DOCSLIB.ORG

Overcoming Inevitable Risks of Electronic Communication

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Overcoming inevitable risks of electronic communication This page is unintentionally left blank. This publication may be cited as: Teemu Väisänen, Lorena Trinberg and Nikolaos Pissanidis, 2016, “I accidentally malware - what should I do… is this dangerous? Overcoming inevitable risks of electronic communication”, NATO CCD COE, Tallinn, Estonia. This publication is a product of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre). It does not necessarily reflect the policy or the opinion of the Centre, NATO, any agency or any government. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication. Information has been obtained by the Centre from sources believed to be reliable. However, because the possibility of human or mechanical error by our sources, the Centre, or others, the Centre does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the result obtained from the use of such information. Digital or hard copies of this publication may be produced for internal use within NATO and for personal or educational use when for non- profit and non-commercial purpose, provided that copies bear a full citation. Exception: Figure 27 is under Creative Commons http://creativecommons.org/licenses/by-sa/3.0/ www.ccdcoe.org [email protected] This study is the result of the ‘Unsecurable Systems Research’ -project of NATO CCD COE’s Program of Work (POW) 2015. The research purpose was to address the security concerns related to I) users who are exposed to the public and who cannot always follow the best security practices and II) legacy systems. In I) the professional positions of the users require different actions, such as opening attachments sent by not verified sources. Users are from public relations (PR), human resource management (HR) and from other posts exposed to public. It is assumed that devices used by such users are more likely to get infected at some point than devices used by normal employees, so additional protection techniques are required. The assumed audience of this study is security officers designing secure systems, system administrators managing security in systems, and managers to gain information about the existing technologies and required resources. Results of the study can be implemented by integrating the described techniques to existing systems (or processes) to improve their level of security. They can also be used to design new systems and might provide ideas for new security controls and mitigation techniques. The NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) is an international military organisation accredited in 2008 by NATO’s North Atlantic Council as a ‘Centre of Excellence’. Located in Tallinn, Estonia, the Centre is currently supported by the Czech Republic, Estonia, France, Germany, Greece, Hungary, Italy, Latvia, Lithuania, the Netherlands, Poland, Slovakia, Spain, Turkey, the United Kingdom and the USA as Sponsoring Nations, and Austria and Finland as Contributing Participants. The Centre is neither part of NATO’s command or force structure, nor is it funded by NATO. However, it is part of a wider framework supporting NATO Command Arrangements. NATO CCD COE’s mission is to enhance capability, cooperation and information sharing between NATO, NATO member states and NATO’s partner countries in the area of cyber defence by virtue of research, education and consultation. The Centre has taken a NATO-oriented interdisciplinary approach to its key activities, including academic research on selected topics relevant to the cyber domain from the legal, policy, strategic, doctrinal and/or technical perspectives, providing education and training, organising conferences, workshops and cyber defence exercises, and offering consultations upon request. For more information on NATO CCD COE, visit the Centre’s website at http://www.ccdcoe.org. It is a common security policy not to open links1 or files coming from unknown senders via email2, instant messaging (IM)3, or social networking services (SNS). When these messages or websites contain known malware4, they can be automatically deleted and never shown to the receiver. There are different policies and techniques to handle such messages; they can be blocked, deleted, stored to spam folders, the receiver is or is not notified, messages can be filtered and modified so that only the malicious files or links are removed, and so on. If the messages or links contain unknown malware, the approach to handle them must be different, because the security tools do not detect the security threat. Even though files or links received from unknown senders may appear to be benevolent, they still might be malicious. It is possible that links open websites that only serve malicious content for a brief period or for certain types of visitors. Many of these unknown senders are just normal human users and received messages harmless, but some may actually be hostile: for example, adversaries might use stolen accounts and/or employ botnets5 to send messages. In normal situations malicious messages should not be opened. However, there are people who have to, or want to, open such links and files. Ordinarily, they are opened using specific clients or web browsers to access web pages from the World Wide Web (WWW). For example, it is possible that: secretaries need to read and reply to applications originating from unknown contacts, conference program committee members have to review abstracts and publications, and malware researchers want to discover previously unknown malware or understand the behaviour of botnets. Therefore a security policy where trust is only given to known contacts cannot be employed. Instead good technical solutions must be developed to mitigate threats arising from the described scenarios. In this study, two types of environment are analysed. In the first, it is assumed that baseline security controls are present. This means that administrative privileges are controlled, devices and software (SW) are inventoried, configurations are correct, software in devices within the environment is up-to-date and patched, data recovery is handled properly, backups work, etc. Of course, even up-to-date systems normally still contain several unknown, but exploitable, vulnerabilities6, configurations can be done incorrectly, and users can make mistakes, all of which result in infected systems. The second type of environment includes legacy systems, which usually contain a wider range of known exploitable vulnerabilities and thus cause additional risks7 and require more security controls. The aim of this study is to find mitigation techniques for a number of risks resulting from the usage of systems that will eventually become infected. The study was done by analysing usage scenarios, their actors, the assets to be secured, related threats, suitable mitigation mechanisms, threats lacking sufficient mitigation mechanisms, and describing novel mitigation mechanisms. The key results of this study are a set of threat descriptions related to various attack phases, existing mitigation mechanisms, proposed improvements for existing mitigation mechanisms, and novel mitigations. In addition, the most suitable mitigation techniques are assessed with regard to different attack/defence phases. A mitigation technique may be categorised according to: whether it can be used before the breach, whether it can protect against the actual compromise or during or after the breach, or whether it may be used in more than one attack phase. 1 This study defines a link as any Uniform Resource Identifier (URI) using zero or more registered or unregistered scheme component. 2 It is still common that emails are not end-to-end secured. Some techniques used for securing emails are: Pretty Good Privacy (PGP), Secure/Multipurpose Internet Mail Extensions (S/MIME), and/or Domain Keys Identified Mail (DKIM) [1, p. 592]. 3 The same applies to many IM solutions. For example, Extensible Messaging and Presence Protocol (XMPP) lacks native end-to-end encryption support, but many extensions and protocols, such as Off-the-Record Messaging (OTR), can be used to improve XMPP security. 4 Malware is code that is used to perform malicious actions [2]. 5 A botnet is a group of co-opted infected devices (known as bots or zombies) under control of an adversary (known as a botherder or botmaster) [3]. Botnets might use multiple automated propagation vectors [4] and they can be described as coordinated malware that exhibits group behaviour in communication and/or activities [5, p. 82]. 6 RFC 4949 [6] defines a vulnerability as a flaw or weakness in a system’s design, implementation, or operation and management that may be exploited to violate the system’s security policy. 7 On the other hand, for example, ICS networks are considered to be more defensible than normal enterprise IT systems [7]. Väisänen, Trinberg, Pissanidis 2016 1 The results of this study can be implemented into existing systems (or processes) by integrating the described security controls8, countermeasures9 and mitigation mechanisms in order to improve their level of security. The results can also be used to design new systems and might provide ideas for new security controls and mitigation techniques. The study proposes that in addition to the baseline security
Recommended publications
  • Theendokernel: Fast, Secure

