Cyber Security Threats Shehzad Mirza Director of the MS ISAC SOC

Cyber Security Threats Shehzad Mirza Director of the MS ISAC SOC Will Pelgrin CIS President and CEO MS ISAC Chair

2.6 Billion Internet Users 13% 1% 6% 3% Asia 44% 10% Europe 22.7% 44% North America 13.0% Lat Am / Carib 10.3% 23% Africa 5.7% Middle East 3.3% Oceania / Australia 1.0%

Connectwith constituents Learn new ideas Broadcast public functions live The Internet is a tremendous tool for governments Allows your constituents to register online Pay employees easily

Criminals look for data and state and local governments have a lot of it! From Cradle To Grave And Beyond! Confidential Informants

Leon Panetta, Secretary of Defense The next Pearl Harbor that we confront could very well be a cyber attack that cripples our power systems, our grid, our security systems, our government systems Cyber war could paralyze the US U.S.

Who Is Behind The Threats? Cyber Criminals Hacktivists Nation States

Cyber Threats Hacktivism Mobile Devices Insider Threats & Human Error Phishing Old Infrastructure

Hacktivism

Hacktivism i Attacking corporations, governments, organizations and individuals to make a point Sophos 2012 Hacktivist groups target: Private corporations Federal Government State t Government Local Government Education Law enforcement groups

User Account Compromise Attack Scenario 1. Law Enforcement Association (i.e. Sheriff association, i Police Benevolent Society, etc) gets compromised 2. Attackers gather the stolen credentials and either post to sharing website (i.e. Pastebin) or keep the login information for themselves 3. Either the hackers themselves or other malicious actors then download and use the credentials from sharing website to login and access local and federal law enforcement systems 4. The compromise of the "association" system may lead to the compromise of the SLTT government systems

What Can You Do To Prevent This? Perform regular vulnerabilityassessmentsof assessments all Internet facing systems Remind employees not to re use work passwords Monitor Webmail for: Failed logins Logins from out of the area or country Logins at odd hours

Mobile Devices

Smartphone and Tablet Security Risks Too Many Individuals Still Don t use encryption, passwords, time-out settings or any other security protection Store their sensitive corporate information on smartphones Lose one of these devices at some point

Mobile Devices Targets of Attack The number of variants of malicious software aimed at mobile devices has reportedly risen from about 14,000 to 40,000 or about 185% in less than a year U.S. Government Accountability Office

Leaving your laptop or smartphone unattended d can lead to big problems More than 10,000 laptops are reported lost every week at 36 of the p p p y largest U.S. airports, and 65 percent of those laptops are not reclaimed. Ponemon Institute

Insider Threats and Human Error

Insider Threats are Real Can be intentional or accidental WikiLeaks Hundreds of thousands of confidential documents leaked by military employee Inadvertent posting of the Social Security numbers and birth dates of 22,000 government retirees on a state procurement website Disgruntled city employee tampers with city network to deny access to top administrators i t

Human Error Weak Passwords tomshardware.com

A longer password is a better password Strong passwords should be 9-12 characters and possess a combination of letters, numbers, and special characters.

Example of Strong Password This Is A Better Password Which Would Be Harder To Crack Password = T1@bPwWBH2C

Most Dangerous Cyber Celebrity!!!!

Phishing

Phishing scams entice email recipients into clicking on a link or opening an attachment which is malicious. WELL WRITTEN APPEARS CREDIBLE ENTICING OR SHOCKING SUBJECT APPARENT TRUSTED SOURCE Gone Phishing

Protect Yourself Never click on a link in a suspicious e mail. Open a new web browser and manually go to the vendors website to log into your account. Call your vendor using a phone number from an official source to get the information you need.

Old Infrastructure

Old hardware and software that is beyond the end of its support life is often still inuse today No longer supported by the vendors Using them after end of life places your organization at great risk since any security vulnerability will NOT be fixed, making it easy for hackers to launch a successful cyber attack

Industrial Control Systems

Internet Facing Industrial Control Systems Approximately 7,200 Internet Facing Control System Devices Source: US Department of Homeland Security ICS CERT Monthly Oct Dec2012

Case Studies

South Carolina 2012 More than 3.3 million unencrypted bank account numbers and 3.8 million tax returns were stolen in an attack against the South Carolina Department of Revenue. Data lost: SSNs, bank account numbers and credit card numbers. Breach due to a state employee falling for a phishing attack that enabled hackers to leverage that employee's access rights to gain access to the government entity's systems and databases.

