Can you tell if your computer has been compromised?
Cyber Security is a practice which intends to protect computers, networks, programs and data from unintended or unauthorized access, change or destruction
More than 50% of the world's population is actively connected to the internet.
Cyber Security is becoming a fundamental requirement for every business organization worldwide. We are all susceptible to this new frontier of crime and it is our responsibility to be prepared.
2. An industry leader in technology solutions for audit, security, business process controls monitoring, data
analysis and compliance.
Founded in 1998.
Offices in Kingston, Jamaica and Port‐of‐Spain, Trinidad
Over 150 clients across 15 countries in the Caribbean
2
4. Do you know if your organization is secure?
What security strategy does your organization have in place?
How quickly can you recover from an attack?
When was the last time you updated your passwords?
Do you use the same password for all of your accounts?
Do you have your data backed up and can you easily restore it?
Do you frequently use open Wi-Fi networks?
Do you have anti-virus and anti-malware software installed?
Do you always check and install the latest updates for your operating system and
software?
4
6. February: Cloudbleed: the internet infrastructure company Cloudflare announced
that a bug in its platform caused random leakage of potentially sensitive customer
data.
March: Thousands of documents detailing the CIA’s efforts and methodologies for
hacking into iPhones, Android devices and Smart TVs, were released.
April: Shadow Brokers released a Windows exploit known as EternalBlue, which
hackers have since used to infect targets in two high-profile ransomware attacks.
May: Wannacry
June: Petya/NotPetya/Nyetya/Goldeneye
6
9. • BATTLEFIELD – Where the conflict occurs
• Anywhere with connected computing resources
9
Corporate Network
Financial Internet Banking
Social Media
Business
Personal Life
10. What is Cyber Security?
Why Cyber Security?
Cyber Attack?
10
11. Survey and assess
Exploit and penetrate
Escalate privileges
Maintain access
Deny service
11
12. Identity theft, fraud, extortion
Malware (spyware, Trojans and viruses)
Pharming, phishing, spamming
Social Engineering
Stolen hardware, such as laptops or mobile devices
Denial-of-service and distributed denial-of-service attacks
12
13. Injection attacks
Buffer Overflow
Man-in-the-middle/Sniffing
Password attack (Brute force or dictionary)
Website defacement
Private and public Web browser exploits
Social Media Threat/Instant messaging abuse
Vulnerability exploitation
13
15. What is ransomware?
Where did ransomware originate?
How much are victims expected to pay?
By the FBI’s estimates, ransomware cost companies worldwide a total of US$1
billion in 2016, making it the most profitable malware type in the history of
cybercrime.
15
24. Keep an eye out for phony email messages.
Things that indicate a message may be fraudulent are:
misspellings,
poor grammar
odd phrasings
Web site addresses with strange extensions
Web site addresses that are entirely numbers where there are normally words, and
anything else out of the ordinary.
24
28. ● Users
● Authentication (username & password)
● P@ssw0rds: How weak are they?
Combine this reality with the fact that in most cases, the password is something
like “123456” or “password” and it’s easy to see just how backwards password-
based “security” really is.
28
29. 29
More than 50 % of people use the top
25 most common passwords,
according to password manager
Keeper, with a significant 17 % -
almost one in five - of all users
having "123456" as their protective
code.
31. Mobile security hasn’t progressed as fast as smartphone adoption and use.
Five common ways mobile devices are breached:
Device loss or theft
Unsecured networks: Infected Wi-Fi networks
Malicious Apps
Phishing
Unaware users: No passwords, No firmware updates
31
32. Apps download
Install a “find my phone” app & antivirus
Consider the access permissions for apps
Ensure phone has access control measures
Update apps and operating system
Use VPNs if connecting to public networks
Establish Application control and whitelisting
32
34. 34
A Slow Computer
Sometimes, a slow computer means that your system has been infected. Malware tends to slow down your computer’s
operating system, making applications unusually slow.
A Crashing Computer
If you find that applications or your entire computer often crashes unexpectedly, it may be infected with malware.
Annoying Pop-ups
Getting unwanted pop-ups is a sign that your computer has been infected. Often the malware causing the pop-ups is
doing further damage to your computer in the background.
Fake Email/Social Media Messages
If your friends/colleagues tell you that they have received messages from you that you didn’t send, your computer is
likely infected with malware and it is trying to infect other people.
Unexpected Software
If you notice software on your computer that was recently downloaded without your permission, it is likely a
malicious program.
Disabled Antivirus Software
Certain types of malware will disable your antivirus software when your computer becomes infected.