    Theendokernel: Fast, Secure

    The Endokernel: Fast, Secure, and Programmable Subprocess Virtualization Bumjin Im Fangfei Yang Chia-Che Tsai Michael LeMay Rice University Rice University Texas A&M University Intel Labs Anjo Vahldiek-Oberwagner Nathan Dautenhahn Intel Labs Rice University Abstract Intra-Process Sandbox Multi-Process Commodity applications contain more and more combina- ld/st tions of interacting components (user, application, library, and Process Process Trusted Unsafe system) and exhibit increasingly diverse tradeoffs between iso- Unsafe ld/st lation, performance, and programmability. We argue that the Unsafe challenge of future runtime isolation is best met by embracing syscall()ld/st the multi-principle nature of applications, rethinking process Trusted Trusted read/ architecture for fast and extensible intra-process isolation. We IPC IPC write present, the Endokernel, a new process model and security Operating System architecture that nests an extensible monitor into the standard process for building efficient least-authority abstractions. The Endokernel introduces a new virtual machine abstraction for Figure 1: Problem: intra-process is bypassable because do- representing subprocess authority, which is enforced by an main is opaque to OS, sandbox limits functionality, and inter- efficient self-isolating monitor that maps the abstraction to process is slow and costly to apply. Red indicates limitations. system level objects (processes, threads, files, and signals). We show how the Endokernel Architecture can be used to develop enforces subprocess access control to memory and CPU specialized separation abstractions using an exokernel-like state [10, 17, 24, 25, 75].Unfortunately, these approaches only organization to provide virtual privilege rings, which we use virtualize minimal parts of the CPU and neglect tying their to reorganize and secure NGINX.
  • The Evolution of Ransomware

