Combating Cyber Crimes 2 is the 6th Nugget in the series Cyber Security Awareness Month 2017. It is important to 'STOP, THINK before CONNECTing to the Internet Resources.
2. Previous Nugget Recap
⢠We discussed Cyber Threats starting with Social Engineering which has
been proven to be the most common Cyber Threats covering about 91% of
all Threats.
⢠We looked at some of the Social Engineering types, Phishing, Spear
Phishing, Piggybacking, Watering Hole, Baiting, Pretexting, Dumpster Diving
and others.
⢠We also looked at some of the consequences and Counter Measures.
Think, Stop, Connect
3. In This Nugget:
Combating Cyber Crimes 2
⢠We would discuss more on the other Cyber Threats.
⢠We would look at Authentication Attacks, Password Attacks, Malwares,
Patch Update Issues, Disgruntled Employees, Denial of Service Attacks,
Distributed Denial of Service Attacks, Encryption Issues, Social Media,
Mobile Gadgets and others as the case may be.
⢠We would alert on Tips in attacking Ransomeware.
⢠We would look at the consequences and Countermeasures.
Stop, Think, Connect
4. Combating Cyber Crimes :
Malwares
⢠A Malware is a malicious code written by the attackers to infect and corrupt the System, its
Applications and files.
⢠The Hackers aim at profit, that is monetary gain, damage , theft of confidential Information and
in some cases just for the fun of seeing their codes doing as instructed.
⢠The Types of Malware include Virus, Worms, Trojan, Ransom ware, Polymorphic, Kiddies Script
and others.
⢠Virus: Malware program that infects the System and its Applications and then replicates to
other systems in the network with the help of a trigger which could be in form of an application
or another program. The Virus cannot function on its own, a click , user or application launch
intervention is needed for it to function and replicate.
⢠Worm: Malware program that infects and replicates itself to other systems on the network
without any form of Intervention.
⢠Trojan: A program or an application with Malware codes embedded in it. The original intent of
the User is to install an application probably meant for games or Music only to realise after
installation that it came with some Trojans that would in turn infect the application files. It is a
deceptive malware and unfortunately it is spreading like wild fire. Most Current Malwares are
embedded in legitimate applications or email attachments.
⢠Ransomeware: Ransomeware is a malware program that would infect y the system and files,
encrypt/lock them and call the Victim to pay a ransom before the files could be released.
Ransomeware has really gained a steady growth since 2013. It comes in various types, Bad
Rabbit, ExPetr (Petya and NotPetya), Wannacry, Reveton, Crypto Locker, Crypto Wall, Fusob,
and others. It is actually a type of Trojan Malware.
5. Combating Cyber Crimes :
Malwares: Counter Measures
⢠It is important to note that Malwares are the easiest ways of infecting the systems, gaining
unauthorised access and all kinds of information theft. Other attack types use Malwares in most
cases to trigger attacks. Social Engineering Malwares would be hiding inside the phishing email
attachment, Denial of Service would use Malware to flood and slow down the systems.
⢠It must be ensured that a Safeguard is consistently in place that would be ahead of Malwares.
⢠Individuals or Businesses should subscribe to an Anti-Virus Vendor with a payment plan, not to
download without charges. Most free online Anti-Virus programs come with some malicious
codes or scripts.
⢠Ensure you download and run Anti- Virus updates on daily basis.
⢠Train Users to report anomalies on Systems and Applications especially on unknown
vulnerabilities not experienced earlier by any User.
⢠Scan and preferably disable USB drives from the system.
⢠Ensure, there is always an updated policy on Bring Your Own Devices(BYOD), otherwise do not
promote BYOD into your premises, it could be dangerous.
⢠Harden your configuration settings to make it difficult for any unauthorised access.
⢠If the Malware is the type that would collate and transmit information to an email address, there
would be need to configure your SMTP(Simple Mail Transfer Protocol) to relay against Spam
both inbound and outbound.
⢠Update, Update ,Update , keep updating on daily basis especially on your critical Systems.
Think, Stop, Connect
6. Combating Cyber Crimes:
Identification, Authentication and Authorisation Issues
⢠Identification is a claim made by an entity or a person. It could be a User
Name, User Id and others.
⢠Authentication is the process of validating the claim made by an entity
or a person as an identification.
⢠Authorisation is tailored around granting access rights and the level of
access right granted to an authenticated entity or Persons.
⢠It becomes a Threat when an unauthorised entity or Person accesses a
confidential information on the online system.
⢠There are so many vulnerabilities centred around the authentication of
entities and persons.
⢠Passwords have been the most common authentication attribute and
seen as the weakest in the line of authentications.
