Your SlideShare is downloading. ×
0
Module                                                          2            Module 2Security Threats & Attacks    © 2010 ...
Issues & Threats•   Phishing•   Social Engineering•   Viruses, Worms•   Spyware, Malware, Adware, Rootkits•   Trojan Horse...
Identity TheftEvery 5 seconds a thief steals someones      identity and goes shopping.IC3 receives over 164,000 complaint...
What Is Identity Theft• Acquisition of key pieces of identifying  information for the purpose of  impersonation.  Identify...
Identity Theft – How They Do It         High and Low Technology• Shoulder surfing at ATMs• Stealing your mail• Dumpster di...
© 2010 Foreground Security. All rights reserved
Example© 2010 Foreground Security. All rights reserved
Examples• Recent Incidents   – University compromises        • Student information (Princeton U. Student acceptance databa...
© 2010 Foreground Security. All rights reserved
Phishing© 2010 Foreground Security. All rights reserved
© 2010 Foreground Security. All rights reserved
E-mail Header (Right-click > Options)•   Return-Path: <service@paypal.com>•   Delivered-To: dave@cyberspann.com•   Receive...
© 2010 Foreground Security. All rights reserved
© 2010 Foreground Security. All rights reserved
© 2010 Foreground Security. All rights reserved
© 2010 Foreground Security. All rights reserved
© 2010 Foreground Security. All rights reserved
Spear PhishingWhat is a spear phishing scam?•   Spear phishing describes any highly targeted phishing attack. Spear phishe...
Spear Phishing© 2010 Foreground Security. All rights reserved
Defenses• Never reveal personal or financial information in a  response to an e-mail request, no matter who  appears to ha...
“Phishing Attacks”• Active Phishing Sites: 4/2006 = 2854• Average Monthly Growth Rate   – 7/2005 - 4/2006 = 15%• Number of...
Viruses© 2010 Foreground Security. All rights reserved
Evolution of Viruses© 2010 Foreground Security. All rights reserved
Issues & Threats© 2010 Foreground Security. All rights reserved
What is a worm?• Virus - a code segment which replicates by attaching copies  to existing executables.   – Self-replicatio...
Worldwide Code Red                                             Infections            700,000 machines infected$2-2.9 billi...
VBSWG – VBS Worm                                           Generator© 2010 Foreground Security. All rights reserved
Other Types of                                             Worms/Virus© 2010 Foreground Security. All rights reserved
Trojans© 2010 Foreground Security. All rights reserved
Movie© 2010 Foreground Security. All rights reserved
Spyware, Adware© 2010 Foreground Security. All rights reserved
Spyware, Adware, Rootkits,                                            Botnets© 2010 Foreground Security. All rights reserved
Spyware© 2010 Foreground Security. All rights reserved
Movie© 2010 Foreground Security. All rights reserved
The Cost of Spyware & Adware in                                                the Enterprise                        For B...
Spyware, Adware© 2010 Foreground Security. All rights reserved
Keystroke Loggers© 2010 Foreground Security. All rights reserved
Spamming© 2010 Foreground Security. All rights reserved
Password Crackers© 2010 Foreground Security. All rights reserved
Hack Methodology• 1: Reconnaissance• 2: Scanning• 3: Gaining Access• 4: Maintaining Access/  Malicious Activity• 5: Coveri...
Step 1:                                                       Reconnaissance• “Casing the Joint”• Incredibly effective for...
Low-Tech                                                     Reconnaissance• Social engineering  – Sensitive information o...
Internet Searching• Whois –    –   The “white pages” of the Internet, storing:    –   Technical, adminstrative, and billin...
Internet© 2010 Foreground Security. All rights reserved
Step 2: Scanning• Scanning looks for a way in  – Holes in your armor• Often relies on automated tools  – Manual checking t...
Phase 2: Scanning• War Dialing  – THC Scan• War Driving  – NetStumbler, Kismet, Airsnort• Network Mapping  – CheopsNG, Win...