35. Password:
Don’t use your login name
Don’t use your personal information such as last name, first name
Don’t use numbers significant to you or someone close to you
Don’t use passwords based on simple keyboard patterns
Don’t share passwords
Do not turn off security applications
Do not let unknown people touch your computer/device
Do not give out your password to anyone including IT Staff
Do not use insecure wireless connections
Do not open an unknown website or link
Do not open an email attachment unless you are certain
35
36. Strong passwords
Keep your passwords in a safe place and try not to use the same password for every
service you use online.
Use a Password Manager
Change passwords on a regular basis
Stay out of Bad Neighbourhoods
Don't Fall for Pop-ups
Screen your email
Keep your devices current with the latest patches and updates
36
37. Protect your computer with security software - firewall, antivirus, anti-malware
Backup your data
Check your financial accounts regularly to ensure no fraudulent activity has taken
place.
Do the Two-Step: Many companies now offer two-factor authentication, or two-step
verification, for your online accounts.
Be wary of wireless hot-spots
Be wary of applications and files downloaded from the internet
37
38. Do not provide personal, financial or other confidential information through email.
When entering information on a website, check the domain’s security.
Pay attention to the URL of the site you visit, there can be slight variations to the
domain name to cause red flags. I.e. spelling or .com vs .org, etc.
Use secure connections - Encryption: Websites should use SSL (secure socket
layer) to encrypt data
38
40. Implement a formal information security governance approach
Stop data loss by implementing a data loss prevention/protection solution
Perform periodic penetration assessment
Implement mobile device management software to control all devices.
Perform employee security awareness training periodically to educate and train users
Monitor user activity to detect possible insider threats
Establish a backup strategy to continuously backup and protect data
Implement a patch management strategy to update software and systems automatically
Establish a data classification strategy to identify and classify critical information system
assets.
Create and document contingency plans and procedures, based on business and security
impacts.
40
41. User is ultimately responsible.
We all have a role to play in Cybersecurity
The only system which is truly secure is one which is switched off and unplugged
Get Tested !! Ensure a Security Strategy have been defined
41
Do you use strong passwords consisting of upper and lower-case letters, numbers and special characters?
Do you access secure information on open networks?
Bases for graphics on this page: 1,523 UK businesses (excluding agriculture, forestry and fishing businesses, and mining and quarrying businesses); 597 who say online services are not at all core to their business; 781 who identified a breach or attack in the last 12 months; 930 who spend money on cyber security.
Cyber Security Breaches Survey 2017 | Summary report
Impact if not secure
MARCH: Thousands of documents detailing the CIA’s efforts and methodologies for hacking into iPhones, Android devices and Smart TVs, were released.
• APRIL: The Shadow Brokers threat group released a dump containing NSA exploits and hacking tools, considered to be the most damaging release yet, due to the number of exploits made available,
• MAY: The WannaCry ransomware was poorly written, was not packed, was not obfuscated, and contained the peculiar ‘Kill Switch.’ And yet, this malware exhibited extraordinary lateral movement capabilities, based largely on the Shadow Brokers leak and more specifically the EternalBlue exploit for Windows SMB. The leaked code served to upgrade a simple ransomware into one of the most influential global attacks observed in recent years, impacting a large proportion of public and civil facilities.
Three of the main malware categories: banking, mobile and ransomware
Cyber Security is a practice which intends to protect computers, networks, programs and data from unintended or unauthorized access, change or destruction
Everything is going on the web
More than 50% of the worlds population is connected to the internet
Major systems are connected to the internet
Cyber attack is an illegal attempt to gain something from a computer system. These can be classified as either web-based or system-based attacks
For an attacker, the easiest way into an application is through the same entrance that legitimate users use for example, through the application's logon page or a page that does not require authentication.
Pharming is a cyber attack intended to redirect a website's traffic to another, fake site.
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
Spam: 60 to 70 percent of email is spam, and much of that is phishing attacks looking to trick users out of their logon credentials.
Social Engineering is a non-technical method that relies heavily on human interaction and often involves tricking people into breaking security procedures
Buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold
Buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold
Social Media: Facebook, Twitter, LinkedIn or their country-popular counterparts. Social media threats usually arrive as a rogue friend or application install request. Corporate hackers love exploiting corporate social media accounts for the embarrassment factor to glean passwords that might be shared between the social media site and the corporate network. Many of today’s worst hacks started out as simple social media hacking. Don’t underestimate the potential.
Unpatched Software: software with (available but) unpatched vulnerabilities. The most common unpatched and exploited programs are browser add-in programs like Adobe Reader and other programs people often use to make surfing the web easier.
Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it. Typically, it involves hackers stealing your data, encrypting it and demanding payment in exchange for the encryption key.
Ransomware can also lock you out of your operating system or prevent certain apps from running, such as your email client, web browser or instant messenger which affects the overall productivity of your employees.