⢠As attacks keep emerging and the bad guys keep exploiting
vulnerabilities, it became obvious that just User Name(ID) and Password
are not enough to authenticate an entity especially on critical
transactions such as Electronic Payment Systems.
⢠This led to the introduction of Multi-Factor Authentication Mechanism.
7. Combating Cyber Crimes:
Multi Factor Authentications
⢠There are three types of Authentications: Something You
know(Password), Something You have(Smart Card) and Something
You are(Biometrics).
⢠Due to the high rate of Cyber crimes emanating from unauthorised
accesses, it was mandated that a combination of any of the two
types of Authentication(Two Factor Authentication) or all three types
of Authentication(Multi Factor Authentication) should apply when
transacting online or logging into any critical system.
⢠The Multi Factor Authentication is proven to be the best Counter
Measure against Authentication loop holes.
⢠Biometrics(Behavioural and physical attributes of a person) which is
seen as something you are proves to be the best and more secured
Authentication type since it cannot be impersonated but still not
considered as the best if it is not combined with any or two other
Authentication Types.
⢠A good example is on electronic banking transactions, you first log-
in with your User Id and Password, then a token or One Time
Password for verifications.
8. Combating Cyber Crimes
Password Issues
⢠Password is a string of characters required for Authenticating a
person to access a Resource.
⢠Password is seen as ancient, most commonly used and weakest
form of Authentication. It belongs to the Something you know type of
Authentications.
⢠Passwords are prone to series of attacks such as Guessing(Brute
Forte), Searching from a list(Dictionary) and Table Look ups(Rainbow
Table) attacks.
⢠The aim of each of the Password attacks is to crack the password
and gain an unauthorised access to Information Assets and
Resources.
⢠Passwords that could be easily guessed, seen in a list of words such
as your birth date and looked up on a search could be easily cracked.
⢠Kindly visit this site on the New Password Guideline from
NIST(National Institute of Standards and Technology).
⢠http://searchsecurity.techtarget.com/answer/What-new-NIST-
password-recommendations-should-enterprises-adopt
Stop, Think, Connect
9. Combating Cyber Crimes
Passwords: Counter Measures
⢠To ensure your Password is not easily guessed or accessible by the bad guys
who could be sitting by your side, some restrictions have to be applied and
enforced.
⢠Your Password must be a minimum of eight characters with a combination of
numbers, Block and Small letters with some special characters such as
Symbols(#.@.!).
⢠The Password must be a word that you would easily remember as the owner
but quite difficult for any one to guess and crack. A good example could be
âC@t0!K1Aâ, this is a combination of CAT and KIA with interwoven symbols and
attributes. Just an example please.
⢠You must not write down your password on paper or the screen of your System .
⢠No one should have access to your password in your absence as a way of
accessing your files, the password Management Team should work on various
possibilities around such bottle Necks.
⢠A domain Controller or Active Directory kind of Architecture would promote
another User to log on to any other system on the domain but may require
certain Application privilege on the other Userâs system.
⢠There should be a Password Un-disclosure undertakings for businesses.
⢠Vendors should have a temporary password that is time-bound and expires
each day of Log-in.
10. Combating Cyber Crimes
Patches/Updates Issues
⢠A Patch is any program that is written with the view of correcting errors or
vulnerabilities existing on the System, it could be Operating System or an
Application.
⢠It is a good practice to always run a weekly vulnerability scan on the entire
systems on your network with timely remediation in mind.
⢠It is also a good practice to check for System Patches and updates on daily
basis.
⢠Ensure Critical Updates are tested on your Lab Platforms before deploying
on the Live Systems.
⢠Deployment of Updates should not be at the peak of the business time. It
should be preferably on weekends for businesses that do not run at peak
during weekends.
⢠Vulnerabilities such as Nessus, OpenVas and others are useful tools for
vulnerability scanning across the network.
Think, Stop, Connect
11. Combating Cyber Crimes :
Zero-Day Issues
⢠A Zero-day Vulnerability is an unknown error on a system Application that is
exploited by the Vendor of the System.
⢠Zero Day Vulnerabilities are mostly experienced on newly designed
applications, the bad guys are always busy in search of zero day
vulnerabilities.
⢠Users including Mobile Application Users should always be quick to report
any issue related to error or a form of security concern to the Vendor of the
Application. This could be an avenue for the bad guys to exploit if not
reported on time.
⢠It should be noted that there is no new system that does not have or come
with such vulnerabilities, the earlier it is detected by Users of the System, the
better for all Stakeholders.
⢠Once such errors are detected and reported to Vendors, please follow up on
them for a timely and prompt patch for remediation.
⢠Consistent running of system Updates could evade Zero-day Attacks.
Stop, Think, Connect
12. Combating Cyber Crimes:
Denial of Service/Distributed Denial of Service
⢠Denial of Service Attacks are series of services targeting the Availability of the system.
