Cybersecurity – Know The Threats & How To Mitigate Them

Sam Chawkat COO Dynamic Network Solutions Background u Providing IT consulting to organizations of various sizes across several states and regions since 1996 u Our focus is in our slogan, We Take I.T. Personally u We don’t focus on just the tech, we focus on the customer experience and customer satisfaction u Dynamic Network Solutions is your “one stop shop” helping organizations with IT, cabling, AV, security, cameras, and phone systems. If it plugs in or turns on we can take care of it Cybersecurity is Safety

Security: We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology. Lets Discuss The Type Of Threats That Exist Importance of Cybersecurity

û The internet allows an attacker to work from anywhere on the planet.

û Risks caused by poor security knowledge and practice:

ó Identity Theft

ó Monetary Theft

ó Legal Ramifications (for yourself and your organization)

ó Sanctions or termination if policies are not followed

û According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are:

ó Web Browser

ó IM Clients

ó Web Applications

ó Excessive User Rights User Awareness

System Administrators Some scripts appear useful to manage networks… Cracker: Computer-savvy Posts to programmer creates Hacker Bulletin Board attack softwar e SQL Injection Buffer overflow Password Crackers Script Kiddies : Unsophisticated Password Dictionaries computer users who know how to execute programs Successful attacks! Crazyman broke into … CoolCat penetrated… Criminals: Create & sell bots -> generate spam Malware package earns $1K-2K Sell credit card numbers, 1 M Email addresses earn $8 etc… 10,000 PCs earn6 $1000 Leading Threats

u Viruses u Worms u Trojan Horses / Logic Bombs u Social Engineering u Rootkits u Botnets / Zombies u Randsomware Viruses

û A virus attaches itself to a program, file, or disk.

û When the program is executed, the virus activates and replicates itself. Program A û The virus may be benign or malignant but executes its payload at some point (often upon contact).

ó Viruses can cause computer crashes and loss of data. Extra Code

û In order to recover or prevent virus attacks:

ó Avoid potentially unreliable websites/emails.

ó System Restore. infects ó Re-install operating system.

ó Use and maintain anti-virus software.

Program B Worms

u Independent program that replicates itself and sends copies from computer to computer across network connections. u Upon arrival, the worm may be activated to replicate.

To Joe To Ann To Bob

Email List: [email protected] [email protected] [email protected] Logic Bombs and Trojan Horses u Logic Bomb: Malware logic executes upon certain conditions. The program is often used for otherwise legitimate reasons. u Examples: u Software which malfunctions if maintenance fee is not paid. u Employee triggers a database erase when he is fired. u Trojan Horse: Masquerades as a benign program while quietly destroying data or damaging your syste m. u Download a game: It may be fun but contains hidden code that gathers personal information without your knowledge. Social Engineering

u Manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems. Email: ABC Bank has Phone Call: noticed a This is John, problem with the System In Person: your account… Administrator. What ethnicity What is your are you? Your I have come password? mother’s to repair maiden name? your and have machine… some lovely software patches!

11 Phishing: Counterfeit Email u A seemingly trustworthy entity asks for sensitive information such as SSN, credit card numbers, login IDs or passwords via e-mail. Pharming: Counterfeit Web Pages

Wiping over, but not clicking the link may reveal a different Misspelled address.

With whom? Copyright date is old

u The link provided in the e-mail leads to a counterfeit webpage which collects important information and submits it to the owner. u The counterfeit web page looks like the real thing

u Extracts account information 13 Botnet

û A botnet is a number of compromised computers used to create and send spam or viruses or flood a network with messages as a denial of service attack.

û The compromised computers are called zombies.

14 Man In The Middle Attack u An attacker pretends to be your final destination on the network. When a person tries to connect to a specific destination, an attacker can mislead him to a different service and pretend to be that network access point or server.

15 Rootkit

û Upon penetrating a computer, a hacker may install a collection of programs, called a rootkit. û May enable:

ó Easy access for the hacker (and others)into the enterprise

ó Keystroke logger û Eliminates evidence of break-in. û Modifies the operating system. Password Cracking

Dictionary Attack and Brute Force

Pattern Calculatio Result Time to Guess n (2.6x10 18 tries/month) Personal Info: interests, relatives 20 Manual 5 minutes Social Engineering 1 Manual 2 minutes American Dictionary 80,000 < 1 second 4 chars: lower case alpha 26 4 5x10 5 8 chars: lower case alpha 26 8 2x10 11 8 chars: alpha 52 8 5x10 13 8 chars: alphanumeric 62 8 2x10 14 3.4 min. 8 chars alphanumeric +10 72 8 7x10 14 12 min. 8 chars: all keyboard 95 8 7x10 15 2 hours 12 chars: alphanumeric 62 12 3x10 21 96 years 12 chars: alphanumeric + 10 72 12 2x10 22 500 years 12 chars: all keyboard 95 12 5x10 23 16 chars: alphanumeric 62 16 5x10 28 Threats From Password Cracking u Access to email to send messages to authorize funds transfers u If same password is used for other systems access to sensitive information such as customer information u Access to systems to quietly steal funds from organization u Example u Cloud based HR systems such as Workday or Zenefits allows employees to manage their benefits and items such as direct deposit information u These systems can be integrated with Office365/Gsuite so the same username and password can be used with both systems u In Jan 2019 security experts released reports showing attackers are now using social engineering efforts to gain access to an employee’s mailbox, see that the organization uses Workday, use the same credentials to access the HR system, change the employees direct deposit account for their paycheck and steal funds from the organization quietly only to be noticed by the employee on their next pay cycle What is Ransomware? u A malicious application written to generate revenue by simply disabling access to files, programs, or complete system. u A ransom note is usually displayed informing the user that if they wish to gain access to their machine or files they will have to first pay a ransom usually in bitcoin currency u With most Ransomware infections, there is a small chance of being able to recover the data or applications without having to pay the Ransom!

u Why do hacker groups keep writing these ransomware variants? Because Its Working! How Does Ransomware Work? Surprise! Questions

Why do malicious organizations continue to make and distribute ransomware?

