220 likes | 448 Views
Information Technology (IT) Security Training and Awareness Workshop. AIM 42nd ABMTS August 2011. WORKSHOP PRESENTERS. Tony H. McMahon MITS Director, Transition 2 Program Manager Cust.Acct. Data Eng. Program Office Washington, DC. Giselle C. Joseph IT Security Specialist
E N D
Information Technology (IT) Security Training and Awareness Workshop AIM 42nd ABMTS August 2011
WORKSHOP PRESENTERS Tony H. McMahon MITS Director, Transition 2 Program Manager Cust.Acct. Data Eng. Program Office Washington, DC Giselle C. Joseph IT Security Specialist MITS CyberSecurity Operations Houston, Texas
80% of American Taxpayers will file electronically by the year 2012 IRS as TARGET • Largest IT environment of any U.S. civilian agency • More PII than any other government agency • Process $2.5T of revenues • Complex & diverse IT infrastructure • Complex & diverse business processes utilizing many channels (e-file, paper, internet, phone, walk-in) • 700 + POD’s
Probes to IRS Top 10 Attacking Countries (denied) Hit Count Hit Count is Based on every 3 months
What is at Risk? • DATA– All information used and transmitted by the organization • Sensitive But Unclassified (SBU)SBU data refers to sensitive but unclassified information originating within IRS offices. [Ex: Personal, Tax Return Information, • Personally Identifiable Information (PII).. PII includes the personal data of taxpayers, and also the personal information of employees, contractors, applicants, and visitors to the IRS [Ex: Home addresses, Names, Social Security Numbers, • National Security Information - Cyber Espionage • HARDWARE- Desktop computers, servers, wireless access points (APs), networking equipment, and telecommunications connections etc… • SOFTWARE- Application programs, operating systems, and security software etc…
No one knows who I am on the Internet The Internet is a virtual world, so nothing bad can happen to me Security software (anti-virus, firewall, etc.) will protect me The IRS will protect me Law enforcement will protect me CYBER SECURITY MISCONCEPTIONS Who Believes All This? 5
Internet Attack Activity Web-based attack activity, 2009–2010Source: Symantec Corporation
Who are they? Who are the Attackers & Why? No longer just techno-geeks. • GANGS/GROUPS • Criminal gangs • Employ individuals or groups of hackers to steal PII, credit card & banking information. • Hacker Gangs • Create & sell botnets & hacker tools • Sometimes engage in activity to wage cyber war on each other or to boost their reputation. • Political or religious groups • Hacking for military and commercial secrets & to inflict damage. • Well resourced - Funded by criminal enterprises, nations, • political or religious entities. . Hackers, Attackers or Intruders Script Kiddies Computer Spy Employees Cybercriminals Cyberterrorists • Glory Motivated • Financial Profit • Political Motivated • Religious Groups • “They have Shift from “Glory-Motivated-Vandals” to • “Financially-Politically-Motivated-Cyber-Crime WHY?
Old and New Enemies Jeremy Jaynes $24M SPAM KING Joseph McElroy Hacked US Dept of Energy Jeffrey Lee Parson Blaster-B copycat Chen Ih Hua CIH Virus Andrew Schwarmkoff Russian Mob Phisher Jay Echouafni Competitive DDoS • Photos from colleagues at F-Secure
Highly motivated, professionally trained & equipped adversaries Political or Religious Groups • Espionage and sabotage aimed at US Government, Military & Commercial sites • Strategic & Tactical Attacks • Threat to the military & economic security of the United states
How is all this Happening? • Social Engineering • Phishing, Pharming etc… • Malware (Malicious Code) • Viruses, Trojans, Spyware, Spam, Botnets etc… • Network Vulnerabilities & Attacks • Weak Passwords, Backdoors, DoS, Spoofing, etc… • Hardware Base Attacks • USB drives, Cell phones etc… • Web Browser Attacks • Cookies, Active X etc… • Communication Based Attacks • Instant Messaging (IM), peer-to-peer (P2P) etc… • Wireless Attacks & Protocol-Based Attacks • War Driving, Bluesnarfing etc… • Difficulties in Defending Against Attackers • Speed, Sophistication & Simplicity of Attacks etc… • Lack of Education and Training (Security Awareness) • Smart People doing ‘NOT So Smart Things’ • Donate computer with uncleaned disk w/o sanitization.