The aim is to deny due access to Information Assets or prevent Users from working on
their systems.
⢠There are different types of Denial of Service Attacks: Spoofing, Syn Flood, Tear Drop,
ICMP echo Flooding, Ping of Death, Smurfs, Fraggle, Botnets, SQL Injection, Man-in-the
Middle and Others.
⢠Most denial of service(DOS) attacks could be inbound(traffics coming from outside the
network) or outbound(Traffics going outside the network from inside).
⢠Distributed Denial of Service(DDOS) attacks would deny Users access from two or more
systems with floods of attacks against the User.
⢠Both DOS and DDOS could be likened to a group of individuals sitting on a web
application, the network of an Internet Service Provider to ensure maximum downtime
and lack of service to customers. Most are being paid to run down the services of a
competitor.
⢠In most cases, the systems are being slowed down due to flooding of requests without
stop, probably IP requests which would end up fragmenting and killing the system or
network as the case may be.
⢠End Point and layered Security is the best approach to Denial of Service attacks.
Preventive measures, Firewalls, Intrusion Detections, Intrusion Preventions, Penetration
Testing, Hardening of Configuration Settings, Updated patches and Anti-Malwares,
adequate IP addressing techniques(both for outbound and inbound networks),
Demilitarized Zones, Reconnaissance, Finger Printing , adequate Back-up plans would go
a long way as Counter Measures against DOS and DDOS.
13. Combating Cyber Crimes:
Disgruntled/Exited Employees
⢠Employees of any Business are seen as the source of major attacks and theft on the platforms
of the Business Firm.
⢠Most Employees are disgruntled probably feeling cheated and neglected by the Management of
the business.
⢠Those that have stayed for years without promotion, no reward on hard work, some that came
into the business as bad and notorious and others, may find it difficult promoting the cause of
the business.
⢠Exited Employees on the other hand would be more aggressive and do the worst with any little
privilege to access any platform.
⢠It is therefore important to ensure adequate Security Policies, Standards, Guidelines and
Procedures are in place before employment, on the employment and on termination of
appointment.
⢠A Background check before employment is paramount, establish a due policy on Terminating
Processes.
⢠The employeeâs logical access rights must be disabled, The Systems Admin Team should
ensure this is done seamlessly with no stone left unturned.
⢠It is the best practice for companies to deploy a Single Sign on Platform in order to reduce the
Administrative bottle necks that could pose a challenge on managing employees accesses.
⢠The remuneration should be impressive and transparent to all Stakeholders.
⢠Employees should be forced to sign undertakings on assumption , on the job and termination
stages.
⢠Sanctions should be tied to any Violation whatsoever.
14. Combating Cyber Crimes:
Encryption
⢠Encryption is the process of converting a readable(Clear Text) message to
an unreadable(Cipher Text) state.
⢠Encryption Mechanisms have been proven to be the best approach to
hiding highly confidential messages with necessary keys and algorithm to
strengthen the mechanism.
⢠It is important to note that Encryption is a preventive Technical Control
aiming at the Confidentiality aspect of the CIA triad. It protects an
Information Asset from an unauthorised Access and Undue disclosure.
⢠Encryption would also assist the business in applying Security with a level of
Obscurity. Stenography, that act of hiding information by embedding in on
another file.
⢠In most cases, Encryption comes as the second level of protection in the
Security Layer especially on stealing of the Asset.
⢠For example, a Mobile phone stolen would be useless to the thief if it is
encrypted and inaccessible by the thief, same goes with a stolen laptop with
full disk encryption on it.
⢠It is then a very good practice for individuals and businesses to deploy
encryption algorithms on their Applications, Password Tables and Manager,
Systems, Mobile Phones , Data in Transit and Data at Rest and others.
15. Combating Cyber Crimes :
Mobile Phones and Applications
⢠Mcafee reported as at the first quarter of the year 2017 about 6 million Mobile Malware targeting the various
Mobile Operating Systems especially Apple, iOS and Android.
⢠There is a tremendous increase on Mobile Device breaches.
⢠The Table in the next slide shows a table of Malware Threats on Mobile devices.
⢠Aside the tabulated attacks, BlueSnarfing(Theft of Mobile wireless Information through Bluetooth connection),
Blue Jacking(Sending of unsolicited messages from a Bluetooth to another Bluetooth devices such as Mobile
Phones, PDAs, Tablets and others), and Eavesdropping(Silent listening of voice conversations made on
phones).
⢠The rate of unwarranted remote monitoring is at an alarming rate using Mobile Devices. The bad guys have
gone as far as installing a persistent tracking and surveillance software on their mobile devices for all round
the clock monitoring.