Examples© 2010 Foreground Security. All rights reserved
Vulnerability Scanning• At this point, the attacker knows which systems  are available, how they are connected, and  which...
Vulnerability Scanning• Vulnerability scanning tools consist of a  database of known vulnerabilities, plus  an engine to c...
Hacking Examples• Languard• Nessus         © 2010 Foreground Security. All rights reserved
© 2010 Foreground Security. All rights reserved
Phase 3: Gaining                                                        Access• Attackers have many, many ways to  gain ac...
Step 3: Gaining Access• Exploitation - METASPLOIT• Buffer Overflows - METASPLOIT     © 2010 Foreground Security. All right...
Password                                                      Cracking/Stealing• Easily steal or grab password  representa...
Hacking Example     Hacking Demonstration© 2010 Foreground Security. All rights reserved
Password Cracking                                                        Defenses• Strong Password Policy  – At least 10 c...
Step 4: Maintaining                                             Access• Trojan Horses• Rootkits• Malware• Spyware• RATs• O...
Phase 4: Maintaining                                                       Access• Once the attackers gain access, they  d...
Trojan Horses &                                                         Backdoors• Trojan Horses  – Look like normal, happ...
Hacking Examples• Example of a Trojan Horse          © 2010 Foreground Security. All rights reserved
Phase 5: Covering the                                             Tracks• Once inside your systems, attackers  don’t want ...
Log Files• Tools to clear or Edit Log files to hide  activity• Winzapper – Edit NT Log files• Clearlogs – Clear remote log...
Hiding Files/Directories• NT/2003/XP use NTFS – NTFS offers  access controls and other security tools• File streaming – ev...
Upcoming SlideShare
Loading in...5
×

Module 2 threats-b

224

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
224
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Module 2 threats-b"

  1. 1. Module 2 Module 2Security Threats & Attacks © 2010 – Foreground Security. All rights reserved
  2. 2. Issues & Threats• Phishing• Social Engineering• Viruses, Worms• Spyware, Malware, Adware, Rootkits• Trojan Horses• Dos, DDos• ID Theft• Botnets• Non-compliance• Password Cracking• Day-Zero Exploits• Vulnerabilities, time-to-break © 2010 Foreground Security. All rights reserved
  3. 3. Identity TheftEvery 5 seconds a thief steals someones identity and goes shopping.IC3 receives over 164,000 complaints annually withestimated $54 Billion in losses to individualsComplaints originate from over 100 countriesViolations include auction fraud, international fraud,non-delivery. Many originate in Eastern Europe andAsiaIdentity Theft was the top consumer complaint to FTC © 2010 Foreground Security. All rights reserved
  4. 4. What Is Identity Theft• Acquisition of key pieces of identifying information for the purpose of impersonation. Identifying information: Name Address Date of Birth Social Security Number Mother’s Maiden Name Credit Card Number ATM PIN’s Bank Account Numbers © 2010 Foreground Security. All rights reserved
  5. 5. Identity Theft – How They Do It High and Low Technology• Shoulder surfing at ATMs• Stealing your mail• Dumpster diving• Utilizing corrupt employees• Creating counterfeit checks• Phishing (E-mail, Websites, Pop-ups)• Key Loggers, Sniffers, In-Secure Protocols © 2010 Foreground Security. All rights reserved
  6. 6. © 2010 Foreground Security. All rights reserved
  7. 7. Example© 2010 Foreground Security. All rights reserved
  8. 8. Examples• Recent Incidents – University compromises • Student information (Princeton U. Student acceptance database) – DSW Shoe Warehouse – 1.4 Million Names – Card Processing Systems – 40 Million ID’s – Bank of America – 1.2 Million Government Employees – ChoicePoint – 4,145,000 Names – CitiFinancial – 3.9 Million Names • Missing backup tape• One in 700 crimes leads to a conviction• Maxus Case: • Stole 300,000 credit card numbers • Attempted a $100,000 extortion • Offered 25,000 credit cards numbers on website © 2010 Foreground Security. All rights reserved Page 8