Social Engineering Social Engineering Tactics Social Engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases the attacker never comes face-to-face with the victim. • E-Mail Phishing, Pharming, Computer hoaxes etc… • Telephone • In Person Shoulder Surfing, Stealing, Browsing • Dumpster Diving • Internet Unsafe Web Sites • In Writing Combat Social Engineering: • Never reveal or share your password • Never provide information about IRS systems & networks. • Never change your password to something that another person has requested. • Never disclose Sensitive & Official Use Only (OUO) information. • Never reply to e-mail messages that request your personal information. • Never click links in suspicious e-mail. • Never unsubscribe from Email unless it’s a reputable business. • Never download from the Internet on IRS computers. • Always be careful whom and where you download from on home computers. • Always verify the identity of callers • Always discard sensitive information appropriately (shred, locked burn bens etc…) • When dealing with companies make sure you do your homework to ensure that they are legitimate Better Business Bureau (BBB).
SYSTEM THREATS Three main objectives of Malware: Infecting Malware:Viruses, Worms Concealing Malware:Trojan Horses, Rootkits, Logic Bombs, Backdoors, and Privilege Escalation Malware for Profit:Spam, Spyware, and Botnets MALWARE Malware is software that enters a computer system without the owner’s knowledge or consent. Malware is also referred to as Malicious Code or Malicious Content. Malware's most common pathway from criminals to users is through the Internet: primarily by e-mail and the World Wide Web.Malware is a variety of damaging and/or annoying software.
SYSTEM THREATS • Trojans are approximately 90% of the Malicious code events detected by IRS every quarter. • 80% or more of these Trojans come from Malicious Websites • According to Symantec, Trojans are the Most important source of potential infections. • In 2010, 56 percent of the volume of the top 50 malicious code samples reported were classified as Trojans—the same percentage as in 2009. Trojan Horse or Trojan, are a type of malware that disguise themselves as legitimate, it is destructive program that masquerades as an application. When an end-user attempts to install or run the seemingly-benign executable file, their system becomes infected with malicious code, which gives an attacker access to the user’s privileges and sensitive information. [Malware] Trojan Horses Spyware (Malware) Spyware is a general term used to describe software that violates a user’s personal security. Spyware creators are motivated by profit: generate income through advertisements or by acquiring personal information and may change configurations. Although attackers use several different spyware tools, the two most common are adware and key loggers. Adware (Spyware tool) typically display advertising banners or pop-up Ads or opens Web browser while user is on the Internet. Keylogger (Spyware tool) is a small hardware device or a program that monitors each keystroke a user types on the computer’s keyboard. Spyware usually performs one of the following functions on a user’s computer: Advertising, (Pop-ups), Collecting personal information or Changing computer configurations. NOTE: Your Personal Information can be obtained through [zabasearch.com, & Spokeo,]
SYSTEM THREATS Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. • Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. • Phishers like to use variations of a legitimate address ex: www.ebay_secure.com • In many cases when clicking open pop-ups it will attach Malware to your computer. Most SPAM comes in forms of Chain letters, Jokes,Hoaxes, and Advertisement. • Botnets, networks of virus-infected computers, are used to send about 80% of spam. • Spammers collect e-mail addresses from chatrooms, websites, customer lists, newsgroups, and viruses which harvest users' address books, and are sold to other spammers. • Spam averages 80% of all e-mail sent with many containing attachments of Malware. • In the year 2011 the estimated figure for spam messages are around seven trillion. NOTE: For Hoaxes check out Snoopes.com and/or TruthorFiction.com PHISHING Phishing is an attack that sends an e-mail or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information. [Social Engineering] SPAM SPAM is unsolicited, junk e-mail. It continues to escalate through the Internet. On average it costs U.S. Organizations $1000.(or more) per person annually in lost productivity. [Social Engineering / Malware]
SYSTEM THREATS UNSAFE WEB SITES –Many legitimate web sites unknowingly have been infected and have malware attached to downloads. Users should never log on to a web site from a link in an e-mail; instead they should open a new browser window and type the legitimate address. • IRM 10.8.27.3 (1) states “Employees should not download unauthorized program. DOWNLOADING NOT PERMITTED. • Any Web site in which the user is asked to enter personal information should start with “https” instead of “http” and should include a padlock in the browser status bar. • One way to check the links in an e-mail you receive is to place your mouse cursor over the link BUT DO NOT CLICK. This will display the true link as shown in the image below. REMOVABLE MEDIA – Some types of removable media are blu-ray discs, DVDs, CDs, Memory Cards, Floppy disks, Magnetic tapes, paper data storage, USB drives etc.. iPods, MP3 Players, digital cameras, and smart phones connected to your computer system are also considered to be removable media. • In 2010 IRS saw an increasing trend of malware related infections resulting from users connecting either IRS issued or personally owned removable media to IRS systems. Web Browsing Web Browsing – Surfing the web can often lead to unsafe websites. In addition, There are many E-mail messages that direct users to unsafe websites. [Phishing] Removable Media Removable Media is designed to be removed from the computer without powering the computer off. Despite advantages, Removable media are widely used to spread malware. [Hardware Based Attack]