State of Utah 2012 280,000 Social Security numbers were stolen, and another 500,000000 people lost personal information. Eastern European hackers broke into the server maintained by the Utah Department of Technology Services in the spring of 2012 by taking advantage of a misconfiguration.

What Can You Do? Keep your systems patched Have cyber security policies Monitor compliance with the policies i Log and monitor network traffic Backup your systems on a regular basis and check them before storing off site Train employees on good cyber security practices

Zeus Financial Fraud A bank informed a School District that $758,758.70 was to betransferred overseas The School District cancelled the transaction The Bank than asked about the $1,190,400 that was already sent overseas And the $1,862,400 also already sent overseas

What Can You Do? Have a dedicated computer for financial transactions IP Filtering/white list Limit software programs (no java, flash, email, etc.) Set up non privileged user account Take advantage of two factor authentication where available

Stats

Number of Infections All MSS Partners 450 400 350 Dec 12 Jan 13 Feb 13 Mar 13 300 250 200 150 100 50 0

Daily Activity Summary All MSS Partners 350 Dec 12 Jan 13 300 Feb 13 Mar 13 250 200 150 100 50 0 Accepted Inbound Port Scans Peer to Peer Usage SQL Injection Exploit Attempts System File Access Attempts Login Brute Forcing Server Attack: Web Server Spyware Traffic Events

300 Notifications Dec 12 Jan 13 Feb 13 250 Mar 13 200 150 100 50 0 Darknet Keylogger Defacement Credentials

The is here to help!

What is the MS ISAC? The Multi State Information Sharing and Analysis Center (MS ISAC) S C)is the focal point for cyber threat prevention, protection, response and recovery for the nation s state, local, l territorial and tribal (SLTT) governments.

Is Built On A Strong Foundation Federal Government Situational Awareness Homeland Security Advisors SHARE States & US Territories COLLABORATE Local Governments TRUST

AK HI American Samoa S A Trusted Model for Collaboration and Cooperation across All States, Local Governments and Several U.S. Territories Built i ilt on over 10 years of Centralized Outreach, Awareness and Bidirectional Information Sharing.

Local Governments Local Government members represent 33% of the U.S. population

Washington Montana North Dakota MS ISAC Monitoring Partners Maine Oregon Idaho Minnesota Vermont New Hampshire Lane Co. South Dakota Wisconsin New York Massachusetts Wyoming Michigan Rhode Island Connecticutt California Nevada Utah Colorado Nebraska Kansas Iowa Johnson Co. Missouri Illinois Indiana Kentucky Ohio West Virginia Pennsylvania NYC New Jersey Delaware Maryland Virginia North Carolina LAWA Arizona New Mexico Oklahoma Arkansas Tennessee Brentwood Cary South Carolina San Diego Mississippi Alabama Georgia Goodyear Texas Louisiana Florida Alaska Hawaii

Security Operations Center Staff at the NCCIC

24x7 Cyber Security Operations Center Central location to report any cyber security incident, staffed 24x7 24x7 support for: Albert and Managed Security Services Vulnerability Assessments Research and analysis 24x7 analysis and monitoring of: Threats Vulnerabilities Attacks 24x7 reporting: Web Defacements Account Compromises

CERT Capabilities Incident Response Includes on site assistance Malware Analysis Computer Forensics Network Forensics Log Analysis Statistical Data Analysis Netflow Monitoring / Albert Rapid Sensor Deployment Penetration Testing

MS ISAC Intelligence Sources 7x24 Monitoring Analysis of 12 billion logs/records per week Intelligence Partners Federal Government Private Sector Internet Research

Multi-State Information Sharing and Analysis Center Products and Services 24/7 Cyber Security Analysis Center National Webcast Initiative National Cyber Security Cyber Security Alerts and Awareness Month Advisories Monthly Conference Calls Public and Secure Websites Annual Meeting Participation in cyber exercises Common cyber alert level map Ensuring collaboration with all necessary parties

Public Website

Take advantage of our RSS feed! Connect to our Cyber Security Advisories to provide greater awareness to those agencies, organizations and business that frequent your website Connect to our Daily Cyber Security Tip to provide greater awareness for your employees, constituents and others

Monthly Newsletters The distributes the newsletters in a template form so they can be re-branded and distributed broadly throughout states and local governments

Cyber Security Guides

Cyber Security Awareness Toolkit

How can you join?

Summary There ees is no silver bullet for cyber security Don t become complacent Have policies and methodologies in place to monitor compliance Log and monitor all traffic Be a cyber security champion in your organization

Thank You Questions??? Contact Information: brian.calkin@msisac.org or info@msisac.orgorg 1 866 787 4722