⢠Breaches on Mobile Apps could go on and on as the rate of abuse is innumerable, pornography is being
highly promoted via Mobile Gadgets.
⢠It is also reported that the security around the Mobile devices is becoming more difficult but there would
always be a way out.
⢠Users should always change the default settings on buying any device.
⢠Subscribe to the Phone Manufacturerâs Logging and Phone Tracking features in cases of lost.
⢠Encrypt and always back up your Mobile data, the bad guys would find it useless if they succeed with
stealing.
⢠Never relent on running updates on the Operating Systems and various Apps as the case may be.
⢠Always protect your gadget with a Pouch.
⢠Use screen locks and PINs to prevent unauthorised accesses.
⢠Donât settle with the Default Settings unless it covers your security concerns. It is a good practice to change
default settings.
17. Combating Cyber Crimes:
Advanced Persistent Threats
⢠Advanced Persistent Threat is a kind of threat that grants the criminal an
unauthorised access to the network, Web Application and System Platforms.
⢠The Attacker tarries on the system for a long time once an unauthorised
access is gained on the System probably through social Engineering attack.
⢠The intent is to steal company data for monetary gain not for damage.
⢠An initial access could be gained through Social Engineering, the attacker
quickly uses the access granted to fetch more useful log-in information of
other Users and in the long run creates a back door on the system.
⢠He could be transmitting outbound Data on daily basis and still go unnoticed.
⢠End Point Security, Intrusion Detection and Prevention should apply here
even though they may not be evaded and traceable.
⢠Anomalies on the Outbound data could alert the Network team.
⢠Everything still boils down to Layered Security, end-user training and
awareness as once an unauthorised access is granted it could be fatal and
difficult to detect since the access was through a legitimate User. Logging
and Monitoring would also go a long way.
18. Combating Cyber Crimes:
Social Media
⢠The challenges on Social Media has become quite enormous and threatening.
⢠It has become so easy to search for people using just the first Name through Social Media.
⢠Social Media has become the easiest way to get the information of Victims and to track their
movements and locations.
⢠Issues of abuse of Personal Privacy by sharing personal data on the social media without
permission and consents from the Data Owners.
⢠You have cases of the bad guys hacking into the profile of Victims and using it to launch Posts.
⢠The good news is that Most of these Social Media Providers are now updating and remediating
the security flaws around their Platforms.
⢠You are entitled to share your security concern at any time with these Providers at their various
support centers.
⢠Always ensure you read the privacy statements thoroughly before raising issues on Security.
⢠It is also advisable that you check your the privacy and Security settings of each of these
platforms, donât settle with the defaults.
⢠Kindly visit the following links on the Privacy and Security settings of Facebook and Linkedin :
⢠https://www.facebook.com/settings?tab=privacy
⢠https://www.facebook.com/settings?tab=security
⢠https://www.facebook.com/safety Study the Safety Centre for various Privacy and security
descriptions
⢠https://www.facebook.com/safety/policies
⢠https://www.facebook.com/safety/tools
⢠https://www.linkedin.com/psettings/
19. Combating Cyber Crimes:
Employees Collusion
⢠Employees Collusion is a process where two or more employees with different levels of Access
Rights agreeing to join their levels of access rights to commit fraud on the System.
⢠The brain behind Collusion is where one employeeâs access right probably as one only inputting
into the system could not complete a transaction, the other employee with a higher level of
access probably an Authoriser would make it up and successfully complete the Transaction.
⢠Employees on Collusions could rend down and liquidate the company if it is not noticed on time.
⢠Employees should not be allowed on the same role for too long. Imbibe the culture shuffling
them round the other roles.
⢠Promote the culture of mandatory Vacation, no employee is indispensable.
⢠Monitoring and logging would go a long way in tracing anomalies even though this would be
difficult to trace.
⢠Apply dual authentication techniques (Two people to login to a system at the same time with a
joined password or any other authentication type ) on most critical Systems. This would deter
further.
⢠You can as well extend your level of transactions approval processes to the Head of
Department meaning that the fraud could be detected at the final vetting of the Group Head
except if the group head is in the collusion as well.
Stop, Think, Connect
21. Combating Cyber Crimes:
In Summary
⢠Wow! we looked at the various threats that
could pose around your systems and online
Platforms.
⢠Kindly take time to study each aspect and
work around the Counter Measures.
⢠It is generally advised that Users should
always âSTOP and THINK before
CONNECTing Online.
⢠The best measure is to always PLAY and
STAY SAFE Online!
⢠We hope this helps.....
Stop, Think, Connect
22. See You on the Nuggets
Wrap-Up!
Thank You
Chinatu Uzuegbu
CISSP, CISM, CISA, CEH, ITIL, MCSE
Think, Stop, Connect