SYSTEM THREATS Botnet (Malware) Botnets – One of the popular payloads of malware today that is carried by Trojan horses, worms and viruses is a program that will allow the infected computer To be placed under the remote control of an attacker. This infected “robot” Computer is known as a zombie. When hundreds, thousands, or even tens of Thousands of zombie computers are under the control of an attacker, this creates A botnet. [Malware] Botnets enables attackers to send massive amounts of spam, harvest e-mail addresses, spread malware, manipulate online polls, denying services, flooding Servers with request until servers cannot respond or function properly. Denial of Service Attacks A denial-of-service (DOS) attack attempts to consume network resources so that The network or its devices cannot respond to legitimate requests. NOTE: Although DoS attacks are not widespread on wireless networks, inadvertent Interference from other RF devices (cordless telephones, microwave ovens, baby monitors) Can sometimes actually cause DoS. When slow transmission happens either turn them Off or cut them off. Zero-Day Attack - This type of attack occurs when an attacker discovers and exploits A previously unknown flaw, providing “zero days’ of warning. Zero Day Attacks
SYSTEM THREATS Network Attacks – Networks have been the favorite targets of attackers for several reasons. An attacker who can successfully penetrate a computer network might have access to hundreds and or even thousands of desktop systems, servers, and storage devices. Also, Networks have had notoriously weak security, such as default passwords left set on Network devices. And because networks offer many services to users, it is sometimes Difficult to ensure that each service is properly protected against attackers. Network Vulnerabilities: weak passwords, default accounts, backdoors, and privilege escalation. Network Categories and Methods of Attacks: denial-of-service, spoofing, man-in-the-middle, and replay attacks, protocol-based or wireless etc… Network Attacks Communication Based Attacks Communication Based Attacks – Some of the most common communications-based Attacks are SMTP open relays, instant messaging, and peer-to-peer (P2P) networks. Wireless Attacks Wireless Attacks – As wireless networks have become commonplace, new attacks have Been created to target networks. These attacks include rogue access points, war driving, Bluesnarfing, and blue jacking.
www.phishing@irs.gov www.spam@irs.gov Malicious E-Mail <A> Billing: Pxxx xxx <A> xxx xxx Road <A> Suite 400 <A> xxx, CA xxx <A> US <A> Phone: xxxxxx7605 <A> e-mail: pxxx.xxx@atf.gov <A> Payment Method: Credit Card <A> Name On Card: Pxxx x. xxx <A> Credit Card #: 5568xxxxxxxxxxxx <A> Credit Type: MasterCard <A> Expires: 05/2009 <A> CVV2: 421 Many Emails may lead to unsafe websites Either containing Malicious Code or trying to Obtain personal information. (Look at the address link) IRS CSIRC Bulletin - 03022011-001-Bulletin Malicious Email Entitled "W-2 form update" in Circulation What is the problem? The CSIRC team is aware of malicious code circulating via phishing email messages entitled "Important: W-2 form update". These email messages appear to come from the Internal Revenue Service and offer a link that suggests it will take you to the "updated version of the W-2 form". The link contained within the email messages seem to be legitimate but is in fact a way of luring unsuspecting users into downloading malicious software in the form of a Trojan. Pictured below is an example of the recent phishing message currently in circulation, the incorrect punctuation and misspellings are an immediate red flag. However, this threat could take virtually any form as the subject and content could vary according to the objective of the true sender. FALSE – This notice is yet another redirection scam (also known as “phishing”) Intended to deceive recipients into disclosing their card information, account Information, social security numbers, passwords and other sensitive information. ##
www.phishing@irs.gov www.spam@irs.gov Malicious E-Mail Attackers take advantage of major events to get monies or to expose your computer to a Malicious Code. ##
Fake Security Software One of the most common ways for cybercriminals to steal money from people is through the use of fake security software, according to the most recent Microsoft Security Intelligence Report. This kind of software is also known as “scareware” or “rogue security software.” Cybercriminals use it to scare people into downloading more malicious software onto their computer or pay for a fake product. For more information, see Watch out for fake virus alerts. Here are examples of the graphics used by cybercriminals trick you into downloading their security software. Microsoft Security Tips