Best Practices to Address Online and Mobile Threats

Best Practices to Address Online and Mobile Threats

Best Practices to Address Online and Mobile Threats prepared by members of the london action plan and m3aawg october 15, 2012 3 This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported Licence http://creativecommons.org/licenses/by-nd/3.0/deed.en_US ©2012 LAP and M3AAWG. Table of Contents Executive Summary .....................................................................................................................2 Malware and Botnets ...........................................................................................................2 Phishing and Social Engineering .........................................................................................3 Internet Protocol and Domain Name System Exploits ......................................................3 Mobile Threats .....................................................................................................................4 Conclusion ...........................................................................................................................4 Introduction: The Evolution of Online Threats ..........................................................................5 Section 1 Malware and Botnets ..................................................................................................6 The Malware and Botnet Threat Landscape – Present and Future Outlook ....................7 Best Practices for Addressing Malware ..............................................................................11 Section 2 Phishing and Social Engineering ..............................................................................19 The Phishing Landscape ....................................................................................................19 Best Practices to Counter Phishing and Social Engineering ............................................24 Section 3 Domain Name System and Internet Protocol Exploits ............................................27 Background ........................................................................................................................27 DNS Exploits and Best Practices .......................................................................................28 Section 4 Mobile Threats ..........................................................................................................34 The Mobile Environment ...................................................................................................34 Particular Threats and Best Practices ................................................................................ 35 Cross-particular Issues and Best Practices .......................................................................43 Conclusion ................................................................................................................................ 46 Glossary .....................................................................................................................................47 Contributors ..............................................................................................................................48 Footnotes .................................................................................................................................. 49 Executive Summary Internet and mobile technology affects The primary focus of this report is not only to study the almost every facet of our day-to-day lives risks in the online and mobile environment that threaten consumers, businesses and governments every day, but and is part of almost every business also to suggest best practices to address these threats. model. As technology has become The focus is on four major areas: integrated into our lives, our dependence on computers and mobile devices has Malware and Botnets grown. We use the devices to connect to Malware and Botnets are the major threats to the family and friends, shop and bank online, Internet economy. Malicious software or “malware” is created or used by criminals to disrupt computer engage with civic agencies and elected operations, gather sensitive information, or gain access officials, interact with business colleagues to private computer systems. Botnets are groups of and partners, streamline supply chains machines infected with malware that communicate (often through a complex network of infected computers) and deliver just-in-time products from to coordinate their activity and collect the information manufacturing facilities to retails outlets. the individual malware infections yield. Imagine the With a growing dependency and rapid computing power and bandwidth capabilities that come with being able to control over one million computers. migration of commercial transactions to online and mobile platforms come Criminals are continuously changing their malware to avoid its detection and remediation. Consequently, threats from cybercriminals. most Anti-Virus (A/V) software has difficulty identifying Cybercriminals profit from sending spam, phishing, emerging and recent threats. A growing proportion of injecting malware onto websites, spreading botnets, malware can detect that it is being “monitored” while it redirecting Internet traffic to malicious websites, and is running, perhaps by an anti-virus researcher, and will inserting spyware onto computers and handheld devices. alter its behaviour to make it more difficult for malware experts to analyze its functions. Some malware will The economic impact of these endless attacks is not even respond to attempts to monitor and analyze it by easily measured, be it by country or on a global scale as counter-attacking with a DDoS. losses from cybercrime often go unreported or under reported by victims, financial institutions that cover Because of this, it is becoming increasingly difficult the expense of the loss, or by businesses that incur for the online security community to keep pace with everything from defence and remediation costs to the malware threat environment. service downtime due to Distributed Denial of Service (DDoS) attacks. <<-- 2 -->> Phishing and Social Engineering Internet Protocol and Domain Phishing refers to techniques that are used by malicious Name System Exploits actors to trick a victim into revealing sensitive personal, A variety of illegal activities use vulnerabilities associated corporate, or financial information. with the Domain Name System (DNS) and Internet Protocol (IP) addresses. The most serious DNS exploits Phishing has been steadily increasing in frequency, are resolver exploits, in which bad actors introduce sophistication, and damage since it emerged as a threat forged data to redirect Web and other traffic to false in the mid 1990s, and it is showing no signs of abating. versions of popular websites. These exploits cause As well, the type of data sought through phishing has an elevated risk because in many cases consumers are grown increasingly more valuable, evolving from simple completely unaware that they have been redirected to a access to email and consumer bank accounts that incur fake site rather than the one they actually wanted to visit. individual losses in the thousands of dollars, to current- day high-value targets. High-value targets, such as Every computer on the Internet has an IP address, which corporate executives with access to corporate accounts, is used to identify that computer much as telephones special privileges, or corporate bank information, are identified by telephone numbers. Traditional IP have been used to produce catastrophic single-event addresses, known as IPv4 (Internet Protocol version 4) intellectual property and financial losses of several addresses, are 32-bit binary numbers, invariably written millions of dollars, with an untold number of events as four decimal numbers, such as 64.57.183.103. occurring annually. The first part of the address, in this case 64.57.183, often identifies the network, and the rest of the address, in Although phishing is not new, increases in the number, this case 103, the particular computer (“host”) on the targeting, and sophistication of the attacks in recent network, although these days, classless inter-domain years represent an ever increasing threat to companies, routing (CIDR) has eroded that traditional division. governments, and consumers as well as eroding overall confidence in the digital economy. Defences Since IP addresses are hard for humans to remember, must be coordinated to leverage open, transparent, and are tied to physical networks, the DNS is a distributed multi-stakeholder solutions to maximize effectiveness, database of names that let people use names like minimize costs, and increase public trust. www.google.com rather than the corresponding IP address 173.194.73.105. Despite its enormous size, the DNS gets excellent performance by using delegation and caches. That is, different organizations are each responsible for their part of the domain name system, and end-sites remember recent DNS results they’ve received. Since it would be impractical to store all of the names in the DNS in a single database, it is divided into zones that are stored on different servers, but logically linked together into an immense interoperable distributed database. <<-- 3 -->> Mobile Threats With the advent of the smartphone and the application domain name (while physically hosting that website markets for Android, Apple and Blackberry devices, in France). Credit card payments for orders might be the e-commerce environment has grown to

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    52 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us