Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
INFORMATION SECURITY
AWARENESSInformation Security
Education & Awareness
Team
C-DAC Hyderabad keeping yourself and your family safe in a tech driven world
www.infosecawareness.in
Cyber society
In today’s world, we depend on Internet at home, in school and at work place
How and for what purpose do you use the Internet ??
Education
Fun/Entertainment
Online Banking
Online ShoppingCommunication
Social Networking
While using the Internet what are the primary online risks you face
Malware
Yes, the answer is
What is a malware ??
Malware in short known for malicious
software. It is software designed to infiltrate a computer system without the owner's informed
consent.
Types of Malwares ?
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
Ransomware
Ransomware
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
These type of malware alter the normal operation of your machine, thus barring
you to use it properly. Thereafter, these programs display warning messages
asking for money to get your device back to normal working condition.
After reading this, you might be thinking why people create Malware.
Here are some reasons which may compel a coder to write malware
codes:
• Take control of a person’s computer for personal or professional
reasons
• To get financial benefits.
• To steal confidential data.
• To prove their point regarding a security breach can be done on a
system.
• To take down an individual computer or a complete network.
Let’s Discuss about recent ransomware attack happened ?
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
WannaCry/WannaCrypt Ransomware ?
The WannaCry ransomware attack is an ongoing worldwide
cyberattack by the WannaCry ransomware cryptoworm,
which targets computers running the Microsoft Windows
operating system by encrypting data and demanding ransom
payments in the Bitcoin cryptocurrency.
How the WannaCry attack Spread the Countries
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
Cont..
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
• On Friday morning Spanish mobile operator Telefonica was among the first
large organizations to report infection by WannaCry
• By late morning, hospitals and clinics across the UK began reporting
problems to the national cyber incident response centre
• In Europe, French carmaker Renault was hit, in Germany,Deutsche Bahn
became another high-profile victim
• In Russia, the ministry of the interior, mobile phone provider Megafon and
Sberbank became infected
• Although WannaCry's spread had already been checked ,the US was not
entirely spared, with FedEx being the highest-profile victim
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
• Wannacry encrypts the files on infected Windowssystems. This ransomware spreads by using avulnerability in implementations of Server MessageBlock (SMB) in Windows systems. This exploit isnamed as ETERNALBLUE.
• The ransomware called WannaCrypt or WannaCryencrypts the computer's hard disk drive and thenspreads laterally between computers on the sameLAN. The ransomware also spreads throughmalicious attachments to emails.
• In order to prevent infection, users and organizationsare advised to apply patches to Windows systems asmentioned inMicrosoft Security Bulletin MS17-010.
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
The file extensions that the malware is targeting contain certain
clusters of formats including:
• Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
• Less common and nation-specific office formats (.sxw, .odt, .hwp).
• Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
• Emails and email databases (.eml, .msg, .ost, .pst, .edb).
• Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
• Developers' sourcecode and project files (.php, .java, .cpp, .pas,
.asm).
• Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg,
.aes).
• Graphic designers, artists and photographers files (.vsd, .odg, .raw,
.nef, .svg, .psd).
• Virtual machine files (.vmx, .vmdk, .vdi).
Best practices to prevent ransomware attacks:
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
• Maintain updated Antivirus software on all systems
• Check regularly for the integrity of the information stored in the databases.
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
• Regularly check the contents ofbackup files of databases for anyunauthorized encrypted contentsof data records or externalelements, (backdoors /maliciousscripts.)
• Ensure integrity of the codes/scripts being used in database,authentication and sensitivesystems
Cont..
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
• Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.
• Application whitelisting/Strict implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA% and %TEMP% paths. Ransomware sample drops and executes generally from these locations.
Cont..
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
•Don't open attachments in unsolicited e-mails, even if they come from people inyour contact list, and never click on a URLcontained in an unsolicited e-mail, even ifthe link seems benign. In cases of genuineURLs close out the e-mail and go to theorganization's website directly throughbrowser
•Follow safe practices when browsing theweb. Ensure the web browsers are securedenough with appropriate content controls.
Cont..
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
Cont..
•Network segmentation and segregationinto security zones - help protect sensitiveinformation and critical services. Separateadministrative network from businessprocesses with physical controls andVirtual Local Area Networks.
•Disable ActiveX content in MicrosoftOffice applications such as Word, Excel,etc.
•Disable remote Desktop Connections,employ least-privileged accounts.
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
•If not required consider disabling, PowerShell /windows script hosting.
•Restrict users' abilities (permissions) to install and run unwanted software applications.
Cont..
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
• Enable personal firewalls on workstations.
• Implement strict External Device (USB drive) usage policy.
• Employ data-at-rest and data-in-transit encryption.
• Consider installing Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools.
Cont..
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
• Block the attachments of file types,exe|pif|tmp|url|scr|reg|cer|cmd|pst|com|bat|dll|dat|hlp|hta|js|wsf
• Carry out vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical networks/systems, especially database servers from CERT-IN empaneled auditors. Repeat audits at regular
Cont..
Generic Prevention Tools:
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
Sophos: Hitman.Pro
https://www.hitmanpro.com/en-us/surfright/alert.aspx4
Bitdefender Anti-Crypto Vaccine and Anti-Ransomware (discontinued)
https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/
Malwarebytes Anti-Ransomware(formally Crypto Monitor)
https://blog.malwarebytes.com/malwarebytes-news/2016/01/introducing-the-malwarebytes-anti-ransomware-beta/
Trendmicro Ransomware Screen Unlocker tool
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1105975.aspx
Microsoft Enhanced mitigation and experience toolkit(EMET)
https://www.microsoft.com/en-us/download/details.aspx?id=50766
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
Thank You