2. Proprietary & Confidential
@GoCyberSec | January, 2020
Introduction
• Understanding threat actors
• Determining malware types
• Recognizing common attacks
• Blocking malware and other attacks
• Educating users
3. Proprietary & Confidential
@GoCyberSec | January, 2020
Threat Actors
• Open-source intelligence
– Info freely available (such as from web sites and social media)
• Script kiddie
– Little expertise, sophistication, or funding
• Hacktivist
– Part of an activist movement
• Insider
– Employee (can become a malicious insider)
• Organized crime
– Typically motivated by money
• Competitor
4. Proprietary & Confidential
@GoCyberSec | January, 2020
Threat Actors
• Nation state/advanced persistent threat (APT)
–Identify a target and persistently attack until they
gain access
–Often remain in network for months or years
–China APT1
–Russia APT 28 (Fancy Bear)
–Russia APT 29 (Cozy Bear)
6. Proprietary & Confidential
@GoCyberSec | January, 2020
Determining Malware Types
• Worms
–Self replicating
• Logic bombs
–Executes in response to an event
• Backdoors
–Provides an alternate method of access
–Many types of malware create backdoors
7. Proprietary & Confidential
@GoCyberSec | January, 2020
Understanding Malware
• Trojan Horse
– Appears to be useful but is malicious
– Pirated software, rogueware, or games
– Also infect systems via USB drives
• Drive-by downloads
– Attackers compromise a web site to gain control of it
– Attackers install a Trojan embedded in the web site’s code
– Attackers attempt to trick users into visiting the site
– When users visit, the web site attempts to download the Trojan onto the
users’ systems
• Remote access Trojan (RAT)
8. Proprietary & Confidential
@GoCyberSec | January, 2020
Determining Malware Types
• Ransomware
–Takes control of user’s system
–Typically encrypts user’s data
–Attempts to extort payment
9. Proprietary & Confidential
@GoCyberSec | January, 2020
Determining Malware Types
• Keylogger
–Capture’s keystrokes
• Spyware
–Can access a user’s private data and result in loss of
confidentiality
• Adware
–Pop-ups that market products to users
–Blocked with pop-up blockers
10. Proprietary & Confidential
@GoCyberSec | January, 2020
Bots and Botnets
• Bots – software robots
• Botnets
– Controlled by criminals (bot herders)
– Manage command and control centers
– Malware joins computers to robotic network
• Zombies or clones
– Computers within botnet
– Join after becoming infected with malware
11. Proprietary & Confidential
@GoCyberSec | January, 2020
Determining Malware Types
• Rootkits
• System level or kernel access
• Can modify system files and system access
• Hide their running processes to avoid detection with hooking
techniques
• File integrity checker can detect modified files
• Inspection of RAM can discover hooked processes
12. Proprietary & Confidential
@GoCyberSec | January, 2020
Social Engineering
• Flattery and conning
• Assuming a position of authority
• Encouraging someone to:
• Perform a risky action
• Reveal sensitive information
• Impersonating
• Tailgating
13. Proprietary & Confidential
@GoCyberSec | January, 2020
Social Engineering
• Impersonating
–Such as an authorized technician
• Shoulder Surfing
–Can be in person looking at a computer
–Can be with a remote camera
• Tricking users with hoaxes
14. Proprietary & Confidential
@GoCyberSec | January, 2020
Social Engineering
• Tailgating
- Closely following authorized personnel without
providing credentials
- Mitigated with mantraps
• Dumpster diving
- Searching through trash looking for information
- Mitigated by shredding or burning papers
15. Proprietary & Confidential
@GoCyberSec | January, 2020
Social Engineering
• Watering hole attack
- Attacker identifies websites trusted by group of users
- Attacker infects these websites
- Users go to infected (but trusted) websites
- Prompted to download files
16. Proprietary & Confidential
@GoCyberSec | January, 2020
Recognizing Other Attacks
• Spam – unwanted email
• Phishing – malicious spam
- Attempt to trick users into revealing sensitive or personal
information
- Links within email can also lead unsuspecting users to install
malware
- Often spoof email address with your friend’s names
- Phishing to Validate E-mail Addresses
- Phishing to Get Money
17. Proprietary & Confidential
@GoCyberSec | January, 2020
Recognizing Other Attacks
• Spear phishing
• Targets specific groups of users
• Could target employees within a company or customers of a
company
• Whaling
• Targets high-level executives
• Digital signatures provide assurances to
recipients about who sent an email
• Digital signatures can reduce the success
of spear phishing and whaling
• Vishing – Uses phone or VoIP
20. Proprietary & Confidential
@GoCyberSec | January, 2020
Privilege Escalation
• Occurs when a user or process accesses elevated rights and
permissions
• Attackers attempt to gain more privileges
• Malware attempts to gain more privileges
• Administrators have two accounts
- One account for regular use
- One for administrative use
- Goal is to mitigate privilege escalation attempts
21. Proprietary & Confidential
@GoCyberSec | January, 2020
Blocking Malware
• Spam filter on mail gateways
• Anti-malware software on mail gateways
• Anti-malware software on all systems
• Block at boundaries
–Firewalls
–UTM systems
22. Proprietary & Confidential
@GoCyberSec | January, 2020
Blocking Malware
• Antivirus software
– Signature-based detection
• Detects known malware based on signature definitions
• Heuristic-based detection
– Detects unknown malware based on behavior
• Checking file integrity with hashes
• Data Execution Prevention (DEP)
23. Proprietary & Confidential
@GoCyberSec | January, 2020
Blocking Malware
• Advanced malware tools
– AMP
• Spam filters can block spam
– Network-based spam filters block into network
– End-user spam filters restrict spam on user’s system
25. Proprietary & Confidential
@GoCyberSec | January, 2020
Best Practices
• Don’t click on links within emails from unknown sources
• Don’t open attachments from unknown sources
• Be wary of free downloads from the Internet
• Limit information you post on social media sites
• Back up your data regularly
• Keep computer up to date with current patches
• Keep antivirus software up to date