    The Evolution of Ransomware

    The evolution of ransomware SECURITY RESPONSE The evolution of ransomware Kevin Savage, Peter Coogan, Hon Lau Version 1.0 – August 6, 2015 Never before in the history of human kind have people across the world been subjected to extortion on a massive scale as they are today. CONTENTS OVERVIEW ..............................................................................3 Key information ......................................................................5 Types of ransomware .............................................................5 How ransomware has evolved ...............................................7 Targets for ransomware .......................................................13 Systems impacted by ransomware ......................................14 Ransomware: How it works ..................................................18 Ransom techniques ..............................................................27 How widespread is the problem of ransomware .................33 What does the future hold for ransomware? .......................37 Conclusion ............................................................................45 Appendix ..............................................................................47 Mitigation strategies ............................................................51 Symantec detections for common ransomware families 54 Resources .............................................................................56 OVERVIEW Never before in the history of human kind have people across the world been
  • Impact Analysis of System and Network Attacks

    Impact Analysis of System and Network Attacks

    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by DigitalCommons@USU Utah State University DigitalCommons@USU All Graduate Theses and Dissertations Graduate Studies 12-2008 Impact Analysis of System and Network Attacks Anupama Biswas Utah State University Follow this and additional works at: https://digitalcommons.usu.edu/etd Part of the Computer Sciences Commons Recommended Citation Biswas, Anupama, "Impact Analysis of System and Network Attacks" (2008). All Graduate Theses and Dissertations. 199. https://digitalcommons.usu.edu/etd/199 This Thesis is brought to you for free and open access by the Graduate Studies at DigitalCommons@USU. It has been accepted for inclusion in All Graduate Theses and Dissertations by an authorized administrator of DigitalCommons@USU. For more information, please contact [email protected]. i IMPACT ANALYSIS OF SYSTEM AND NETWORK ATTACKS by Anupama Biswas A thesis submitted in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE in Computer Science Approved: _______________________ _______________________ Dr. Robert F. Erbacher Dr. Chad Mano Major Professor Committee Member _______________________ _______________________ Dr. Stephen W. Clyde Dr. Byron R. Burnham Committee Member Dean of Graduate Studies UTAH STATE UNIVERSITY Logan, Utah 2008 ii Copyright © Anupama Biswas 2008 All Rights Reserved iii ABSTRACT Impact Analysis of System and Network Attacks by Anupama Biswas, Master of Science Utah State University, 2008 Major Professor: Dr. Robert F. Erbacher Department: Computer Science Systems and networks have been under attack from the time the Internet first came into existence. There is always some uncertainty associated with the impact of the new attacks.
  • Checks to Avoid Malware Protect Your Laptop with Security Essentials

    Checks to Avoid Malware Protect Your Laptop with Security Essentials

    What is Malware? Malware is software that can infect you computer and can be a virus or malicious software that can harm & slow your system or try to steal your personal information. To help avoid malware follow the check list below. Checks to avoid Malware Check you have updated Antivirus software installed such as Microsoft Security Essentials Install and run an Anti-Malware program such as Malwarebytes Uninstall any Peer 2 Peer software such as Limewire or Vuze Be careful with email attachments and never respond to mails asking for your password Protect your Laptop with Security Essentials Microsoft Security Essentials is a free antivirus software product for Windows Vista, 7 & 8. It pro- vides protection against different types of malware such as computer virus, spyware, rootkits, trojans & other malicious software. Download & install Security Essentials from the following link http:// www.microsoft.com/security_essentials/ Clear Infections using Malwarebytes Malware bytes is free to download & install from http://www.malwarebytes.org Once installed it is recommended that you run a Full Scan of your laptop to check for any malware that may reside on the system. Once complete, follow the on screen instructions to finish removing any threats found. You should regularly run updates and scans to ensure your system remains clean. It is also advisable to scan external storage devices such as USB keys as they can spread infections. If the above criteria are fully met, ISS staff at the service desk on the ground floor of the library are happy to investigate problems on your laptop For more information go to http://www.dcu.ie/iss ISS online service desk: https://https://iss.servicedesk.dcu.ie Follow ISS on Twitter @ISSservice .
  • Tutorial Blogspot Plus Blogger Templates