Where did ransomware originate? The first documented case appeared in 2005 in the United States, but quickly spread around the world
How does it affect a computer? The software is normally contained within an attachment to an email that masquerades as something innocent. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on there – such as photographs, documents or music
How much are victims expected to pay? The ransom demanded varies. Victims of a 2014 attack in the UK were charged £500. However, there’s no guarantee that paying will get your data back
• Jaff ransomware stands out in our global and regional top ransomware charts, as among senior ransomware families such as Cryptowall, Locky and Cerber, which have dominated the ransomware landscape for over a year, Jaff only emerged in May 2017. A key reason for this ransomware’s vast distribution is the fact that it has been spread by one of the largest spam botnets ever observed – the notorious Necurs botnet.
Checkpoint Mid-Year Report (Cyber Attack Trends 2017)
HummingBad, an Android malware estimated to have touched over 85 million devices worldwide, was recently found in 46 new applications, 20 of which had even made their way into the official Play Store, passing Google's security checks.
Checkpoint Mid-Year Report
Zeus Virus (or Zeus Trojan malware) is a form of malicious software that targets Microsoft Windows and is often used to steal financial data.
XcodeGhost is a new iOS malware arising from a malicious version of Xcode, Apple's official tool for developing iOS and OS X apps.
(Cyber Attack Trends 2017)
2017 COST OF CYBER CRIME STUDY
The global average cost of cyber crime over five years US dollars
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
Additionally, phishing messages will often tell you that you have to act quickly to keep your account open, update your security, or urge you to provide information immediately or else something bad will happen. Don't take the bait.
I think of an effective phishing email as a corrupted work of art: Everything looks great; it even warns the reader not to fall for fraudulent emails. The only thing that gives it away is the rogue link asking for confidential information.
Passwords are your first line of defense when it comes to security.
Users have countless passwords to remember, some used daily, others that might be only used once or twice a year. Trying to remember a unique password for each of a dozen or more applications is simply unreasonable for most folks, so they don’t. Instead they reuse the same password across various sites apps and services
Passwords are your first line of defense when it comes to security.
Passwords are poor security - but compounding the risk is the fact that a single password is often re-used across multiple apps.
Passphrase. Passphrases are both more secure than passwords and they’re easier to remember.
Two-Factor Authentication. In this option, after a username/password combination is verified, a unique code or URL is either emailed or texted to the person trying to sign in.
Passwordless. The person signing in only has to remember their username, email or phone number, and they receive a unique code to complete the sign-in, with no password needed. The code sent expires quickly or after use.
Biometric. The use of fingerprints, retina scans, facial recognition, voice recognition and more is where authentication seems to be heading.
Hydra commands: e nsr – try “n” null password, “s” login as password and/or “r” reversed login
-f exit after the first found login/password pair
Mobile security hasn’t progressed as fast as smartphone adoption and use, making it a vulnerable area for attacks.
While hackers can only phish you through email on your computer, hackers can phish you through emails, texts, social media and calls to your mobile phone. They usually disguise themselves as a trusted organization, such as your mobile carrier, bank, or government to get your personal information.
Encrypt the data on your phone/Use two factor authentication.
While hackers can only phish you through email on your computer, hackers can phish you through emails, texts, social media and calls to your mobile phone. They usually disguise themselves as a trusted organization, such as your mobile carrier, bank, or government to get your personal information.
Encrypt the data on your phone/Use two factor authentication.
Keylogger is a type of surveillance spyware that can record messages, emails and keystrokes to a log file
Cookie Theft
Password Attack
How can you tell if your computer has been compromised?
Do not use the same password on all accounts.
Using different password variations.
Fix ourselves, then a bigger organization
Stay out of Bad Neighbourhoods - Going to hacker sites, viewing adult content or going to sites that you know are scams put you at higher risk for a cyberattack than staying with more trusted sites.
Before deploying any new devices in a networked environment, change all default passwords for applications, operating systems, routers, firewalls, wireless access points, and other systems to have values consistent with administration-level accounts.
Use and configure account lockouts such that after a set number of failed login attempts the account is locked for a standard period of time.
Regularly check for and install software updates. You can have Windows automatically check and install updates on a scheduled basis.
IPS, HIPS, Web Control
Online offers that look too good to be true usually are.
Configure all systems to use encrypted channels for the transmission of sensitive information such as passwords over a network.
Protect web applications by deploying web application firewalls that inspect all traffic flowing to the web application
Have you been compromised?
How do we ensure the following at a corporate level
Run automated vulnerability scanning tools against all systems on an information security system. Perform these scans on a weekly or more frequent basis.
After Strategy, deployment, get tested
Control design
Get them assessed
Perform periodic penetration assessment
Subject matter experts