  9. 9. © 2010 Foreground Security. All rights reserved
  10. 10. Phishing© 2010 Foreground Security. All rights reserved
  11. 11. © 2010 Foreground Security. All rights reserved
  12. 12. E-mail Header (Right-click > Options)• Return-Path: <service@paypal.com>• Delivered-To: dave@cyberspann.com• Received: (qmail 72719 invoked by uid 12281); 22 Jul 2005 21:59:18 -0000• Received: from unknown (HELO in8.prserv.net) ([32.97.166.48])• (envelope-sender <service@paypal.com>)• by 198.63.47.249 (qmail-ldap-1.03) with SMTP• for <dave@cyberspann.com>; 22 Jul 2005 21:59:18 -0000• Received: from c-24-4-139-49.hsd1.ca.comcast.net ([24.4.139.49])• by prserv.net (in8) with SMTP• id <200507222157461080g91o2he>; Fri, 22 Jul 2005 21:59:17 +0000• X-Originating-IP: [24.4.139.49]• X-Message-Info: 8gux664qFXH/clQMpuoZweoHVdQ136Xk• Received: from 248.76.244.4 by 24.4.139.49; Fri, 22 Jul 2005 16:53:49 -0600• Message-ID: <TJCYETCSBRXBIABFTGUIEFQP@us.paypal.com>• From: "PayPal Services" <service@paypal.com>• Reply-To: "PayPal Services" <service@paypal.com>• To: benney@attglobal.net• Subject: PayPal Account Suspended as of 07-22-2005• Date: Sat, 23 Jul 2005 04:53:49 +0600• X-Mailer: The Bat! (v1.52f) Business• MIME-Version: 1.0• Content-Type: multipart/alternative;• boundary="--80953993190679285460"• X-Priority: 3• Status: © 2010 Foreground Security. All rights reserved
  13. 13. © 2010 Foreground Security. All rights reserved
  14. 14. © 2010 Foreground Security. All rights reserved
  15. 15. © 2010 Foreground Security. All rights reserved
  16. 16. © 2010 Foreground Security. All rights reserved
  17. 17. © 2010 Foreground Security. All rights reserved
  18. 18. Spear PhishingWhat is a spear phishing scam?• Spear phishing describes any highly targeted phishing attack. Spear phishers send e-mail that appears genuine to all the employees or members within a certain company, government agency, organization, or group.• The message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or the person who manages the computer systems, and could include requests for user names or passwords.• The truth is that the e-mail sender information has been faked or "spoofed." Whereas traditional phishing scams are designed to steal information from individuals, spear phishing scams work to gain access to a companys entire computer system.• If you respond with a user name or password, or if you click links or open attachments in a spear phishing e-mail, pop-up window, or Web site, you might become a victim of identity theft and you might put your employer or group at risk.• Spear phishing also describes scams that target people who use a certain product or Web site. Essentially, scam artists will use any information they can to personalize a phishing scam to as specific a group as possible.• The good news is that you can help avoid spear phishing scams by using some of the same techniques you already use to help avoid standard phishing scams. © 2010 Foreground Security. All rights reserved
  19. 19. Spear Phishing© 2010 Foreground Security. All rights reserved
  20. 20. Defenses• Never reveal personal or financial information in a response to an e-mail request, no matter who appears to have sent it.• If you receive an e-mail message that appears suspicious, call the person or organization listed in the From line before you respond or open any attached files.• Never click links in an e-mail message that requests personal or financial information. Enter the Web address into your browser window instead.• Report any e-mail that you suspect might be a spear phishing attack to the appropriate person within your company. © 2010 Foreground Security. All rights reserved
  21. 21. “Phishing Attacks”• Active Phishing Sites: 4/2006 = 2854• Average Monthly Growth Rate – 7/2005 - 4/2006 = 15%• Number of Brands Hijacked = 79 – # of brands comprising top 80% of all attacks = 7• Top Countries Hosting Phishing Sites = China, United States• Top Sector = Financial Services• Average Time On-line for site = 5.8 days – Antiphishing Working Group – www.antiphishing.org © 2010 Foreground Security. All rights reserved