    Tutorial Blogspot Plus Blogger Templates

    Tutorial Blogspot Plus Blogger Templates To Bloggers Everywhere 1 2 Contents Contact Us 25 Cara daftar Gmail 25 Cara daftar Blogger pertama kali 27 Cara login ke blogger pertama kali 28 Kontrol panel blogger (dashboard) 29 Cara posting di blogger 30 Halaman Pengaturan (menu dasar) 31 Banyak malware yang ditemukan google 32 Google ! Mesin pembobol yang menakutkan 32 Web Proxy (Anonymous) 33 Daftar alamat google lengkap 34 Google: tampil berdasarkan Link 37 Oom - Pemenang kontes programming VB6 source code 38 (www.planet-sourc... Oom - Keyboard Diagnostic 2002 (VB6 - Open Source) 39 Oom - Access Siemens GSM CellPhone With Full 40 AT+Command (VB6 - Ope... Oom - How to know speed form access (VB6) 40 Para blogger haus akan link blog 41 Nama blog cantik yang disia-siakan dan apakah pantas nama 41 blog dipe... Otomatisasi firewalling IP dan MAC Address dengan bash script 43 Firewalling IP Address dan MAC Address dengan iptables 44 Meminimalis serangan Denial of Service Attacks di Win Y2K/XP 47 Capek banget hari ini.. 48 3 daftar blog ke search engine 48 Etika dan cara promosi blog 49 Tool posting dan edit text blogger 52 Setting Blog : Tab Publikasi 53 Wordpress plugins untuk google adsense 54 Google meluncurkan pemanggilan META tag terbaru 54 “unavailable after” Setting Blog : Tab Format 55 Melacak posisi keyword di Yahoo 56 Mengetahui page ranking dan posisi keyword (kata kunci) anda 56 pada S... Percantik halaman blog programmer dengan "New Code 57 Scrolling Ticke... 20 Terbaik Situs Visual Basic 58 BEST BUY : 11 CD Full Source Code Untuk Programmer 60 Tips memulai blog untuk pemula 62 Lijit: Alternatif search untuk blogger 62 Berpartisipasi dalam Blog "17 Agustus Indonesia MERDEKA" 63 Trafik di blog lumayan, tapi kenapa masih aja minim komentar? 64 Editor posting compose blogger ternyata tidak "wysiwyg" 65 Google anti jual beli link 65 Tips blogger css validator menggunakan "JavaScript Console" 65 pada Fl..
  • Easybuild Documentation Release 20210907.0

    Easybuild Documentation Release 20210907.0

    EasyBuild Documentation Release 20210907.0 Ghent University Tue, 07 Sep 2021 08:55:41 Contents 1 What is EasyBuild? 3 2 Concepts and terminology 5 2.1 EasyBuild framework..........................................5 2.2 Easyblocks................................................6 2.3 Toolchains................................................7 2.3.1 system toolchain.......................................7 2.3.2 dummy toolchain (DEPRECATED) ..............................7 2.3.3 Common toolchains.......................................7 2.4 Easyconfig files..............................................7 2.5 Extensions................................................8 3 Typical workflow example: building and installing WRF9 3.1 Searching for available easyconfigs files.................................9 3.2 Getting an overview of planned installations.............................. 10 3.3 Installing a software stack........................................ 11 4 Getting started 13 4.1 Installing EasyBuild........................................... 13 4.1.1 Requirements.......................................... 14 4.1.2 Using pip to Install EasyBuild................................. 14 4.1.3 Installing EasyBuild with EasyBuild.............................. 17 4.1.4 Dependencies.......................................... 19 4.1.5 Sources............................................. 21 4.1.6 In case of installation issues. .................................. 22 4.2 Configuring EasyBuild.......................................... 22 4.2.1 Supported configuration
  • Strider Web Security

