missing files themselves onto attached SYSTEM ERROR devices, deleting files, and using bandwidth. YEAR DISCOVERED: 1987 PHISHING SETTING: Email, Instant Messaging Malevolent Websites USPS: Failed Package Delivery Online Banking Alert: Your Account will be Deactivated. United States District Court: Subpoena in a civil case DESCRIPTION: Phishing is a social engineering-based hack in which attackers attempt to obtain sensitive information including identities, banking information, or indirect payment through fraudulently pretending to be a trustworthy entity reaching out through Remember me? It's John Doe from Jackson High! Ready for CAMPUS SECURITY NOTIFICATION your Hawaiian vacay? electronic communication. Success for attackers may be accomplished by unwitting opening of attachments and execution of malware, or manual entry of information FALLOUT: that is sent to attackers. Over $5 billion in fraudulently stolen funds in 2014 YEAR DISCOVERED: 1974 DDOS Distributed Denial of Service SETTING: An online service or website + C www.Netflix.com DESCRIPTION: DDOS attacks are performed by applications which target web-based services or ERROR 503 websites with overwhelming amounts of fake traffic or SERVICE UNAVAILABLE information requests. If successful, the volume of these requests overwhelms the capacity of a service provider, effectively denying service to normal consumers. The Server is temporarily unauailable, try again later. FALLOUT: Disruption of an online service or website availability YEAR DISCOVERED: 1980's BANSOMWARE SETTING: Operating System DESCRIPTION: Ransomware is a form of cyber attack to locks users out of their computer and/or often encrypts users personal files, offering to unlock the computer and decrypt files if the user pays a ransom. FALLOUT: Effectively kidnapping your files and ability to log onto a computer until the ransom is paid or (often) the computer is restored to a point before the attack. YEAR DISCOVERED: 2008 POINT OF SALE SETTING: Retail Point of Sale Machines, ATMS DESCRIPTION: Point of Sale malware software obtains briefly unencrypted credit and debit card information from the RAM of credit card reading machines. The credit or debit card information is saved in text format and then retrieved at a later date by sending the information to an external server. Information is often sold, not FALLOUT: Stolen personal and financial information used by the hackers themselves. YEAR DISCOVERED: PASSWORN E PUPS Mobile Potentially Unwanted Program Mid 2000's SETTING: Smart Phones FALLOUT: DESCRIPTION: While not WEEKEND • Rapidly draining batteries • Hard to use phone • Potential information Sale always malicious, mobile PUPS rely on users trusting of phone applications they enjoy the functionality of. While parts of the application may provide the desired services, potentially unwanted programs are off theft SALE CUPER SÄLE bundled that have the capacity to take over the mobile experience, offering up near constant ads, displaying ads even when the app isn't active, using the phone to mine bitcoins, or obtain other information about the user. Brought to you by WWW.CYBERSECURITYDEGREES.COM blog.malwarebytes.com/threat/ www.owasp.org/index.php/Buffer_Overflow www.webroot.com/blog/2017/04/06/7-dangerous-subject-lines/ www.sophos.com/en-us/medialibrary/pdfs/other/apt-infographic.pdf?cmp3D70130000001xIObAAM techgenix.com/the_netbus_trojan/ www.webroot.com/blog/2017/04/06/7-dangerous-subject-lines/ a4-images.myspacecdn.com/images04/4/a8edfce90651476986b63c53b5c06913/full.jpg blog.malwarebytes.com/threats/point-of-sale-pos/ CIB