Cyber Security is everybody`s responsibility

advertisement
THINK BEFORE YOU CLICK!
Cyber Security is
everybody’s responsibility
Don Winaker
Network Security Manager
dwinake1@jhu.edu
We know what those thieves are after.
But Johns Hopkins isn’t a store or a bank.
What would people want to steal from us?
84.2% of all incoming
email messages are
dropped due to SPAM,
viruses, phishing, etc.
Per Day:
4,000,068
Per Hour:
166,669
Per Second:
46
Unauthorized attempts
to access our internal
networks blocked
Per Day:
75,545,460
Per Hour:
3,147,727
Per Second:
874
Inbound network
connections blocked
due to malware*
Per Day:
88,405
Per Hour:
3,684
Per Second:
1
Outbound network
connections blocked
due to malware*
Per Day:
882,310
Per Hour:
36,763
Per Second:
10
Johns Hopkins has technology in
place that deflects many attacks
Technology can provide
prevention and detection
Technical Tools

Can’t reason or exercise judgment

Can only detect broad trends

Must quickly sort through more than 2 billion daily
events

Have to be configured, monitored, and maintained by …
people!
Technology is great and has made
our lives and jobs easier, but …

What is Johns Hopkins Network Security
doing today ?
 Extensive Deployment of Cisco Firewalls
 Automated Blacklisting
 Nessus Vulnerability scanning
 Sourcefire Intrusion Detection and Prevention
systems installed
 JWatch – Intel Security incident and Event
Management
 LanCope – network traffic flow monitoring
Is this enough ?
Technology can’t do it all
Humans

Can make connections between different pieces of
information that don’t seem related but indicate a
trend

Can recognize when seemingly normal behavior just
doesn’t look or sound quite right

Can adapt quickly to new information and emerging
attacks and threats

Provide a principal preventive control
People are the first and most
important line of cyber defense
If you know where to look and have the right level of access,
vast amounts of information are available with just one click
People hold the
keys to the kingdom
What are the most
common types of attack?
Social Engineering
Phishing
Malware
SOCIAL ENGINEERING

Type of confidence trick or con job

Uses psychological manipulation to trick people to bypass
normal security procedures

Often relies on natural helpfulness of people

One step in a more complex fraud scheme

From 2009-2011, 48% of large businesses suffered
attacks costing between $25,000-$100,000 per incident
How do cyber criminals try to get
information from us?
PHISHING
SPEAR PHISHING

Often sent in an email

Targeted phishing attack

Pretends to be from an
official source

Attacker has specific target
in mind

Directs users to enter
credentials into a fake
web site

Uses details about the
target to sound more
legitimate

Warn or threaten of
consequences for failure
to act

May present a problem and
try to elicit sympathy and
get a helpful response
How do cyber criminals try to get
our login credentials?
How can you tell if it’s phishing?

Asks you to reply to an email or go to a web site and
enter in personally identifiable information

Asks you to click a link to install software (malware)

Directs you to a URL that is not a Johns Hopkins
address (but might look like one) or starts with an IP
address

Creates a sense of urgency by warning or threatening
that something bad will happen if you don’t comply

Is badly written, including misspelled words or poor
grammar
Be skeptical when you read email
Phishing email examples
MALicious SoftWARE
 Gets installed on your system and
performs unwanted tasks
 Designed to disrupt, damage, steal
information, take control, create bots
 Many different types:
◦ Virus and worm (infectious)
◦ Rootkit, Trojan Horse, Backdoor (RAT – remote
access tool)
◦ Keylogger, Spyware (steal information)
◦ Ransomeware (extortion)
◦ Dialer, Adware (generate funds)
◦ Hybrids and variations
If you never fall for a phishing
attack then you are safe, right?
You could usually avoid malware if
you were careful with your email


90% of malware
comes from web
browsing today – only
6% comes from email
The biggest threat to
corporate networks is
employees clicking on
infected web pages
But not anymore
A 'drive-by-download'
attack is a malware
delivery technique that is
triggered just because
you visited a website.
You don’t need to click or
accept any software, and
the malicious code can
download in the
background to your
device.
Drive-by download attack
 One of the top 600 most popular web sites
on the Internet – Law of Large Numbers
 Used the RedKit exploit kit to look for
vulnerable versions of Adobe Reader,
Acrobat, Java
 Vulnerable computers were infected with
malware:

◦ Citadel (spyware) targets financial account details
◦ ZeroAccess (adware) generates fake pay-per-view
revenues for botnet controllers or their clients

This version of Citadel was at the time only
recognized by 3 out of the 46 antivirus
programs on virustotal.com
Anatomy of the NBC.com Infection
McAfee Labs catalogs 100,000 new malware
samples every day 69 new pieces of malware a minute!
Number of unsafe websites detected by Google
Google blocks 10,000 per day, and 42,000 new malware sites are detected each week
But I’m safe since I only visit
legitimate web sites!
Top 10
Infected
Web Site
Types
80% are
legitimate
sites
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Blogs 19.8%
Web hosting 15.6%
Business and economy 10%
Shopping 7.7%
Education and reference 6.9%
Technology, computer, Internet 6.9%
Entertainment and music 3.8%
Automotive 3.8%
Health and medicine 2.7%
Porn 2.4%
Mainstream Websites More Likely
to Harbor Malware 2013 Cisco Annual Security Report
• Keep application and operating system
patches up-to-date
• Don’t click on unknown links or attachments
• Don’t trust sites that ask for your cell phone
number or require you to create a login
account
• Keep anti-virus/anti-spyware up to date
Malware Bottom Line
The internet is
overwhelmingly a
power for good
It provides cheap and easy access every moment
of every day to vast amounts of information and
entertainment, and it is transforming the nature of
government and commerce.
However …
You hold the keys
to the kingdom
THINK BEFORE YOU CLICK!
Cyber Security is
everybody’s responsibility
Questions?
Don Winaker
Network Security Manager
dwinake1@jhu.edu
Download