BEWARE OF HACKERS How vulnerable are we? Steve Herriman Purchasing & IT Manager CYBERTERRORISM DEFENSE INITIATIVE: COMPLETE CYBERTERRORISM DEFENSE (CCD) “IN THE WILD” MONITOR http://www.securitywizardry.com/radar.htm TYPES OF HACKERS • A white hat hacker breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software. The term "white hat" in Internet slang refers to an ethical hacker. This classification also includes individuals who perform penetration tests and vulnerability assessments within a contractual agreement. The EC-Council, also known as the International Council of Electronic Commerce Consultants, is one of those organizations that have developed certifications, courseware, classes, and online training covering the diverse arena of Ethical Hacking. • A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005). Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". Black hat hackers break into secure networks to destroy, modify, or steal data; or to make the network unusable for those who are authorized to use the network. Black hat hackers are also referred to as the "crackers" within the security industry and by modern programmers. Crackers keep the awareness of the vulnerabilities to themselves and do not notify the general public or the manufacturer for patches to be applied. Individual freedom and accessibility is promoted over privacy and security. Once they have gained control over a system, they may apply patches or fixes to the system only to keep their reigning control. Richard Stallman invented the definition to express the maliciousness of a criminal hacker versus a white hat hacker who performs hacking duties to identify places to repair. • A grey hat hacker is a combination of a black hat and a white hat hacker. A grey hat hacker may surf the Internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. They may then offer to correct the defect for a fee. WHAT IS A TROJAN VIRUS? • Trojans are malicious programs that perform actions that have not been authorized by the user. These actions can include: • Deleting data • Blocking data • Modifying data • Copying data • Disrupting the performance of computers or computer networks HOW TROJAN HACKING PROGRAMS CAN IMPACT YOU • Trojans are classified according to the type of actions that they can perform on your computer: • Backdoor A backdoor Trojan gives malicious users remote control over the infected computer. They enable the author to do anything they wish on the infected computer – including sending, receiving, launching and deleting files, displaying data and rebooting the computer. Backdoor Trojans are often used to unite a group of victim computers to form a botnet or zombie network that can be used for criminal purposes. • Exploit Exploits are programs that contain data or code that takes advantage of a vulnerability within application software that’s running on your computer. • Rootkit Rootkits are designed to conceal certain objects or activities in your system. Often their main purpose is to prevent malicious programs being detected – in order to extend the period in which programs can run on an infected computer. • Trojan-Banker Trojan-Banker programs are designed to steal your account data for online banking systems, e-payment systems and credit or debit cards. HOW TROJAN HACKING PROGRAMS CAN IMPACT YOU • Trojan-DDoS These programs conduct DoS (Denial of Service) attacks against a targeted web address. By sending multiple requests – from your computer and several other infected computers – the attack can overwhelm the target address… leading to a denial of service. • Trojan-Downloader Trojan-Downloaders can download and install new versions of malicious programs onto your computer – including Trojans and adware. • Trojan-Dropper These programs are used by hackers in order to install Trojans and / or viruses – or to prevent the detection of malicious programs. Not all antivirus programs are capable of scanning all of the components inside this type of Trojan. • Trojan-FakeAV Trojan-FakeAV programs simulate the activity of antivirus software. They are designed to extort money from you – in return for the detection and removal of threats… even though the threats that they report are actually non-existent. • Trojan-GameThief This type of program steals user account information from online gamers. • Trojan-IM Trojan-IM programs steal your logins and passwords for instant messaging programs – such as ICQ, MSN Messenger, AOL Instant Messenger, Yahoo Pager, Skype and many more. HOW TROJANS CAN IMPACT YOU • Trojan-Ransom This type of Trojan can modify data on your computer – so that your computer doesn’t run correctly or you can no longer use specific data. The criminal will only restore your computer’s performance or unblock your data, after you have paid them the ransom money that they demand. • Trojan-SMS These programs can cost you money – by sending text messages from your mobile device to premium rate phone numbers. • Trojan-Spy Trojan-Spy programs can spy on how you’re using your computer – for example, by tracking the data you enter via your keyboard, taking screen shots or getting a list of running applications. • Trojan-Mailfinder These programs can harvest email addresses from your computer. • Other types of Trojans include: • Trojan-ArcBomb • Trojan-Clicker • Trojan-Notifier • Trojan-Proxy • Trojan-PSW WHAT DOES THIS HAVE TO DO WITH PURCHASING? • Do you use any e-commerce site to make purchases for your utility? • Do you request and receive quotes, bid’s or RFP’s via e-mail? • Do you e-mail purchase orders to venders? • Do you search the internet for materials? POTENTIAL TARGETS • Public safety • Federal, state, local government agencies • Military facilities • Public/private utilities • Communications industry • Transportation industry • Colleges and universities • Banks, credit card companies • Retailers containing large credit card data repositories • Sensitive and/or classified data repositories • Personal data, identities, financial information U.S. ENERGY GRID HACKED 79 TIMES IN 2014 MALWARE GIVES HACKERS AN OPPORTUNITY TO PLANT DESTRUCTIVE CODE • The nation's energy grid is constantly under attack by hackers. • In fiscal year 2014, there were 79 hacking incidents at energy companies that were investigated by the Computer Emergency Readiness Team, a division of the Department of Homeland Security. There were 145 incidents the previous year. • The outermost defenses aren't holding up. Between April 2013 and 2014, hackers managed to break into 37% of energy companies, according to a survey by ThreatTrack Security. • Cybersecurity firm FireEye identified nearly 50 types of malware that specifically target energy companies in 2013 alone, according to its annual report. Energy firms get hit with more spy malware than other industries, according to a 2014 study by Verizon. • In March, TrustedSec discovered spy malware in the software that a major U.S. energy provider uses to operate dozens of turbines, controllers and other industrial machinery. It had been there for a year -- all because one employee clicked on a bad link in an email. • And just last month, CERT revealed that a Russian malware called BlackEnergy had found its way onto the software that controls electrical turbines in the United States. CYBERSECURITY THREATS – IDENTITY THEFT • In 2011, the government sector accounted for 25% of all identity-theft breaches, more than any other sector. • 51% of all underground economy servers worldwide were located in the United States. • The data on these servers often included government-identification numbers, credit and debit card numbers, bank account numbers, personal identification numbers, and e-mail address lists. • 86% of the credit and debit cards advertised for sale on underground economy servers were issued by U.S. banks.[5] • [5] Symantec Internet Security Threat Report Vol. XI, Symantec Corp. YOU MAY BE INFECTED IF? • PC is running much slower • Annoying Pop ups • Some Programs will not open • Errors keep popping up • PC stops responding • Blue Screen of Death! I’M SECURE! “I THINK” HOW DO HACKERS GET IN? • Happy Clicking! “Stop & Think Before You Click” • Social Media • Steganography • Email “When in doubt throw it out” • Virus or Malware attached to Websites • Social Engineering SOCIAL MEDIA • How safe is my information? • Do you use the same username & password for all of you logins, work & personal? • How much personal information do you share? • Do you access social media from Utility Issued PC or Mobile Device? [5] Symantec Internet Security Threat Report Vol. 19 21291018, Symantec Corp. MOBILE DEVICES [5] Symantec Internet Security Threat Report Vol. 19 21291018, Symantec Corp. STEGANOGRAPHY • Hiding the very existence of data within another message or media. • Media can be an image, a sound file, a video file, or another text document. • Software scanners can detect hidden information by analyzing extreme details of the suspected carrier file, but current detection methods are not totally accurate. The money is in the red car E-MAIL THREATS E-MAIL THREATS E-MAIL THREATS Game W/Virus VIRUS SOCIAL ENGINEERING • The Internet is fertile ground for social engineers looking to harvest passwords. The primary weakness is that many users often repeat the use of one simple password on every account: Yahoo, Travelocity, Gap.com, whatever. So once the hacker has one password, he or she can probably get into multiple accounts. One way in which hackers have been known to obtain this kind of password is through an on-line form: they can send out some sort of sweepstakes information and ask the user to put in a name (including e-mail address – that way, she might even get that person’s corporate account password as well) and password.