  22. 22. Viruses© 2010 Foreground Security. All rights reserved
  23. 23. Evolution of Viruses© 2010 Foreground Security. All rights reserved
  24. 24. Issues & Threats© 2010 Foreground Security. All rights reserved
  25. 25. What is a worm?• Virus - a code segment which replicates by attaching copies to existing executables. – Self-replication – Requires a host program as a carrier – Activated by external action• Worm - a program which replicates itself and causes execution of the new copy. – Self-replication – Self-contained; does not require a host – Activated by hijacking or creating a process © 2010 Foreground Security. All rights reserved
  26. 26. Worldwide Code Red Infections 700,000 machines infected$2-2.9 billion in damage (Computer Economics) $200 million in damage per day during attacks © 2010 Foreground Security. All rights reserved
  27. 27. VBSWG – VBS Worm Generator© 2010 Foreground Security. All rights reserved
  28. 28. Other Types of Worms/Virus© 2010 Foreground Security. All rights reserved
  29. 29. Trojans© 2010 Foreground Security. All rights reserved
  30. 30. Movie© 2010 Foreground Security. All rights reserved
  31. 31. Spyware, Adware© 2010 Foreground Security. All rights reserved
  32. 32. Spyware, Adware, Rootkits, Botnets© 2010 Foreground Security. All rights reserved
  33. 33. Spyware© 2010 Foreground Security. All rights reserved
  34. 34. Movie© 2010 Foreground Security. All rights reserved
  35. 35. The Cost of Spyware & Adware in the Enterprise For BusinessesReal costs not quantifiable today © 2010 Foreground Security. All rights reserved
  36. 36. Spyware, Adware© 2010 Foreground Security. All rights reserved
  37. 37. Keystroke Loggers© 2010 Foreground Security. All rights reserved
  38. 38. Spamming© 2010 Foreground Security. All rights reserved
  39. 39. Password Crackers© 2010 Foreground Security. All rights reserved
  40. 40. Hack Methodology• 1: Reconnaissance• 2: Scanning• 3: Gaining Access• 4: Maintaining Access/ Malicious Activity• 5: Covering Tracks © 2010 Foreground Security. All rights reserved
  41. 41. Step 1: Reconnaissance• “Casing the Joint”• Incredibly effective for attackers• Very Useful information obtained: – Names of System administrators and others – Phone numbers and postal addresses – Internet addresses for target machines – Technologies in use(DNS, E-mail, Web, Microsoft, SQL/Oracle, Versions) – Business Partnerships – More!! © 2010 Foreground Security. All rights reserved
  42. 42. Low-Tech Reconnaissance• Social engineering – Sensitive information over the phone or mail – Attacker can easily guess/get passwords• Physical Access – Simply walk through front door – Piggybacking – Network connectivity• Dumpster Diving © 2010 Foreground Security. All rights reserved
  43. 43. Internet Searching• Whois – – The “white pages” of the Internet, storing: – Technical, adminstrative, and billing contact names – Phone numbers and e-mail addresses – Domain Name Servers• Arin.net – IP Addresses• Google• Linked-In• Web Postings• Job Postings (Company or Individual) © 2010 Foreground Security. All rights reserved
  44. 44. Internet© 2010 Foreground Security. All rights reserved
  45. 45. Step 2: Scanning• Scanning looks for a way in – Holes in your armor• Often relies on automated tools – Manual checking takes too long• Why information security is hard: – Attacker must find one way in to achieve goal – You must defend all entry points © 2010 Foreground Security. All rights reserved
  46. 46. Phase 2: Scanning• War Dialing – THC Scan• War Driving – NetStumbler, Kismet, Airsnort• Network Mapping – CheopsNG, Winfingerpring• Port Scanning – Nmap, SuperScan• Vulnerability Scanning – Nessus, LanGuard, SAINT, ISS, Etc. © 2010 Foreground Security. All rights reserved
  47. 47. Examples© 2010 Foreground Security. All rights reserved