    Strider Web Security

    Adversarial Web Crawling with Strider Monkeys Yi-Min Wang Director, Cyber-Intelligence Lab Internet Services Research Center (ISRC) Microsoft Research Search Engine Basics • Crawler – Crawling policy • Page classification & indexing • Static ranking • Query processing • Document-query matching & dynamic ranking – Diversity • Goals of web crawling – Retrieve web page content seen by browser users – Classify and index the content for search ranking • What is a monkey? – Automation program that mimics human user behavior Stateless Static Crawling • Assumptions – Input to the web server: the URL • Stateless client – Output from the web server: page content in HTML • Static crawler ignores scripts Stateful Static Crawling • We all know that Cookies affect web server response • HTTP User-Agent field affects response too – Some servers may refuse low-value crawlers – Some spammers use crawler-browser cloaking • Give crawlers a page that maximizes ranking (=traffic) • Give users a page that maximizes profit Dynamic Crawling • Simple crawler-browser cloaking can be achieved by returning HTML with scripts – Crawlers only parse static HTML text that maximizes ranking/traffic – Users’ browsers additionally execute the dynamic scripts that maximize profit • Usually redirect to a third-party domain to server ads • Need browser-based dynamic crawlers to index the true content Search Spam Example: Google search “coach handbag” Spam Doorway URL = http://coach-handbag-top.blogspot.com http://coach-handbag-top.blogspot.com/ script execution led to redirection
  • Hostscan 4.8.01064 Antimalware and Firewall Support Charts

    Hostscan 4.8.01064 Antimalware and Firewall Support Charts

    HostScan 4.8.01064 Antimalware and Firewall Support Charts 10/1/19 © 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco public. Page 1 of 76 Contents HostScan Version 4.8.01064 Antimalware and Firewall Support Charts ............................................................................... 3 Antimalware and Firewall Attributes Supported by HostScan .................................................................................................. 3 OPSWAT Version Information ................................................................................................................................................. 5 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.890.0 for Windows .................................................. 5 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.890.0 for Windows ........................................................ 44 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.824.0 for macos .................................................... 65 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.824.0 for macOS ........................................................... 71 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.730.0 for Linux ...................................................... 73 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.730.0 for Linux .............................................................. 76 ©201 9 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
  • Crimeware on the Net

    Crimeware on the Net

    Crimeware on the Net The “Behind the scenes” of the new web economy Iftach Ian Amit Director, Security Research – Finjan BlackHat Europe, Amsterdam 2008 Who Am I ? (iamit) • Iftach Ian Amit – In Hebrew it makes more sense… • Director Security Research @ Finjan • Various security consulting/integration gigs in the past – R&D – IT • A helping hand when needed… (IAF) 2 BlackHat Europe – Amsterdam 2008 Today’s Agenda • Terminology • Past vs. Present – 10,000 feet view • Business Impact • Key Characteristics – what does it look like? – Anti-Forensics techniques – Propagation methods • What is the motive (what are they looking for)? • Tying it all up – what does it look like when successful (video). • Anything in it for us to learn from? – Looking forward on extrusion testing methodologies 3 BlackHat Europe – Amsterdam 2008 Some Terminology • Crimeware – what we refer to most malware these days is actually crimeware – malware with specific goals for making $$$ for the attackers. • Attackers – not to be confused with malicious code writers, security researchers, hackers, crackers, etc… These guys are the Gordon Gecko‟s of the web security field. The buy low, and capitalize on the investment. • Smart (often mislead) guys write the crimeware and get paid to do so. 4 BlackHat Europe – Amsterdam 2008 How Do Cybercriminals Steal Business Data? Criminals’ activity in the cyberspace Federal Prosecutor: “Cybercrime Is Funding Organized Crime” 5 BlackHat Europe – Amsterdam 2008 The Business Impact Of Crimeware Criminals target sensitive business data
  • Electronic Mail Haibo Zhang Computer Science, University of Otago

