This document outlines effective habits for safe internet use. It discusses the key players in cybersecurity including attackers, IT departments, and end users. It explains common attack methods like exploiting vulnerabilities in browsers or apps. While reputable sites can still be hacked, following best practices like keeping software updated, using browsers safely, and being wary of external devices can help reduce risks. The main message is that everyone needs to be cyber aware to protect themselves and their information online.

1. 7 Effective Habits when
using the Internet
Philip O’Kane
1

2. Introduction

Who are the players?
− The Attackers
− IT Support/Department
− End-user

Attack Surface
− What is an attack surface
− How well are you protected?

Myths about Malware (Virus, Worm, Trojan, etc.)

Seven Effective Habits
2

3. The Players
IT Department
• Multifunction
• Resolve Issues
• Protect User, Assets and Networks
User
• Carry out Business function
• Protect Asset
Attacker
(Malware)
Assets
• Personal Information
• Account Details
• IPR
Firewall
3

4. Attack Surface
4
Firefox
Internet
Explorer
Chrome
Java Apps
Email
Web
Browser
Flash
Player
Vulnerability
(Bug or Poor configuration)
Assets
• Personal Information
• Account Details
• IPR
Attacker
(Malware)

5. Attacks

The End-user PC is inside the firewall
− It inherits the trusted status of the PC and can access
sensitive information
− Use privileged protocols to access data
− Spread to others using privileged protocols
− Email everyone in your contacts with malware attachments
− Backdoor access – can send data to the attackers

Used as part of a Botnet to attack others (DDOS)
5

6. Attacks on Corporates

Bank Dbase hacked $45 Million in ATM (Dec 2013)

RSA Security,40 million employee records
stolen (March 2011)

Sony's PlayStation Network (April 2011)
− 77 million accounts hacked
− Sony site was down for a month
6

7. Attacks on the Individual

Mobile Ransomware (2014)

Spam Emails
− PayPal (URLs).

Emails with attachments
− Zip, SCR, EXEC
− CryptoLockers/Ransomware
− Backdoors

USB
− Found or given a USB at a show
7

8. IT Departments/Defence Solutions

Firewall configuration
− Internet protocols
− Open ports

Patch Deployment
− Centralised vulnerability remediation as exploitations are on the
internet within 8 hours of patch deployment (Patch Tuesday)

Permitting open policies for privileged user authority

70% of stolen data via USBs
8

9. Myths

I will know when I’m infected

Malware is just for Windows

Email attachments from known persons are safe

Visiting only reputable sites is completely safe

Malware is not a problem, I have nothing important on my PC
9

10. I will know when I’m infected

Malware Detection Rate over 30 Days
10
0->25% 26->50% 51->75% 76->90% 91->100%
Key
Day 1 8 15 22 30
McAfee 22% 53% 85% 86% 86%
Kaspersky 22% 87% 91% 92% 92%
AVG 13% 85% 92% 92% 93%
Virus Buster 10% 30% 46% 74% 74%
Symantec 21% 36% 43% 46% 47%
Trend Mirco 17% 29% 32% 32% 38%
Poor Good
"Cyveillance testing finds AV vendors detect on average less than 19% of malware attacks", Aug, 2010,
https://www.cyveillance.com/web/blog/press-release/cyveillance-testing-finds-av-vendors-detect-on-average-less-than-19-
of-malware-attacks.
Zero Day

11. Malware is just for Windows

Window is the biggest target
− Windows 8 release - a firm announced a zero-day vulnerability
that circumvents all new security enhancements in Windows 8
and Internet Explorer 10

Mobile phone
− Study claims 614% increase last year.
− Android accounts for 92% of total infections (June 2013)

Apple Mac
− Small volume of malware to date
11

12. Email attachments from known persons are safe

Do not execute untrusted programs
− Internet protocols
− Open ports

Email attachments
− Who can you trust?
− Has your friend been hacked?

Embedded URLs
− (Spear) Phishing Emails
− PayPal scam etc.
12

13. Visiting only reputable sites is completely safe

Advice such as ‘Do not visit risky websites’
− It is good advice

The converse is not necessary true
− Reputable websites can be hacked
− NBC Media website hacked, which installed fake antivirus
software (Feb 2013).
− msn.co.nz website hacked to re-directed to a site that hosts
pictures of Bill Gates (MS) with pie on his face.
− EA games web server hacked to host phishing website, users
where asked to enter their Apple IDs and personal information.
13

14. Malware in not a problem, I have nothing..

Malware is not a problem, I have nothing important on my PC

Even if your computer has nothing important stored on it
− Address books can be used to send out spam and malicious
emails
− Malware can record all of your keystrokes and steal your
usernames and passwords. When the malware authors have that
information, they can use it to cause severe damage ranging
from financial loss to identity theft.

Bank account details

Social media website to scam friends
14

15. Reduce your Attack Surface

Browser
− Use the latest browser
− Update your security regularly
− Browser controls

Games and Apps
− Do you need those apps?
− Where to get apps?
15

16. Reduce your Attack Surface

Portable media
− Two-thirds of lost USB drives carry malware – from a survey of
USB drives in a lost and found department
− Beware of USBs you find lying around
− Malware infected USB drives handed out at a trade show
16

17. Seven Effective Habits

You can’t disengage your brain

Be safe both at work and home

Update your software to include latest patches

Use the latest software

Don’t install software you don’t use

Be careful about the apps you download - Games etc.

Run with minimum privileges
17