  48. 48. Vulnerability Scanning• At this point, the attacker knows which systems are available, how they are connected, and which ports are open• What are the vulnerabilities on the target systems?• Vulnerability scanning tools look for holes on the target – Misconfigurations – Unpatched systems with known vulnerabilities – Other weaknesses• By rapidly checking for thousands of known vulnerabilities, attacker can get in faster © 2010 Foreground Security. All rights reserved
  49. 49. Vulnerability Scanning• Vulnerability scanning tools consist of a database of known vulnerabilities, plus an engine to check if they are present on the target system(s)• Nessus is the best free, open-source scanner • www.nessus.org• LanGuard • www.gfi.com © 2010 Foreground Security. All rights reserved
  50. 50. Hacking Examples• Languard• Nessus © 2010 Foreground Security. All rights reserved
  51. 51. © 2010 Foreground Security. All rights reserved
  52. 52. Phase 3: Gaining Access• Attackers have many, many ways to gain access to a target network: – Breaking in physically – Manipulating poorly written software – Exploiting weak password storage mechanisms – Gathering data that is not properly encrypted or not encrypted at all (such as User Ids, passwords, confidential data) – Etc., etc, etc © 2010 Foreground Security. All rights reserved
  53. 53. Step 3: Gaining Access• Exploitation - METASPLOIT• Buffer Overflows - METASPLOIT © 2010 Foreground Security. All rights reserved
  54. 54. Password Cracking/Stealing• Easily steal or grab password representations – Guess – Brute force – Dictionary attacks• Tools – Windows - L0pht Crack, www.atstake.com – Unix – John the Ripper, www.openwall.com – Network Tools – Netscan, NetbiosAT © 2010 Foreground Security. All rights reserved
  55. 55. Hacking Example Hacking Demonstration© 2010 Foreground Security. All rights reserved
  56. 56. Password Cracking Defenses• Strong Password Policy – At least 10 characters, 60-90 days, special characters – User awareness• Multi-factor Authentication• Pro-active Password Auditing © 2010 Foreground Security. All rights reserved
  57. 57. Step 4: Maintaining Access• Trojan Horses• Rootkits• Malware• Spyware• RATs• Other © 2010 Foreground Security. All rights reserved
  58. 58. Phase 4: Maintaining Access• Once the attackers gain access, they don’t want to lose it!• They alter the system to ensure they can stay in• They utilize Trojan Horse and Backdoor techniques to.. – Hide their Presence on the system – Guarantee future access – Run programs when needed © 2010 Foreground Security. All rights reserved
  59. 59. Trojan Horses & Backdoors• Trojan Horses – Look like normal, happy software, but mask some sinister functionality – Example: fun game program through e- mail that runs program in background• Backdoors – Bypass security controls giving attacker access – Example: “Joshua” password in “War Games” movie • Allowed complete access to computer © 2010 Foreground Security. All rights reserved
  60. 60. Hacking Examples• Example of a Trojan Horse © 2010 Foreground Security. All rights reserved
  61. 61. Phase 5: Covering the Tracks• Once inside your systems, attackers don’t want to get caught (most times)• They use large numbers of techniques to hide – Rootkits, All-in-one tools – Hiding files, processes, and network usage• Tools/techniques – Clearing Logs – Hiding Files and directories – Hiding ©on Foreground Security. All rights Covert Channels 2010 the network – reserved
  62. 62. Log Files• Tools to clear or Edit Log files to hide activity• Winzapper – Edit NT Log files• Clearlogs – Clear remote log files• Many More © 2010 Foreground Security. All rights reserved
  63. 63. Hiding Files/Directories• NT/2003/XP use NTFS – NTFS offers access controls and other security tools• File streaming – every filename is like a chest of drawers, the top drawer contains the contents of the file.• NTFS Alternate Data Streams – other drawer can be created to store data “under” original file• Defenses: – Virus Protection – LADS (List Alternate Data Streams) © 2010 Foreground Security. All rights reserved www.heysoft.de
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×