Ed Ferrara, MSIA, CISSP Fox School of Business

Transcription

1 MIS 5208 Week 4 Cybersecurity & Fraud Ed Ferrara, MSIA, CISSP [email protected]

2 Hacking Source:

3 Computer Crime A cyber breach is any event that intentionally or unintentionally causes an unplanned increase in cost or decrease in revenue. Who are the players and why? Persons with repressed criminal behavior have a propensity to commit crime in cyberspace due ti their status and position. Identity flexibility and dissociative anonymity and lack of deterrence contribute to the choice to commit cybercrime. Persons from a close society are more likely to commit cyber crime. Types of Crime Personal Cyber stalking, Facebook Rape (FRAPE) Theft Organized Crime, Nation State, Gifted Individuals (Kingpin) Terrorism Cyber attacks in support of terrorist goals

4 The Nature of Attacks is Changing

5 Breaches - How 29% Involved physical attacks (+14%) 50% Utilized some form of hacking (+10%) 49% Incorporated malware (+11%) 17% Resulted from privilege misuse (-31%) 11 % Employed social tactics (- 17%) Source: Baker, W., Alexander, H., Hylender, D. C., Pamula, J., Porter, C., & Spitler, M. (2011) Data Breach Investigations Report. Retrieved from

6 Breaches Who? < 1% from business partners (- 10%) 92% from external agents (+22%) 17% implicated insiders (- 31%) 9% multiple parties (- 18%) Source: Baker, W., Alexander, H., Hylender, D. C., Pamula, J., Porter, C., & Spitler, M. (2011) Data Breach Investigations Report. Retrieved from

7 Breaches Commonalities 76% of all data was compromised from servers (- 22%) 92% of attacks were not highly difficult (+7%) 86% discovered by third parties (+25%) 96% of breaches were avoidable using simple controls (<>) 83% were targets of opportunity (<>) 89% of victims subject to PCI were not compliant (+10%) Source: Baker, W., Alexander, H., Hylender, D. C., Pamula, J., Porter, C., & Spitler, M. (2011) Data Breach Investigations Report. Retrieved from

8 The Five Steps of Hacking Reconnaissance Scanning Gaining Access Maintaining Access Covering Tracks

9 Reconnaissance Google, Twitter, Facebook & LinkedIn Phishing Preliminary Step to Social Engineering Social Engineering Exploits weakness of human element of information systems Contact employees via e- mail or telephone pretending to be: Employee Customer Supplier HTML Code Review, SQL Injection Probes, Whois Database Physical Break-In Network Attack Physical Property Theft Dumpster Diving Intelligence is the work of obtaining information, either passively or actively.

10 Phishing Reconnaissance Technique

11 Social Engineering & Physical Penetration

12 Scanning Vulnerabilities IP Addresses Phone Numbers Technical Contacts War Driving (WiFi) Port Scanning TCP/IP 65,536 TCP Ports 65,536 UDP Ports Open ports show running applications Identifying Systems that are running and the services that are active on them. Source:

13 Gaining Access Buffer Overflow Password Attacks - Brute Force Password Attacks Rainbow Tables Social Engineering Password Leakage Credentials Physical Access Exploiting identified vulnerabilities to gain unauthorized access.

14 Application & OS Attacks

15 Maintain Access Trojans (Remote Access Trojans) Black Orifice keystroke logging, HTTP file browsing, registry editing, audio and video capture, password dumping, TCP/IP port redirection, message sending, remote reboot, remote lockup, packet encryption, and file compression. SubSeven key logger, packet sniffer, port redirector, registry modifier, and Trojan Name Port BO jammerkillahv 121 NukeNabber 139 Intruders Paradise 456 Stealth Spy 555 Phase0 555 NeTadmin 555 Satanz Backdoor 666 Attack FTP 666 AIMSpy 777 Der Spaeher 1000

16 RAT Demo Back Orifice Video

17 Back Orifice

18 Covering Tracks Exit the System Delete modify system data Log files Registry entries Temporary files Trojan or similar malware agents. Onion Routing (TOR) Web Proxy Access Activities to hide malicious behavior.

19 Things to Remember

20 Thank You