Explaining Common Threats & Protecting Humans from Attacks¶
Viruses, Trojans, & Other Malware¶
Malware: Malicious Software¶
Viruses
Trojans
Worms
Rootkits
Spyware
Adware
PUP
Viruses¶
Computer Program that copies itself
Spreads from one file to another
Can spread from computer to computer
Executable code that attaches itself to another executable program
.exe
MS Office
Corrupts files and the OS
Spyware¶
Could be through a keylogger
Spies on victim
Can find other sensitive information
Trojan¶
Designed to do a specific task
Can give attacker backdoor access to the victim’s machine
Can control multiple machines to use as an attack - DDoS
Ransomware: victim has to pay a ransom in order to access their files
RootKits¶
Designed to go undetected
Can be installed in the computer’s kernal
Can control the entire computer
Worms¶
Replicate themselves
Not attached to a program
Attack a vulnerability of the target system
Adware¶
Generates revenue
Displays ads
Pay-per-click
DoS Attacks & Man-in-the-middle Attacks¶
Denial of Service¶
Degrades a system to prevent legitimate users access
Too much traffic for the system to process
Distributed DoS¶
Multiple machines doing a DoS to one server
Man-in-the-middle¶
Intercept client initial request to server
Sends a copy to original server
Server replies to Mitm
Mitm replies to client with copy
Can see contents of traffic intercepted by client to server communication
Client & server believe they’re talking correctly
Endpoints Stopping Phishing¶
Train the Userbase¶
Verify domain
Ask if email makes sense
Check the data
Call to verify
Flag the email as spam
Call right away if attempt was successful
Computers Blocking Phishing Attempts¶
Phishing attacks are becoming more sophisticated
Cisco Advanced Phishing Protection
Analyzes emails
Takes configured action with malicious emails
Can be sent to Cisco’s security experts for further analysis
Attacks Against Cloud Services¶
Dos & DDoS can still happen in cloud environments
Security Non-Profits¶
CSA
OWASP
Data Breach¶
Confidential info is stolen
Attacker targets less secure systems:
Human error
Application vulnerabilities
Poor security practices
Insecure APIs¶
Allow for authorized data to be shared automatically
Embedding API with a threat
Stolen API keys
API has more access than it should
API Security Gateways¶
Allow for single point of connection for API
Security features are built into API Security Gateways
Not built into normal API Gateways
Account Management¶
Promptly remove accounts and change passwords
Use MFA
Social Engineering & Phishing Attacks¶
Social Engineering¶
Perceived trust between attacker and another party
Could impersonate the victim in order to obtain sensitive information
Convincing victim they are a trusted authority
All future correspondence from them is legitimate
Emails could contain malicious links
Could provide the user with misinformation
Phishing¶
Social engineering attack that uses electronic communications
Types:
Bulk Phishing
Not a specific target (Generic)
Spear Phishing
Specific target (a lot of research)
Whaling
Spear phishing targeting high profile targets
Clone Phishing
Attacker clones logos of legitimate services
Methods:
Link manipulation
Realistic websites
www.titlecompany.updated-wiretransfer.com
Take the victim to the attackers website
Website forgery
JavaScript to make the address bar look legitimate