What's one new thing you learned so far?

When you were a kid what did you want to be when you grew up? Recommended Best Practices For Threat Prevention Best Practices to avoid these threats

uses multiple layers of defense to address technical, personnel and operational issues.

User Account Controls Prevention Step 1: Patch Policy & Schedule u Policy to patch systems within the organization not just operating systems but applications as well u Schedule on when patching occurs on a weekly basis u Management platform to push, install, and monitor patch health for the machines in the organization u Removal of machines from network that are no longer under software support, example Windows XP u Note: Microsoft will end support for Windows 7 Jan 2020 Prevention Step 2: Gateway Security Firewall/Router

u The basic function of your firewall/router no longer helps to prevent this threat u Gateway antivirus and gateway malware subscription services installed, monitored, and updated u Geo-blocking strategies Prevention Step 3: Endpoint Security u Central monitored and managed endpoint security for catching infections on machines u Updated and monitored for infections u All devices on your network should have an endpoint security product or they should not be on your network u Guests on guest networks u BYOD devices on guest networks Prevention Step 4: Training/Education u Educate staff on the importance of knowing trusted websites and email senders to click links or open files u If they don’t know the person or file or link, don’t click it u Once a year training with staff on security best practices and knowing who to contact when a security issue has been raised u Put your staff to the test with monthly mock security threats to see how they are performing

u What is the largest security threat for YOUR organization? Prevention Step 4: Training/Education Answer It’s Your STAFF! Prevention Step 5: Lockdown Access u Locking down machines preventing end users from installation of software u Should they click and run something it will add another level of protection not allowing malicious software to install u Limits software installations to be performed by IT after verified no malicious impact Prevention Step 6: Strong Passwords & MFA

Make passwords easy to remember but hard to guess u USG standards: u Be at least ten characters in length u Must contain characters from at least two of the following four types of characters: u English upper case (A-Z) u English lower case (a-z) u Numbers (0-9) u Non-alphanumeric special characters ($, !, %, ^, …) u Must not contain the user’s name or part of the user’s name u Must not contain easily accessible or guessable personal information about the user or user’s family, such as birthdays, children’s names, addresses, etc. Prevention Step 6: Strong Passwords & MFA

u A familiar quote can be a good start: “LOVE IS ASMOKE MADE WITH THE FUME OF SIGHS” William Shakespeare

u Using the organization standard as a guide, choose the first character of each word:

u LIASMWTFOS u Now add complexity the standard requires: u L1A$mw TF 0S (10 characters , 2 numerals , 1 symbol , mixed English case : password satisfies all 4 types). u Or be more creative! Prevention Step 6: Strong Passwords & MFA u Never use admin, root, administrator, or a default account or password for administrative access. u A good password is: u Private: Used by only one person. u Secret: It is not stored in clear text anywhere, including on Post-It ® notes! u Easily Remembered: No need to write it down. u Contains the complexity required by your organization. u Not easy to guess by a person or a program in a reasonable time, such as several weeks. u Changed regularly: Follow organization standards. u Avoid shoulder surfers and enter your credentials carefully! If a password is entered in the username field, those attempts usually appear in system logs. Prevention Step 6: Strong Passwords & MFA u What does MFA stand for? u Multi Factor Authentication u Its what you know and what you have u Consider implementing for your organization to prevent attacks Office 365 MFA Setup Instructions Multi Factor Authentication – MFA Office 365 Multi Factor Authentication – MFA Office 365 Multi Factor Authentication – MFA Office 365- Mobile App

38 Prevention Step 7: Backup, Backup, Backup

u Important data should never reside on machines but rather on servers or cloud resources, backups are your last line of defense u Multi day backups should occur for your data and server infrastructure u Not just nightly backups u Backups of critical staff machines are recommended u Backups should consist of onsite and cloud copies and more than one backup strategy should be considered u Data in the cloud should also be backed up to alternate location, cloud to cloud backups u Is your backup: u Recent? u Off-site & Secure? u Process Documented? u Encrypted? u Tested? Identifying Security Compromises

û Symptoms:

ó Antivirus software detects a problem.

ó Disk space disappears unexpectedly.

ó Pop-ups suddenly appear, sometimes selling security software.

ó Files or transactions appear that should not be there.

ó The computer slows down to a crawl.

ó Unusual messages, sounds, or displays on your monitor.

ó Stolen laptop: 1 stolen every 53 seconds; 97% never recovered.

ó The mouse pointer moves by itself.

ó The computer spontaneously shuts down or reboots.

ó Often unrecognized or ignored problems. Malware detection • Spyware symptoms: • Changes to your browser homepage/start page. • Ending up on a strange site when conducting a search. • System-based firewall is turned off automatically. • Lots of network activity while not particularly active. • Excessive pop-up windows. • New icons, programs, favorites which you did not add. • Frequent firewall alerts about unknown programs when trying to access the Internet. • Poor system performance. Sam Chawkat Chief Operations Officer Dynamic Network Solutions (301) – 591 – 9609 X104 [email protected] www.dnsolutions.com