Professional Documents
Culture Documents
What Is Cybersecurity?
Criminals
Spies
Nation State Warriors
Hacktivists
Terrorists
Insiders
APT ---> Firewall ---> Network ---> Anti Virus ---> Hardware ---> Win Kernel
What Are The Vulnerabilities?
Insiders
Supply Chain
Previously Unknown or Zero-day
What Are The Impacts?
Hoaxes
Urban legends
How Can You Tell If The Email Is A Hoax Or
Urban Legend?
It suggests tragic consequences for not performing some action
It promises money or gift certificates for performing some action
It offers instructions or attachments claiming to protect you from a virus that is
undetected by anti-virus software
It claims it's not a hoax
There are multiple spelling or grammatical errors, or the logic is contradictory
There is a statement urging you to forward the message
It has already been forwarded multiple times (evident from the trail of email
headers in the body of the message)
Recognizing And
Avoiding Spyware
What Is Spyware?
Monitoring
Audit and review security logs for anomalous references to enterprise-level
administrative (privileged) and service accounts.
Review network flow data for signs of anomalous activity.
Ensure that network devices log and audit all configuration changes.
Best Practices and Planning Strategies
File Distribution
When deploying patches or AV signatures throughout an enterprise, stage
the distributions to include a specific grouping of systems (staggered over a
pre-defined time period).
Monitor and assess the integrity of patches and AV signatures which are
distributed throughout the enterprise.
Best Practices and Planning Strategies
Based upon the identification of an organizations mission critical assets (and their
associated interdependencies), in the event that an organization is impacted by a
potentially destructive condition, recovery and reconstitution efforts should be
considered.
To plan for this scenario, an organization should address the availability and
accessibility for the following resources (and should include the scope of these
items within Incident Response exercises and scenarios):
Comprehensive inventory of all mission critical systems and applications:
Versioning information,
System / application dependencies,
System partitioning/ storage configuration and connectivity, and
Asset Owners / Points of Contact.
Recovery and Reconstitution Planning
ISO / image files for baseline restoration of critical systems and applications:
Operating System installation media
Service Packs / Patches,
Firmware, and
Application software installation packages
Licensing/activation keys for Operating Systems (OS) and dependent
applications,
Enterprise Network Topology and Architecture diagrams,
Recovery and Reconstitution Planning
Implement null network routes for specific IP addresses (or IP ranges) from
which the payload may be distributed,
An organizations internal DNS can also be leveraged for this task as a null pointer
record could be added within a DNS zone for an identified server or application
Containment
If you believe you might have revealed sensitive information about your
organization, report it to the appropriate people within the organization,
including network administrators. They can be alert for any suspicious or
unusual activity.
If you believe your financial accounts may be compromised, contact your
financial institution immediately and close any accounts that may have
been compromised. Watch for any unexplainable charges to your account.
What Do You Do If You Think You Are A
Victim?
Immediately change any passwords you might have revealed. If you used
the same password for multiple resources, make sure to change it for each
account, and do not use that password in the future.
Watch for other signs of identity theft.
Consider reporting the attack to the police.
Understanding
Hidden Threats:
Rootkits and Botnets
What Are Rootkits And Botnets?
Attackers can use rootkits and botnets to access and modify personal
information, attack other computers, and commit other crimes, all while
remaining undetected. By using multiple computers, attackers increase the
range and impact of their crimes. Because each computer in a botnet can be
programmed to execute the same command, an attacker can have each of
them scanning multiple computers for vulnerabilities, monitoring online
activity, or collecting the information entered in online forms.
What Can You Do To Protect Yourself?
If you notice that you cannot access your own files or reach any external
websites from your work computer, contact your network administrators.
This may indicate that your computer or your organization's network is
being attacked.
If you are having a similar experience on your home computer, consider
contacting your internet service provider (ISP). If there is a problem, the ISP
might be able to advise you of an appropriate course of action.
Are these threats real to us?