    Electronic Mail Haibo Zhang Computer Science, University of Otago

    COSC301 Network Management and Security Lecture 14: Electronic Mail Haibo Zhang Computer Science, University of Otago COSC301 Lecture 14: Electronic Mail 1 Today’s Focus Electronic Mail -- How does it work? -- How to manage it? -- How to ensure security & privacy? COSC301 Lecture 14: Electronic Mail 2 What is an email? • A formatted file in ASCII code • Consists of Mail From: [email protected] • Envelope RCPT To: [email protected] envelope • Header From: Haibo Zhang To: Zhiyi Huang Date: 01/01/2015 header • Body Subject: Meeting Dear Zhiyi, Could we have a meeting on this Friday? body Cheers, Haibo COSC301 Lecture 14: Electronic Mail 3 Components in Email Architecture • User Agent (UA) – For users to compose, send, and browse emails – pine, Mail, ThunderBird • Mail Transport Agent (MTA) – Emails are handed to it for delivery – sendmail, exim • Mail Access Agent (MAA) – Retrieve message from mailbox COSC301 Lecture 14: Electronic Mail 4 Email Architecture User mail app User Agent local host host local Agent mail app MTA sendmail sendmail MTA MTA MTA server server relay Internet relay MTA MTA Mail server Mail server COSC301 Lecture 14: Electronic Mail 5 Email Protocols • SMTP (Simple Mail Transfer Protocol) – Email delivery protocol between two MTAs – Used twice: between the sender and the sender’s mail server and between the two mail servers • Mail fetching protocols – Between the receiver and its mail server – Post Office Protocol (POP): simple but limited in functionality – Internet Mail Access Protocol (IMAP): more features, more
  • Overlaymeter: Robust System-Wide Monitoring and Capacity-Based Search in Peer-To-Peer Networks

    Overlaymeter: Robust System-Wide Monitoring and Capacity-Based Search in Peer-To-Peer Networks

    OverlayMeter: Robust System-wide Monitoring and Capacity-based Search in Peer-to-Peer Networks Inaugural-Dissertation zur Erlangung des Doktorgrades der Mathematisch-Naturwissenschaftlichen Fakultät der Heinrich-Heine-Universität Düsseldorf vorgelegt von Andreas Disterhöft aus Duschanbe in Tadschikistan Düsseldorf, März 2018 aus dem Institut für Informatik der Heinrich-Heine-Universität Düsseldorf Gedruckt mit der Genehmigung der Mathematisch-Naturwissenschaftlichen Fakultät der Heinrich-Heine-Universität Düsseldorf Berichterstatter: 1. Jun.-Prof. Dr.-Ing. Kalman Graffi 2. Prof. Dr. Michael Schöttner Tag der mündlichen Prüfung: 24.09.2018 Abstract In the last decade many peer-to-peer research activities have taken place. Applications using the peer-to-peer paradigm are present and their traffic, depending on the region, accounts fora significant proportion of the total traffic on the Internet. The defined goal of the systemsisto deliver a certain quality of service, which is a challenge in decentralized systems. This is due to the fact that participants have to make decisions based on their locally available information. In order to make the best decisions, a solid and extensive data basis is indispensable. For this purpose the literature on the field of p2p networks proposes monitoring the system, an approach that we follow in this work. Monitoring refers to the gathering and dissemination of system- and peer-specific data. This dissertation deals with open research questions for the improvement and extension of monitoring approaches. Furthermore, issues to simplify procedures for putting such peer-to-peer systems into operation are addressed in this work. In the first part we deal with monitoring procedures in the system-specific context.
  • 7/26/2018 1 Grand Prize Don't Forget to Fill out Your Card! Overview

    7/26/2018 1 Grand Prize Don't Forget to Fill out Your Card! Overview

    The information provided here is for informational and educational purposes and current as of the date of publication. The information is not a substitute for legal advice and does 7/26/2018 not necessarily reflect the opinion or policy position of the Municipal Association of South Carolina. Consult your attorney for advice concerning specific situations. Anatomy of a Ransomware Attack Presented by Matt Hooper Session #1 Grand Prize Don't forget to fill out your card! 2 Overview Ransomware attacks are unfortunately common. Learn what they are, how to avoid an attack and what to do if your city is targeted. 3 1 7/26/2018 Security Breach Statistics . The government vertical in the US has become the largest group to suffer loss due to data breaches . On average, 57 confidential records are lost every second ...that’s 4,924,800 records per day . Almost 1.5 billion were lost in the month of March 2018 . The average cost for organizations reporting data breaches was $3.62 million dollars per breach . Security experts believe the majority of data breaches are either undetected or unreported! 4 What is Ransomware? Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.